Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/Makefile.example8
-rw-r--r--doc/example.fc6
-rw-r--r--doc/example.if54
-rw-r--r--doc/example.te28
-rw-r--r--doc/global_booleans.xml9
-rw-r--r--doc/global_tunables.xml108
-rw-r--r--doc/policy.dtd44
-rw-r--r--doc/policy.xml91784
-rw-r--r--doc/templates/bool_list.html23
-rw-r--r--doc/templates/boolean.html13
-rw-r--r--doc/templates/global_bool_list.html14
-rw-r--r--doc/templates/global_tun_list.html14
-rw-r--r--doc/templates/header.html15
-rw-r--r--doc/templates/int_list.html33
-rw-r--r--doc/templates/interface.html50
-rw-r--r--doc/templates/menu.html26
-rw-r--r--doc/templates/module.html52
-rw-r--r--doc/templates/module_list.html19
-rw-r--r--doc/templates/style.css216
-rw-r--r--doc/templates/temp_list.html33
-rw-r--r--doc/templates/template.html50
-rw-r--r--doc/templates/tun_list.html23
-rw-r--r--doc/templates/tunable.html13
23 files changed, 92635 insertions, 0 deletions
diff --git a/doc/Makefile.example b/doc/Makefile.example
new file mode 100644
index 00000000..9f2a8d52
--- /dev/null
+++ b/doc/Makefile.example
@@ -0,0 +1,8 @@
+
+AWK ?= gawk
+
+NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
+SHAREDIR ?= /usr/share/selinux
+HEADERDIR := $(SHAREDIR)/$(NAME)/include
+
+include $(HEADERDIR)/Makefile
diff --git a/doc/example.fc b/doc/example.fc
new file mode 100644
index 00000000..9cf7c4c1
--- /dev/null
+++ b/doc/example.fc
@@ -0,0 +1,6 @@
+# myapp executable will have:
+# label: system_u:object_r:myapp_exec_t
+# MLS sensitivity: s0
+# MCS categories: <none>
+
+/usr/sbin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0)
diff --git a/doc/example.if b/doc/example.if
new file mode 100644
index 00000000..54d42ae6
--- /dev/null
+++ b/doc/example.if
@@ -0,0 +1,54 @@
+## <summary>Myapp example policy</summary>
+## <desc>
+## <p>
+## More descriptive text about myapp. The desc
+## tag can also use p, ul, and ol
+## html tags for formatting.
+## </p>
+## <p>
+## This policy supports the following myapp features:
+## <ul>
+## <li>Feature A</li>
+## <li>Feature B</li>
+## <li>Feature C</li>
+## </ul>
+## </p>
+## </desc>
+#
+
+########################################
+## <summary>
+## Execute a domain transition to run myapp.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`myapp_domtrans',`
+ gen_require(`
+ type myapp_t, myapp_exec_t;
+ ')
+
+ domtrans_pattern($1,myapp_exec_t,myapp_t)
+')
+
+########################################
+## <summary>
+## Read myapp log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to read the log files.
+## </summary>
+## </param>
+#
+interface(`myapp_read_log',`
+ gen_require(`
+ type myapp_log_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 myapp_log_t:file read_file_perms;
+')
diff --git a/doc/example.te b/doc/example.te
new file mode 100644
index 00000000..82383553
--- /dev/null
+++ b/doc/example.te
@@ -0,0 +1,28 @@
+
+policy_module(myapp,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type myapp_t;
+type myapp_exec_t;
+domain_type(myapp_t)
+domain_entry_file(myapp_t, myapp_exec_t)
+
+type myapp_log_t;
+logging_log_file(myapp_log_t)
+
+type myapp_tmp_t;
+files_tmp_file(myapp_tmp_t)
+
+########################################
+#
+# Myapp local policy
+#
+
+allow myapp_t myapp_log_t:file { read_file_perms append_file_perms };
+
+allow myapp_t myapp_tmp_t:file manage_file_perms;
+files_tmp_filetrans(myapp_t,myapp_tmp_t,file)
diff --git a/doc/global_booleans.xml b/doc/global_booleans.xml
new file mode 100644
index 00000000..76c5a81a
--- /dev/null
+++ b/doc/global_booleans.xml
@@ -0,0 +1,9 @@
+<bool name="secure_mode" dftval="false">
+<desc>
+<p>
+Enabling secure mode disallows programs, such as
+newrole, from transitioning to administrative
+user domains.
+</p>
+</desc>
+</bool>
diff --git a/doc/global_tunables.xml b/doc/global_tunables.xml
new file mode 100644
index 00000000..c026deaf
--- /dev/null
+++ b/doc/global_tunables.xml
@@ -0,0 +1,108 @@
+<tunable name="allow_execheap" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execmem" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execmod" dftval="false">
+<desc>
+<p>
+Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execstack" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_polyinstantiation" dftval="false">
+<desc>
+<p>
+Enable polyinstantiated directory support.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ypbind" dftval="false">
+<desc>
+<p>
+Allow system to run with NIS
+</p>
+</desc>
+</tunable>
+<tunable name="console_login" dftval="true">
+<desc>
+<p>
+Allow logging in and using the system from /dev/console.
+</p>
+</desc>
+</tunable>
+<tunable name="global_ssp" dftval="false">
+<desc>
+<p>
+Enable reading of urandom for all domains.
+</p>
+<p>
+This should be enabled when all programs
+are compiled with ProPolice/SSP
+stack smashing protection. All domains will
+be allowed to read from /dev/urandom.
+</p>
+</desc>
+</tunable>
+<tunable name="mail_read_content" dftval="false">
+<desc>
+<p>
+Allow email client to various content.
+nfs, samba, removable devices, and user temp
+files
+</p>
+</desc>
+</tunable>
+<tunable name="nfs_export_all_rw" dftval="false">
+<desc>
+<p>
+Allow any files/directories to be exported read/write via NFS.
