From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Fri, 20 Feb 2015 08:56:29 -0800
From: Tracy Reed <treed@ultraviolet.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: MCS error
Message-ID: <20150220165628.GI12937@tracyreed.org>
References: <20150219014803.GB12937@tracyreed.org>
 <54E5E3C4.40904@tycho.nsa.gov>
 <20150219154047.GA11807@linksys-wireless-usb.network2>
 <20150219193337.GC12937@tracyreed.org>
 <20150219204841.GA1649@linksys-wireless-usb.network2>
 <20150220003425.GF12937@tracyreed.org>
 <54E738EF.8070601@tycho.nsa.gov>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="7BtE0xW96okrVgVt"
In-Reply-To: <54E738EF.8070601@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>


--7BtE0xW96okrVgVt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 20, 2015 at 05:38:55AM PST, Stephen Smalley spake thusly:
> Can you show the actual constraints on RHEL6?  seinfo --constrain
> output, or grab the .src.rpm and pull out the mcs file.

Here is the seinfo --constrain output from RHEL6. Thanks for having a look!

Constraints: 90
constrain { netlink_audit_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { tcp_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { tcp_socket } { node_bind  }=20
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

mlsconstrain { db_procedure } { drop getattr setattr relabelfrom execute in=
stall  }=20
(  h1 h2  dom );

mlsconstrain { db_procedure } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { dir } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { dir } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { dir } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { dir } { write setattr append unlink link rename add_name rem=
ove_name  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { dir } { ioctl read lock search  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

mlsconstrain { peer } { recv  }=20
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { ope=
nshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t =
sandbox_web_t openshift_t sandbox_t } !=3D  &&  || );

constrain { blk_file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { blk_file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { blk_file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { blk_file } { write setattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { blk_file } { ioctl read getattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

constrain { chr_file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { chr_file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { chr_file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { chr_file } { write setattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { chr_file } { ioctl read getattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

mlsconstrain { db_table } { drop getattr setattr relabelfrom use select upd=
ate insert delete lock  }=20
(  h1 h2  dom );

mlsconstrain { db_table } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

mlsconstrain { db_tuple } { relabelfrom use select update delete  }=20
(  h1 h2  dom );

mlsconstrain { db_tuple } { relabelto insert  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { lnk_file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { lnk_file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { lnk_file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { lnk_file } { write setattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { lnk_file } { ioctl read getattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

constrain { process } { dyntransition  }=20
(  r1 r2 =3D=3D  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd=
_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } =3D=3D  =
t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t =
oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t=
 ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user=
_t unconfined_t openshift_t ricci_modcluster_t } =3D=3D  &&  || );

constrain { process } { dyntransition  }=20
(  u1 u2 =3D=3D  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd=
_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } =3D=3D  =
t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t =
oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t=
 ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user=
_t unconfined_t openshift_t ricci_modcluster_t } =3D=3D  &&  || );

constrain { process } { transition noatsecure siginh rlimitinh  }=20
(  r1 r2 =3D=3D  t1 { initrc_t rpm_t xdm_t newrole_t staff_sudo_t local_log=
in_t oddjob_t crond_t rshd_t sshd_t remote_login_t rlogind_t sulogin_t sysa=
dm_sudo_t } =3D=3D  t2 { nx_server_t openshift_app_t logadm_t sysadm_t weba=
dm_t qemu_t ricci_t oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_=
t openshift_initrc_t ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t =
staff_t svirt_t user_t unconfined_t openshift_t ricci_modcluster_t } =3D=3D=
  &&  ||  t1 crond_t =3D=3D  t2 { unconfined_cronjob_t cronjob_t } =3D=3D  =
&&  ||  t1 { logrotate_t logadm_t sysadm_t webadm_t rpm_t run_init_t rpm_sc=
ript_t semanage_t unconfined_t ncftool_t } =3D=3D  r2 system_r =3D=3D  &&  =
||  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_a=
pi_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t=
 zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_scrip=
t_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_=
t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_=
lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t=
 fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncproxy=
_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_r=
egistry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vm=
ware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_p=
rocd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_scr=
ipt_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t op=
enshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengi=
ne_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengin=
e_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_e=
venthandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_=
t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t d=
epmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_=
t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhns=
d_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_un=
confined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matah=
ari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t =
semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t clus=
ter_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t =
zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_ma=
ster_t } =3D=3D  || );