+</p>
+</desc>
+</tunable>
+<tunable name="nfs_export_all_ro" dftval="false">
+<desc>
+<p>
+Allow any files/directories to be exported read/only via NFS.
+</p>
+</desc>
+</tunable>
+<tunable name="use_nfs_home_dirs" dftval="false">
+<desc>
+<p>
+Support NFS home directories
+</p>
+</desc>
+</tunable>
+<tunable name="use_samba_home_dirs" dftval="false">
+<desc>
+<p>
+Support SAMBA home directories
+</p>
+</desc>
+</tunable>
+<tunable name="user_tcp_server" dftval="false">
+<desc>
+<p>
+Allow users to run TCP servers (bind to ports and accept connection from
+the same domain and outside users) disabling this forces FTP passive mode
+and may change other protocols.
+</p>
+</desc>
+</tunable>
diff --git a/doc/policy.dtd b/doc/policy.dtd
new file mode 100644
index 00000000..b797f712
--- /dev/null
+++ b/doc/policy.dtd
@@ -0,0 +1,44 @@
+<!ENTITY % inline.class "pre|p|ul|ol|li">
+
+<!ELEMENT policy (layer+,(tunable|bool)*)>
+<!ELEMENT layer (summary,module+)>
+<!ATTLIST layer
+ name CDATA #REQUIRED>
+<!ELEMENT module (summary,desc?,required?,(interface|template)*,(bool|tunable)*)>
+<!ATTLIST module
+ name CDATA #REQUIRED
+ filename CDATA #REQUIRED>
+<!ELEMENT required (#PCDATA)>
+<!ATTLIST required
+ val (true|false) "false">
+<!ELEMENT tunable (desc)>
+<!ATTLIST tunable
+ name CDATA #REQUIRED
+ dftval CDATA #REQUIRED>
+<!ELEMENT bool (desc)>
+<!ATTLIST bool
+ name CDATA #REQUIRED
+ dftval CDATA #REQUIRED>
+<!ELEMENT summary (#PCDATA)>
+<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)>
+<!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED>
+<!ELEMENT template (summary,desc?,param+,(rolebase|rolecap)?)>
+<!ATTLIST template name CDATA #REQUIRED lineno CDATA #REQUIRED>
+<!ELEMENT desc (#PCDATA|%inline.class;)*>
+<!ELEMENT param (summary)>
+<!ATTLIST param
+ name CDATA #REQUIRED
+ optional (true|false) "false"
+ unused (true|false) "false">
+<!ELEMENT infoflow EMPTY>
+<!ATTLIST infoflow
+ type CDATA #REQUIRED
+ weight CDATA #IMPLIED>
+<!ELEMENT rolebase EMPTY>
+<!ELEMENT rolecap EMPTY>
+
+<!ATTLIST pre caption CDATA #IMPLIED>
+<!ELEMENT p (#PCDATA|%inline.class;)*>
+<!ELEMENT ul (li+)>
+<!ELEMENT ol (li+)>
+<!ELEMENT li (#PCDATA|%inline.class;)*>
diff --git a/doc/policy.xml b/doc/policy.xml
new file mode 100644
index 00000000..92615add
--- /dev/null
+++ b/doc/policy.xml
@@ -0,0 +1,91784 @@
+<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
+<!DOCTYPE policy SYSTEM "policy.dtd">
+<policy>
+<layer name="admin">
+<summary>
+ Policy modules for administrative functions, such as package management.
+</summary>
+<module name="bootloader" filename="policy/modules/admin/bootloader.if">
+<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
+<interface name="bootloader_domtrans" lineno="13">
+<summary>
+Execute bootloader in the bootloader domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bootloader_run" lineno="39">
+<summary>
+Execute bootloader interactively and do
+a domain transition to the bootloader domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="bootloader_read_config" lineno="58">
+<summary>
+Read the bootloader configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bootloader_rw_config" lineno="78">
+<summary>
+Read and write the bootloader
+configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="bootloader_rw_tmp_files" lineno="97">
+<summary>
+Read and write the bootloader
+temporary data in /tmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bootloader_create_runtime_file" lineno="117">
+<summary>
+Read and write the bootloader
+temporary data in /tmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="consoletype" filename="policy/modules/admin/consoletype.if">
+<summary>
+Determine of the console connected to the controlling terminal.
+</summary>
+<interface name="consoletype_domtrans" lineno="15">
+<summary>
+Execute consoletype in the consoletype domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="consoletype_run" lineno="44">
+<summary>
+Execute consoletype in the consoletype domain, and
+allow the specified role the consoletype domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consoletype_exec" lineno="64">
+<summary>
+Execute consoletype in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dmesg" filename="policy/modules/admin/dmesg.if">
+<summary>Policy for dmesg.</summary>
+<interface name="dmesg_domtrans" lineno="13">
+<summary>
+Execute dmesg in the dmesg domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dmesg_exec" lineno="33">
+<summary>
+Execute dmesg in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="netutils" filename="policy/modules/admin/netutils.if">
+<summary>Network analysis utilities</summary>
+<interface name="netutils_domtrans" lineno="13">
+<summary>
+Execute network utilities in the netutils domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="netutils_run" lineno="39">
+<summary>
+Execute network utilities in the netutils domain, and
+allow the specified role the netutils domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="netutils_exec" lineno="58">
+<summary>
+Execute network utilities in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="netutils_signal" lineno="77">
+<summary>
+Send generic signals to network utilities.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="netutils_domtrans_ping" lineno="95">
+<summary>
+Execute ping in the ping domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="netutils_kill_ping" lineno="114">
+<summary>
+Send a kill (SIGKILL) signal to ping.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="netutils_signal_ping" lineno="132">
+<summary>
+Send generic signals to ping.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="netutils_run_ping" lineno="157">
+<summary>
+Execute ping in the ping domain, and
+allow the specified role the ping domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="netutils_run_ping_cond" lineno="183">
+<summary>
+Conditionally execute ping in the ping domain, and
+allow the specified role the ping domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="netutils_exec_ping" lineno="206">
+<summary>
+Execute ping in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="netutils_domtrans_traceroute" lineno="225">
+<summary>
+Execute traceroute in the traceroute domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="netutils_run_traceroute" lineno="251">
+<summary>
+Execute traceroute in the traceroute domain, and
+allow the specified role the traceroute domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="netutils_run_traceroute_cond" lineno="277">
+<summary>
+Conditionally execute traceroute in the traceroute domain, and
+allow the specified role the traceroute domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="netutils_exec_traceroute" lineno="300">
+<summary>
+Execute traceroute in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="user_ping" dftval="false">
+<desc>
+<p>
+Control users use of ping and traceroute
+</p>
+</desc>
+</tunable>
+</module>
+<module name="su" filename="policy/modules/admin/su.if">
+<summary>Run shells with substitute user and group</summary>
+<template name="su_restricted_domain_template" lineno="31">
+<summary>
+Restricted su domain template.
+</summary>
+<desc>
+<p>
+This template creates a derived domain which is allowed
+to change the linux user id, to run shells as a different
+user.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+</template>
+<template name="su_role_template" lineno="162">
+<summary>
+The role template for the su module.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="su_exec" lineno="328">
+<summary>
+Execute su in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="sudo" filename="policy/modules/admin/sudo.if">
+<summary>Execute a command with a substitute user</summary>
+<template name="sudo_role_template" lineno="31">
+<summary>
+The role template for the sudo module.
+</summary>
+<desc>
+<p>
+This template creates a derived domain which is allowed
+to change the linux user id, to run commands as a different
+user.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The user role.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The user domain associated with the role.
+</summary>
+</param>
+</template>
+<interface name="sudo_sigchld" lineno="172">
+<summary>
+Send a SIGCHLD signal to the sudo domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="usermanage" filename="policy/modules/admin/usermanage.if">
+<summary>Policy for managing user accounts.</summary>
+<interface name="usermanage_domtrans_chfn" lineno="13">
+<summary>
+Execute chfn in the chfn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_chfn" lineno="42">
+<summary>
+Execute chfn in the chfn domain, and
+allow the specified role the chfn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_domtrans_groupadd" lineno="61">
+<summary>
+Execute groupadd in the groupadd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_groupadd" lineno="91">
+<summary>
+Execute groupadd in the groupadd domain, and
+allow the specified role the groupadd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="usermanage_domtrans_passwd" lineno="110">
+<summary>
+Execute passwd in the passwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_kill_passwd" lineno="133">
+<summary>
+Send sigkills to passwd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_passwd" lineno="157">
+<summary>
+Execute passwd in the passwd domain, and
+allow the specified role the passwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_domtrans_admin_passwd" lineno="177">
+<summary>
+Execute password admin functions in
+the admin passwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_admin_passwd" lineno="204">
+<summary>
+Execute passwd admin functions in the admin
+passwd domain, and allow the specified role
+the admin passwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="usermanage_dontaudit_use_useradd_fds" lineno="223">
+<summary>
+Do not audit attempts to use useradd fds.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_domtrans_useradd" lineno="241">
+<summary>
+Execute useradd in the useradd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_useradd" lineno="271">
+<summary>
+Execute useradd in the useradd domain, and
+allow the specified role the useradd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="usermanage_read_crack_db" lineno="290">
+<summary>
+Read the crack database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+</layer>
+<layer name="apps">
+<summary>Policy modules for applications</summary>
+<module name="seunshare" filename="policy/modules/apps/seunshare.if">
+<summary>Filesystem namespacing/polyinstantiation application.</summary>
+<interface name="seunshare_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run seunshare.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seunshare_run" lineno="37">
+<summary>
+Execute seunshare in the seunshare domain, and
+allow the specified role the seunshare domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seunshare_role" lineno="69">
+<summary>
+Role access for seunshare
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+</module>
+</layer>
+<layer name="contrib">
+<summary>Contributed Reference Policy modules.</summary>
+<module name="abrt" filename="policy/modules/contrib/abrt.if">
+<summary>ABRT - automated bug-reporting tool</summary>
+<interface name="abrt_domtrans" lineno="13">
+<summary>
+Execute abrt in the abrt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="abrt_exec" lineno="32">
+<summary>
+Execute abrt in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_signull" lineno="51">
+<summary>
+Send a null signal to abrt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_state" lineno="69">
+<summary>
+Allow the domain to read abrt state files in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_stream_connect" lineno="87">
+<summary>
+Connect to abrt over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_dbus_chat" lineno="107">
+<summary>
+Send and receive messages from
+abrt over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_domtrans_helper" lineno="127">
+<summary>
+Execute abrt-helper in the abrt-helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="abrt_run_helper" lineno="152">
+<summary>
+Execute abrt helper in the abrt_helper domain, and
+allow the specified role the abrt_helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="abrt_cache_manage" lineno="172">
+<summary>
+Send and receive messages from
+abrt over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_config" lineno="190">
+<summary>
+Read abrt configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_log" lineno="209">
+<summary>
+Read abrt logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_pid_files" lineno="228">
+<summary>
+Read abrt PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_manage_pid_files" lineno="247">
+<summary>
+Create, read, write, and delete abrt PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_admin" lineno="273">
+<summary>
+All of the rules required to administrate
+an abrt environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the abrt domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="accountsd" filename="policy/modules/contrib/accountsd.if">
+<summary>AccountsService and daemon for manipulating user account information via D-Bus</summary>
+<interface name="accountsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run accountsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_dontaudit_rw_fifo_file" lineno="32">
+<summary>
+Do not audit attempts to read and write Accounts Daemon
+fifo file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_dbus_chat" lineno="51">
+<summary>
+Send and receive messages from
+accountsd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_search_lib" lineno="71">
+<summary>
+Search accountsd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_read_lib_files" lineno="90">
+<summary>
+Read accountsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_manage_lib_files" lineno="110">
+<summary>