constrain { process } { transition noatsecure siginh rlimitinh  }=20
(  u1 u2 =3D=3D  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd=
_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } =3D=3D  =
t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t =
oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t=
 ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user=
_t unconfined_t openshift_t ricci_modcluster_t } =3D=3D  &&  ||  t1 crond_t=
 =3D=3D  t2 { unconfined_cronjob_t cronjob_t } =3D=3D  u2 system_u =3D=3D  =
||  &&  ||  t1 { logrotate_t logadm_t sysadm_t webadm_t rpm_t run_init_t rp=
m_script_t semanage_t unconfined_t ncftool_t } =3D=3D  u2 system_u =3D=3D  =
&&  ||  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t no=
va_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_conso=
le_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_s=
cript_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collec=
tor_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t vi=
rtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t a=
da_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncp=
roxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glan=
ce_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_=
t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t cond=
or_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm=
_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_=
t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cf=
engine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfe=
ngine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagi=
os_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_j=
ava_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script=
_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bc=
fg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t =
rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagio=
s_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t m=
atahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_host=
d_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t =
cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_jo=
b_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condo=
r_master_t } =3D=3D  || );

mlsconstrain { process } { signal  }=20
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

mlsconstrain { process } { sigkill sigstop  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t no=
va_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd=
_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_sch=
eduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_m=
onitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_n=
et_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslot=
d_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script=
_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t uncon=
fined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined=
_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t ap=
md_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t n=
umad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_=
t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_ch=
ild_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t mataha=
ri_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_=
rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t=
 sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_=
t condor_master_t } =3D=3D  || );

mlsconstrain { process } { ptrace  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t consolekit_t nova_=
compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirs=
rvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconf=
ined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keysto=
ne_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfi=
les_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t =
virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_=
t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volu=
me_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_a=
pi_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t =
zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronj=
ob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba=
_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execm=
em_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unco=
nfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_p=
lugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openv=
pn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_=
t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwh=
d_t l2tpd_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xen=
d_t watchdog_t policykit_resolve_t nagios_unconfined_plugin_t glusterd_t de=
vicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zar=
afa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t uncon=
fined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutr=
on_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver=
_t condor_schedd_t condor_startd_t condor_master_t } =3D=3D  || );

mlsconstrain { process } { transition dyntransition  }=20
(  h1 h2  dom  t1 { initrc_t getty_t openshift_initrc_t kernel_t oddjob_t i=
nit_t virtd_t condor_startd_t } =3D=3D  || );

mlsconstrain { packet } { recv  }=20
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { ope=
nshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t =
sandbox_web_t openshift_t sandbox_t } !=3D  &&  || );

constrain { socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { fifo_file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { fifo_file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { fifo_file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { fifo_file } { open  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

constrain { file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

mlsconstrain { file } { write setattr append unlink link rename  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { file } { ioctl read lock execute execute_no_trans  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

mlsconstrain { node } { recvfrom sendto  }=20
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

mlsconstrain { db_view } { drop getattr setattr relabelfrom expand  }=20
(  h1 h2  dom );

mlsconstrain { db_view } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_nflog_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { netlink_tcpdiag_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { unix_stream_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { db_database } { drop getattr setattr relabelfrom access inst=
all_module load_module get_param set_param  }=20
(  h1 h2  dom );

mlsconstrain { db_database } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

mlsconstrain { db_language } { drop getattr setattr relabelfrom execute  }=
=20
(  h1 h2  dom );