+Create, read, write, and delete
+accountsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_admin" lineno="136">
+<summary>
+All of the rules required to administrate
+an accountsd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="acct" filename="policy/modules/contrib/acct.if">
+<summary>Berkeley process accounting</summary>
+<interface name="acct_domtrans" lineno="13">
+<summary>
+Transition to the accounting management domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="acct_exec" lineno="32">
+<summary>
+Execute accounting management tools in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acct_exec_data" lineno="53">
+<summary>
+Execute accounting management data in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acct_manage_data" lineno="72">
+<summary>
+Create, read, write, and delete process accounting data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ada" filename="policy/modules/contrib/ada.if">
+<summary>GNAT Ada95 compiler</summary>
+<interface name="ada_domtrans" lineno="13">
+<summary>
+Execute the ada program in the ada domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ada_run" lineno="38">
+<summary>
+Execute ada in the ada domain, and
+allow the specified role the ada domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="afs" filename="policy/modules/contrib/afs.if">
+<summary>Andrew Filesystem server</summary>
+<interface name="afs_domtrans" lineno="14">
+<summary>
+Execute a domain transition to run the
+afs client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="afs_rw_udp_sockets" lineno="33">
+<summary>
+Read and write afs client UDP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="afs_rw_cache" lineno="51">
+<summary>
+read/write afs cache files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="afs_initrc_domtrans" lineno="70">
+<summary>
+Execute afs server in the afs domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="afs_admin" lineno="95">
+<summary>
+All of the rules required to administrate
+an afs environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the afs domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="aiccu" filename="policy/modules/contrib/aiccu.if">
+<summary>Automatic IPv6 Connectivity Client Utility.</summary>
+<interface name="aiccu_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run aiccu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_initrc_domtrans" lineno="32">
+<summary>
+Execute aiccu server in the aiccu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_read_pid_files" lineno="50">
+<summary>
+Read aiccu PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_admin" lineno="76">
+<summary>
+All of the rules required to administrate
+an aiccu environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="aide" filename="policy/modules/contrib/aide.if">
+<summary>Aide filesystem integrity checker</summary>
+<interface name="aide_domtrans" lineno="13">
+<summary>
+Execute aide in the aide domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aide_run" lineno="37">
+<summary>
+Execute aide programs in the AIDE domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the AIDE domain.
+</summary>
+</param>
+</interface>
+<interface name="aide_admin" lineno="58">
+<summary>
+All of the rules required to administrate
+an aide environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="aisexec" filename="policy/modules/contrib/aisexec.if">
+<summary>Aisexec Cluster Engine</summary>
+<interface name="aisexec_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run aisexec.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aisexec_stream_connect" lineno="32">
+<summary>
+Connect to aisexec over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aisexec_read_log" lineno="51">
+<summary>
+Allow the specified domain to read aisexec's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aisexecd_admin" lineno="78">
+<summary>
+All of the rules required to administrate
+an aisexec environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the aisexecd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="alsa" filename="policy/modules/contrib/alsa.if">
+<summary>Ainit ALSA configuration tool.</summary>
+<interface name="alsa_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run Alsa.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="alsa_run" lineno="39">
+<summary>
+Execute a domain transition to run
+Alsa, and allow the specified role
+the Alsa domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_rw_semaphores" lineno="58">
+<summary>
+Read and write Alsa semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_rw_shared_mem" lineno="76">
+<summary>
+Read and write Alsa shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_read_rw_config" lineno="94">
+<summary>
+Read writable Alsa config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_manage_rw_config" lineno="119">
+<summary>
+Manage writable Alsa config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_manage_home_files" lineno="144">
+<summary>
+Manage alsa home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_read_home_files" lineno="163">
+<summary>
+Read Alsa home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_relabel_home_files" lineno="182">
+<summary>
+Relabel alsa home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="alsa_read_lib" lineno="201">
+<summary>
+Read Alsa lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="amanda" filename="policy/modules/contrib/amanda.if">
+<summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
+<interface name="amanda_domtrans_recover" lineno="14">
+<summary>
+Execute a domain transition to run
+Amanda recover.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amanda_run_recover" lineno="41">
+<summary>
+Execute a domain transition to run
+Amanda recover, and allow the specified
+role the Amanda recover domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="amanda_search_lib" lineno="60">
+<summary>
+Search Amanda library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amanda_dontaudit_read_dumpdates" lineno="79">
+<summary>
+Do not audit attempts to read /etc/dumpdates.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="amanda_rw_dumpdates_files" lineno="97">
+<summary>
+Read and write /etc/dumpdates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amanda_manage_lib" lineno="116">
+<summary>
+Search Amanda library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amanda_append_log_files" lineno="135">
+<summary>
+Read and append amanda logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amanda_search_var_lib" lineno="154">
+<summary>
+Search Amanda var library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="amavis" filename="policy/modules/contrib/amavis.if">
+<summary>
+Daemon that interfaces mail transfer agents and content
+checkers, such as virus scanners.