mlsconstrain { db_language } { drop getattr setattr relabelfrom execute  }=
=20
(  h1 h2  dom );

mlsconstrain { db_language } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_route_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { db_sequence } { drop getattr setattr relabelfrom get_value n=
ext_value set_value  }=20
(  h1 h2  dom );

mlsconstrain { db_sequence } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_selinux_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { netlink_ip6fw_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { netlink_firewall_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { sock_file } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { sock_file } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  &&  t1 { openshift_app_t qemu_t sandbox_x_t s=
virt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox=
_t } !=3D  || );

mlsconstrain { sock_file } { relabelfrom  }=20
(  h1 h2  dom );

mlsconstrain { sock_file } { write setattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t ini=
trc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t w=
ine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_=
execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nov=
a_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t gl=
ance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_c=
ert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system=
_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t=
 samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined=
_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t=
 firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcer=
td_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_un=
confined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t li=
vecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t dr=
bd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t th=
in_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t gl=
usterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svn=
serve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_sheph=
erd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t fogh=
orn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t userad=
d_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_maste=
r_t } =3D=3D  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sa=
ndbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  t2 { =
sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tc=
p_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim=
_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compu=
te_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrot=
ate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rsp=
awn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_scr=
ipt_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugi=
n_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dm=
idecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfi=
ned_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin=
_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce=
_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t p=
iranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t =
courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq=
_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t ab=
rt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_sta=
rtd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_x=
server_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t log=
adm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmwa=
re_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_=
t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t=
 exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t ku=
dzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_=
postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t=
 rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit=
_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_scr=
ipt_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_sys=
tem_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_=
script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t =
usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_=
t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_missi=
on_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t =
httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv=
_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhom=
edir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t h=
ttpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd=
_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t s=
endmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_co=
ntrold_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_pro=
c_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gi=
tosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t hapr=
oxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_=
t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_=
t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staf=
f_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_=
t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apc=
upsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_=
t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_c=
gi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios=
_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t a=
manda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t tele=
pathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xgues=
t_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t=
 dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system=
_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t =
httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_=
sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclus=
terd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t=
 samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymout=
hd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_=
prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcssl=
otd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox=
_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicek=
it_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfi=
x_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_gi=
t_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_=
t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined=
_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_=
unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t gro=
upadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirs=
rv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_=
t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t o=
penct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t=
 telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zab=
bix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t c=
lvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t =
gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t k=
dump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t mu=
nin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pi=
ngd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rsh=
d_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh=
_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t =
tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xa=
uth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t post=
fix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t =
watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t p=
olicykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config=
_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t g=
lusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest=
_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t=
 remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_=
t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond=
_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portres=
erve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_scr=
een_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_clien=
t_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogge=
r_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t c=
ourier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t us=
bmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmo=
nger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_=
t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xen=
consoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t=
 matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t=
 chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev=
_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_=
t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t ja=
bberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_co=
rrelator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ric=
ci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunne=
l_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandb=
ox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_=
t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t usera=
dd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t con=
dor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t gr=
eylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } =3D=3D  &&=
  || );