+</summary>
+<interface name="amavis_domtrans" lineno="16">
+<summary>
+Execute a domain transition to run amavis.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amavis_initrc_domtrans" lineno="35">
+<summary>
+Execute amavis server in the amavis domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amavis_read_spool_files" lineno="53">
+<summary>
+Read amavis spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_manage_spool_files" lineno="72">
+<summary>
+Manage amavis spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_spool_filetrans" lineno="103">
+<summary>
+Create objects in the amavis spool directories
+with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="amavis_search_lib" lineno="122">
+<summary>
+Search amavis lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_read_lib_files" lineno="141">
+<summary>
+Read amavis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_manage_lib_files" lineno="162">
+<summary>
+Create, read, write, and delete
+amavis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_setattr_pid_files" lineno="181">
+<summary>
+Set the attributes of amavis pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_create_pid_files" lineno="200">
+<summary>
+Create of amavis pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_admin" lineno="226">
+<summary>
+All of the rules required to administrate
+an amavis environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="amtu" filename="policy/modules/contrib/amtu.if">
+<summary>Abstract Machine Test Utility.</summary>
+<interface name="amtu_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run Amtu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amtu_run" lineno="39">
+<summary>
+Execute a domain transition to run
+Amtu, and allow the specified role
+the Amtu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="anaconda" filename="policy/modules/contrib/anaconda.if">
+<summary>Anaconda installer.</summary>
+</module>
+<module name="apache" filename="policy/modules/contrib/apache.if">
+<summary>Apache web server</summary>
+<template name="apache_content_template" lineno="14">
+<summary>
+Create a set of derived types for apache
+web content.
+</summary>
+<param name="prefix">
+<summary>
+The prefix to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="apache_role" lineno="211">
+<summary>
+Role access for apache
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="apache_read_user_scripts" lineno="271">
+<summary>
+Read httpd user scripts executables.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_user_content" lineno="291">
+<summary>
+Read user web content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans" lineno="311">
+<summary>
+Transition to apache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_signal" lineno="330">
+<summary>
+Send a generic signal to apache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_signull" lineno="348">
+<summary>
+Send a null signal to apache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_sigchld" lineno="366">
+<summary>
+Send a SIGCHLD signal to apache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_use_fds" lineno="384">
+<summary>
+Inherit and use file descriptors from Apache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_fifo_file" lineno="403">
+<summary>
+Do not audit attempts to read and write Apache
+unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_stream_sockets" lineno="422">
+<summary>
+Do not audit attempts to read and write Apache
+unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_tcp_sockets" lineno="441">
+<summary>
+Do not audit attempts to read and write Apache
+TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_all_content" lineno="460">
+<summary>
+Create, read, write, and delete all web content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_setattr_cache_dirs" lineno="485">
+<summary>
+Allow domain to set the attributes
+of the APACHE cache directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_cache" lineno="504">
+<summary>
+Allow the specified domain to list
+Apache cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_rw_cache_files" lineno="523">
+<summary>
+Allow the specified domain to read
+and write Apache cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_delete_cache_files" lineno="542">
+<summary>
+Allow the specified domain to delete
+Apache cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_config" lineno="562">
+<summary>
+Allow the specified domain to read
+apache configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_manage_config" lineno="584">
+<summary>
+Allow the specified domain to manage
+apache configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_helper" lineno="606">
+<summary>
+Execute the Apache helper program with
+a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_run_helper" lineno="633">
+<summary>
+Execute the Apache helper program with
+a domain transition, and allow the
+specified role the Apache helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_read_log" lineno="654">
+<summary>
+Allow the specified domain to read
+apache log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_append_log" lineno="676">
+<summary>
+Allow the specified domain to append
+to apache log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_append_log" lineno="697">
+<summary>
+Do not audit attempts to append to the
+Apache logs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_log" lineno="716">
+<summary>
+Allow the specified domain to manage
+to apache log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_search_modules" lineno="738">
+<summary>
+Do not audit attempts to search Apache
+module directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_modules" lineno="758">
+<summary>
+Allow the specified domain to list
+the contents of the apache modules
+directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_exec_modules" lineno="777">
+<summary>
+Allow the specified domain to execute
+apache modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_rotatelogs" lineno="797">
+<summary>
+Execute a domain transition to run httpd_rotatelogs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_sys_content" lineno="816">
+<summary>
+Allow the specified domain to list
+apache system content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_sys_content" lineno="838">
+<summary>
+Allow the specified domain to manage
+apache system content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_domtrans_sys_script" lineno="862">
+<summary>
+Execute all web scripts in the system
+script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="884">
+<summary>
+Do not audit attempts to read and write Apache
+system script unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_all_scripts" lineno="903">
+<summary>
+Execute all user scripts in the user
+script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_run_all_scripts" lineno="928">
+<summary>
+Execute all user scripts in the user
+script domain. Add user script domains
+to the specified role.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access..
+</summary>
+</param>
+</interface>
+<interface name="apache_read_squirrelmail_data" lineno="948">
+<summary>
+Allow the specified domain to read
+apache squirrelmail data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_append_squirrelmail_data" lineno="967">
+<summary>
+Allow the specified domain to append
+apache squirrelmail data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_search_sys_content" lineno="985">
+<summary>
+Search apache system content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_sys_content" lineno="1003">
+<summary>
+Read apache system content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_search_sys_scripts" lineno="1023">
+<summary>
+Search apache system CGI directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_all_user_content" lineno="1042">
+<summary>
+Create, read, write, and delete all user web content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_search_sys_script_state" lineno="1066">
+<summary>
+Search system script state directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_tmp_files" lineno="1085">
+<summary>
+Allow the specified domain to read
+apache tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_write_tmp_files" lineno="1105">
+<summary>
+Dontaudit attempts to write
+apache tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_cgi_domain" lineno="1138">
+<summary>
+Execute CGI in the specified domain.
+</summary>
+<desc>
+<p>
+Execute CGI in the specified domain.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain run the cgi script in.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+Type of the executable to enter the cgi domain.
+</summary>
+</param>
+</interface>
+<interface name="apache_admin" lineno="1171">
+<summary>
+All of the rules required to administrate an apache environment
+</summary>
+<param name="prefix">
+<summary>
+Prefix of the domain. Example, user would be
+the prefix for the uder_t domain.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_anon_write" dftval="false">
+<desc>
+<p>
+Allow Apache to modify public files
+used for public file transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_mod_auth_pam" dftval="false">
+<desc>
+<p>
+Allow Apache to use mod_auth_pam
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_builtin_scripting" dftval="false">
+<desc>
+<p>
+Allow httpd to use built in scripting (usually php)
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect" dftval="false">
+<desc>
+<p>
+Allow HTTPD scripts and modules to connect to the network using TCP.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_db" dftval="false">
+<desc>
+<p>
+Allow HTTPD scripts and modules to connect to databases over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_relay" dftval="false">
+<desc>
+<p>
+Allow httpd to act as a relay
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_sendmail" dftval="false">
+<desc>
+<p>
+Allow http daemon to send mail
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_dbus_avahi" dftval="false">
+<desc>
+<p>
+Allow Apache to communicate with avahi service via dbus
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_cgi" dftval="false">
+<desc>
+<p>
+Allow httpd cgi support
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_ftp_server" dftval="false">
+<desc>
+<p>
+Allow httpd to act as a FTP server by
+listening on the ftp port.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_homedirs" dftval="false">
+<desc>
+<p>
+Allow httpd to read home directories
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_ssi_exec" dftval="false">
+<desc>
+<p>
+Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_tty_comm" dftval="false">
+<desc>
+<p>
+Unify HTTPD to communicate with the terminal.
+Needed for entering the passphrase for certificates at
+the terminal.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_unified" dftval="false">
+<desc>
+<p>
+Unify HTTPD handling of all content files.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_cifs" dftval="false">
+<desc>
+<p>
+Allow httpd to access cifs file systems
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_gpg" dftval="false">
+<desc>
+<p>
+Allow httpd to run gpg
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_nfs" dftval="false">
+<desc>
+<p>
+Allow httpd to access nfs file systems
+</p>
+</desc>
+</tunable>
+</module>
+<module name="apcupsd" filename="policy/modules/contrib/apcupsd.if">
+<summary>APC UPS monitoring daemon</summary>
+<interface name="apcupsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run apcupsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_initrc_domtrans" lineno="32">
+<summary>
+Execute apcupsd server in the apcupsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_read_pid_files" lineno="50">
+<summary>
+Read apcupsd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_read_log" lineno="70">
+<summary>
+Allow the specified domain to read apcupsd's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apcupsd_append_log" lineno="91">
+<summary>
+Allow the specified domain to append
+apcupsd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_cgi_script_domtrans" lineno="111">
+<summary>
+Execute a domain transition to run httpd_apcupsd_cgi_script.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_admin" lineno="141">
+<summary>
+All of the rules required to administrate
+an apcupsd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the apcupsd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="apm" filename="policy/modules/contrib/apm.if">
+<summary>Advanced power management daemon</summary>
+<interface name="apm_domtrans_client" lineno="13">
+<summary>
+Execute APM in the apm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apm_use_fds" lineno="32">
+<summary>
+Use file descriptors for apmd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apm_write_pipes" lineno="50">
+<summary>
+Write to apmd unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apm_rw_stream_sockets" lineno="68">
+<summary>
+Read and write to an apm unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apm_append_log" lineno="86">
+<summary>
+Append to apm's log file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apm_stream_connect" lineno="105">
+<summary>
+Connect to apmd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="apt" filename="policy/modules/contrib/apt.if">
+<summary>APT advanced package tool.</summary>
+<interface name="apt_domtrans" lineno="13">
+<summary>
+Execute apt programs in the apt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apt_run" lineno="39">
+<summary>
+Execute apt programs in the apt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the apt domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apt_use_fds" lineno="59">
+<summary>
+Inherit and use file descriptors from apt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_dontaudit_use_fds" lineno="78">
+<summary>
+Do not audit attempts to use file descriptors from apt.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apt_read_pipes" lineno="96">
+<summary>
+Read from an unnamed apt pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_rw_pipes" lineno="115">
+<summary>
+Read and write an unnamed apt pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_use_ptys" lineno="134">
+<summary>
+Read from and write to apt ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_read_cache" lineno="152">
+<summary>
+Read the apt package cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_read_db" lineno="173">
+<summary>
+Read the apt package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_manage_db" lineno="194">
+<summary>
+Create, read, write, and delete the apt package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_dontaudit_manage_db" lineno="217">
+<summary>
+Do not audit attempts to create, read,
+write, and delete the apt package database.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+</module>
+<module name="arpwatch" filename="policy/modules/contrib/arpwatch.if">
+<summary>Ethernet activity monitor.</summary>
+<interface name="arpwatch_initrc_domtrans" lineno="13">
+<summary>
+Execute arpwatch server in the arpwatch domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_search_data" lineno="31">
+<summary>
+Search arpwatch's data file directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_manage_data_files" lineno="50">
+<summary>
+Create arpwatch data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_rw_tmp_files" lineno="69">
+<summary>
+Read and write arpwatch temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_manage_tmp_files" lineno="88">
+<summary>
+Read and write arpwatch temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="108">
+<summary>
+Do not audit attempts to read and write
+arpwatch packet sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_admin" lineno="133">
+<summary>
+All of the rules required to administrate
+an arpwatch environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the arpwatch domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="asterisk" filename="policy/modules/contrib/asterisk.if">
+<summary>Asterisk IP telephony server</summary>
+<interface name="asterisk_domtrans" lineno="13">
+<summary>
+Execute asterisk in the asterisk domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_stream_connect" lineno="33">
+<summary>
+Connect to asterisk over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_admin" lineno="59">
+<summary>
+All of the rules required to administrate
+an asterisk environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the asterisk domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="authbind" filename="policy/modules/contrib/authbind.if">
+<summary>Tool for non-root processes to bind to reserved ports</summary>
+<interface name="authbind_domtrans" lineno="13">
+<summary>
+Use authbind to bind to a reserved port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="automount" filename="policy/modules/contrib/automount.if">
+<summary>Filesystem automounter service.</summary>
+<interface name="automount_domtrans" lineno="13">
+<summary>
+Execute automount in the automount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="automount_signal" lineno="33">
+<summary>
+Send automount a signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="automount_exec_config" lineno="51">
+<summary>
+Execute automount in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="automount_read_state" lineno="66">
+<summary>
+Allow the domain to read state files in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_use_fds" lineno="84">
+<summary>
+Do not audit attempts to file descriptors for automount.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_write_pipes" lineno="102">
+<summary>
+Do not audit attempts to write automount daemon unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="121">
+<summary>
+Do not audit attempts to get the attributes
+of automount temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_admin" lineno="146">
+<summary>
+All of the rules required to administrate
+an automount environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the automount domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="avahi" filename="policy/modules/contrib/avahi.if">
+<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</summary>
+<interface name="avahi_domtrans" lineno="13">
+<summary>
+Execute avahi server in the avahi domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="avahi_signal" lineno="32">
+<summary>
+Send avahi a signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_kill" lineno="50">
+<summary>
+Send avahi a kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_signull" lineno="68">
+<summary>
+Send avahi a signull
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_dbus_chat" lineno="87">
+<summary>
+Send and receive messages from
+avahi over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_stream_connect" lineno="107">
+<summary>
+Connect to avahi using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_dontaudit_search_pid" lineno="126">
+<summary>
+Do not audit attempts to search the avahi pid directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="avahi_admin" lineno="151">
+<summary>
+All of the rules required to administrate
+an avahi environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the avahi domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="awstats" filename="policy/modules/contrib/awstats.if">
+<summary>
+AWStats is a free powerful and featureful tool that generates advanced
+web, streaming, ftp or mail server statistics, graphically.