mlsconstrain { sock_file } { ioctl read getattr  }=20
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_pow=
er_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nov=
a_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_uncon=
fined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor=
_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keyg=
en_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t se=
tfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_po=
stdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfi=
ned_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t=
 oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink=
_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t no=
va_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_=
gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_index=
er_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notr=
ans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t =
postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nag=
ios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_=
java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_scrip=
t_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t b=
cfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t =
l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t=
 xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote=
_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_=
server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfine=
d_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t=
 ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t c=
ondor_schedd_t condor_startd_t condor_master_t } =3D=3D  ||  t1 { openshift=
_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbo=
x_web_t openshift_t sandbox_t } !=3D  t2 { sosreport_t git_session_t cfengi=
ne_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbo=
x_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfine=
d_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_=
t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modul=
es_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_=
t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_scr=
ipt_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltc=
lient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmon=
ger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmai=
l_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpg=
ui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t =
nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd=
_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_clea=
nup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t sh=
orewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtua=
l_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_lo=
cal_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepath=
y_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd=
_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_=
t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t c=
vs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t =
gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_=
t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t q=
emu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xd=
m_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t =
virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfi=
ned_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_age=
nt_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suex=
ec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfsta=
b_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t s=
etsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucont=
rol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhos=
ts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol=
_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_=
t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user=
_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_m=
ono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remo=
te_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount=
_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t sasl=
authd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t open=
shift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t h=
wclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_=
t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t =
staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats=
_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranh=
a_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t =
hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t=
 samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openh=
pid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t co=
ndor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t=
 zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysad=
m_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sbl=
im_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_=
execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_=
monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_r=
emote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_c=
onsolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t =
pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetoot=
h_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monito=
rd_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t=
 ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroub=
leshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_=
t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstbo=
ot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix=
_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugi=
n_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unco=
nfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courie=
r_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManag=
er_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd=
_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t =
insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsa=
ssd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t p=
asswd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpw=
d_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2=
_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t d=
ccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hpl=
ip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t l=
pd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd=
_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_=
t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t=
 smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t=
 swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t use=
r_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t=
 nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t cour=
ier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t=
 mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helpe=
r_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t =
rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_=
net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_m=
ail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t au=
tomount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t sys=
tem_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staf=
f_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahe=
ad_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t =
rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plug=
in_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t po=
stgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nov=
a_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seun=
share_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cd=
record_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_=
t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmir=
rord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t=
 passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t f=
coemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_=
t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_=
t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spam=
ass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t o=
penvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t rad=
iusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_=
t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap=
_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbin=
d_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_in=
it_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t pir=
anha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staf=
f_openoffice_t mailman_queue_t } =3D=3D  &&  || );

constrain { unix_dgram_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { netlink_kobject_uevent_socket } { create relabelfrom relabelto =
 }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { db_blob } { drop getattr setattr relabelfrom read write impo=
rt export  }=20
(  h1 h2  dom );

mlsconstrain { db_blob } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_xfrm_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { db_schema } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_dnrt_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { netif } { ingress egress  }=20
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

constrain { packet_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { tun_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { udp_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { udp_socket } { node_bind  }=20
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

constrain { appletalk_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

constrain { rawip_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );

mlsconstrain { rawip_socket } { node_bind  }=20
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandb=
ox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=3D  || );

mlsconstrain { db_column } { drop getattr setattr relabelfrom use select up=
date insert  }=20
(  h1 h2  dom );

mlsconstrain { db_column } { create relabelto  }=20
(  h1 h2  dom  l2 h2  =3D=3D  && );

constrain { netlink_socket } { create relabelfrom relabelto  }=20
(  u1 u2 =3D=3D  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_p=
ower_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t n=
ova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dir=
srvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_uncon=
fined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keyst=
one_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_even=
t_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsad=
m_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncprox=
y_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t d=
eltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhom=
edir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t h=
aproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid=
_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spoole=
r_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cr=
onjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t st=
aff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_n=
otrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk=
_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmc=
ertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_=
unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_=
t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t p=
asswd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ct=
dbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t r=
shd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t vir=
td_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t re=
mote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd=
_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t s=
etfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t=
 matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t =
openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlog=
ind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t tel=
netd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t=
 condor_master_t } =3D=3D  || );


--=20
Tracy Reed

--7BtE0xW96okrVgVt
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFU52c8BhSTPg0d/nQRArSLAJ9hKvil3iMumV8BtdyHJnHFTVB99gCdGXlJ
Mm7aAkmoiHscIdc3gHNYefo=
=W4KE
-----END PGP SIGNATURE-----

--7BtE0xW96okrVgVt--