+</summary>
+<interface name="awstats_rw_pipes" lineno="16">
+<summary>
+Read and write awstats unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="awstats_cgi_exec" lineno="34">
+<summary>
+Execute awstats cgi scripts in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="backup" filename="policy/modules/contrib/backup.if">
+<summary>System backup scripts</summary>
+<interface name="backup_domtrans" lineno="13">
+<summary>
+Execute backup in the backup domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="backup_run" lineno="38">
+<summary>
+Execute backup in the backup domain, and
+allow the specified role the backup domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="bind" filename="policy/modules/contrib/bind.if">
+<summary>Berkeley internet name domain DNS server.</summary>
+<interface name="bind_initrc_domtrans" lineno="13">
+<summary>
+Execute bind server in the bind domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_domtrans_ndc" lineno="31">
+<summary>
+Execute ndc in the ndc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_signal" lineno="49">
+<summary>
+Send generic signals to BIND.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_signull" lineno="67">
+<summary>
+Send null sigals to BIND.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_kill" lineno="85">
+<summary>
+Send BIND the kill signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_run_ndc" lineno="110">
+<summary>
+Execute ndc in the ndc domain, and
+allow the specified role the ndc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="bind_domtrans" lineno="129">
+<summary>
+Execute bind in the named domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_dnssec_keys" lineno="147">
+<summary>
+Read DNSSEC keys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_config" lineno="165">
+<summary>
+Read BIND named configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_write_config" lineno="183">
+<summary>
+Write BIND named configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_config_dirs" lineno="203">
+<summary>
+Create, read, write, and delete
+BIND configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_search_cache" lineno="221">
+<summary>
+Search the BIND cache directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_cache" lineno="243">
+<summary>
+Create, read, write, and delete
+BIND cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_setattr_pid_dirs" lineno="264">
+<summary>
+Set the attributes of the BIND pid directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_setattr_zone_dirs" lineno="282">
+<summary>
+Set the attributes of the BIND zone directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_zone" lineno="300">
+<summary>
+Read BIND zone files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_zone" lineno="319">
+<summary>
+Manage BIND zone files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_udp_chat_named" lineno="338">
+<summary>
+Send and receive datagrams to and from named. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_admin" lineno="359">
+<summary>
+All of the rules required to administrate
+an bind environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the bind domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="named_write_master_zones" dftval="false">
+<desc>
+<p>
+Allow BIND to write the master zone files.
+Generally this is used for dynamic DNS or zone transfers.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="bitlbee" filename="policy/modules/contrib/bitlbee.if">
+<summary>Bitlbee service</summary>
+<interface name="bitlbee_read_config" lineno="13">
+<summary>
+Read bitlbee configuration files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed accesss.
+</summary>
+</param>
+</interface>
+<interface name="bitlbee_admin" lineno="40">
+<summary>
+All of the rules required to administrate
+an bitlbee environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the bitlbee domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="bluetooth" filename="policy/modules/contrib/bluetooth.if">
+<summary>Bluetooth tools and system services.</summary>
+<interface name="bluetooth_role" lineno="18">
+<summary>
+Role access for bluetooth
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_stream_connect" lineno="51">
+<summary>
+Connect to bluetooth over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_domtrans" lineno="71">
+<summary>
+Execute bluetooth in the bluetooth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_read_config" lineno="89">
+<summary>
+Read bluetooth daemon configuration.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_dbus_chat" lineno="108">
+<summary>
+Send and receive messages from
+bluetooth over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_domtrans_helper" lineno="128">
+<summary>
+Execute bluetooth_helper in the bluetooth_helper domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_run_helper" lineno="154">
+<summary>
+Execute bluetooth_helper in the bluetooth_helper domain, and
+allow the specified role the bluetooth_helper domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="terminal">
+<summary>
+The type of the terminal allow the bluetooth_helper domain to use.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="bluetooth_dontaudit_read_helper_state" lineno="168">
+<summary>
+Read bluetooth helper state files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_admin" lineno="194">
+<summary>
+All of the rules required to administrate
+an bluetooth environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the bluetooth domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="brctl" filename="policy/modules/contrib/brctl.if">
+<summary>Utilities for configuring the linux ethernet bridge</summary>
+<interface name="brctl_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run brctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="bugzilla" filename="policy/modules/contrib/bugzilla.if">
+<summary>Bugzilla server</summary>
+<interface name="bugzilla_search_content" lineno="14">
+<summary>
+Allow the specified domain to search
+bugzilla directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bugzilla_dontaudit_rw_stream_sockets" lineno="33">
+<summary>
+Do not audit attempts to read and write
+bugzilla script unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="bugzilla_admin" lineno="58">
+<summary>
+All of the rules required to administrate
+an bugzilla environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the bugzilla domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="calamaris" filename="policy/modules/contrib/calamaris.if">
+<summary>Squid log analysis</summary>
+<interface name="calamaris_read_www_files" lineno="13">
+<summary>
+Allow domain to read calamaris www files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="canna" filename="policy/modules/contrib/canna.if">
+<summary>Canna - kana-kanji conversion server</summary>
+<interface name="canna_stream_connect" lineno="13">
+<summary>
+Connect to Canna using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="canna_admin" lineno="39">
+<summary>
+All of the rules required to administrate
+an canna environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the canna domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ccs" filename="policy/modules/contrib/ccs.if">
+<summary>Cluster Configuration System</summary>
+<interface name="ccs_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ccs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ccs_stream_connect" lineno="31">
+<summary>
+Connect to ccs over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ccs_read_config" lineno="50">
+<summary>
+Read cluster configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ccs_manage_config" lineno="68">
+<summary>
+Manage cluster configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cdrecord" filename="policy/modules/contrib/cdrecord.if">
+<summary>Policy for cdrecord</summary>
+<interface name="cdrecord_role" lineno="18">
+<summary>
+Role access for cdrecord
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<tunable name="cdrecord_read_content" dftval="false">
+<desc>
+<p>
+Allow cdrecord to read various content.
+nfs, samba, removable devices, user temp
+and untrusted content files
+</p>
+</desc>
+</tunable>
+</module>
+<module name="certmaster" filename="policy/modules/contrib/certmaster.if">
+<summary>Certmaster SSL certificate distribution service</summary>
+<interface name="certmaster_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run certmaster.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_exec" lineno="31">
+<summary>
+Execute certmaster in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_read_log" lineno="50">
+<summary>
+read certmaster logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_append_log" lineno="69">
+<summary>
+Append to certmaster logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_manage_log" lineno="89">
+<summary>
+Create, read, write, and delete
+certmaster logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_admin" lineno="116">
+<summary>
+All of the rules required to administrate
+an snort environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the syslog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="certmonger" filename="policy/modules/contrib/certmonger.if">
+<summary>Certificate status monitor and PKI enrollment client</summary>
+<interface name="certmonger_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run certmonger.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+certmonger over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_initrc_domtrans" lineno="52">
+<summary>
+Execute certmonger server in the certmonger domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_read_pid_files" lineno="70">
+<summary>
+Read certmonger PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_search_lib" lineno="89">
+<summary>
+Search certmonger lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_read_lib_files" lineno="108">
+<summary>
+Read certmonger lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_manage_lib_files" lineno="128">
+<summary>
+Create, read, write, and delete
+certmonger lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_admin" lineno="154">
+<summary>
+All of the rules required to administrate
+an certmonger environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="certwatch" filename="policy/modules/contrib/certwatch.if">
+<summary>Digital Certificate Tracking</summary>
+<interface name="certwatch_domtrans" lineno="13">
+<summary>
+Domain transition to certwatch.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certwatch_run" lineno="42">
+<summary>
+Execute certwatch in the certwatch domain, and
+allow the specified role the certwatch domain,
+and use the caller's terminal. Has a sigchld
+backchannel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="certwatach_run" lineno="75">
+<summary>
+Execute certwatch in the certwatch domain, and
+allow the specified role the certwatch domain,
+and use the caller's terminal. Has a sigchld
+backchannel. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="terminal">
+<summary>
+The type of the terminal allow the certwatch domain to use.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cgroup" filename="policy/modules/contrib/cgroup.if">
+<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
+<interface name="cgroup_domtrans_cgclear" lineno="14">
+<summary>
+Execute a domain transition to run
+CG Clear.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_domtrans_cgconfig" lineno="34">
+<summary>
+Execute a domain transition to run
+CG config parser.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_initrc_domtrans_cgconfig" lineno="54">
+<summary>
+Execute a domain transition to run
+CG config parser.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_domtrans_cgred" lineno="73">
+<summary>
+Execute a domain transition to run
+CG rules engine daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_initrc_domtrans_cgred" lineno="94">
+<summary>
+Execute a domain transition to run
+CG rules engine daemon.
+domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_run_cgclear" lineno="121">
+<summary>
+Execute a domain transition to
+run CG Clear and allow the
+specified role the CG Clear
+domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cgroup_stream_connect_cgred" lineno="141">
+<summary>
+Connect to CG rules engine daemon
+over unix stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_admin" lineno="167">
+<summary>
+All of the rules required to administrate
+an cgroup environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="chronyd" filename="policy/modules/contrib/chronyd.if">
+<summary>Chrony NTP background daemon</summary>
+<interface name="chronyd_domtrans" lineno="13">
+<summary>
+Execute chronyd in the chronyd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_exec" lineno="32">
+<summary>
+Execute chronyd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_read_log" lineno="50">
+<summary>
+Read chronyd logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_admin" lineno="76">
+<summary>
+All of the rules required to administrate
+an chronyd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the chronyd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cipe" filename="policy/modules/contrib/cipe.if">
+<summary>Encrypted tunnel daemon</summary>
+</module>
+<module name="clamav" filename="policy/modules/contrib/clamav.if">
+<summary>ClamAV Virus Scanner</summary>
+<interface name="clamav_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run clamd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clamav_stream_connect" lineno="31">
+<summary>
+Connect to run clamd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_append_log" lineno="50">
+<summary>
+Allow the specified domain to append
+to clamav log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_read_config" lineno="70">
+<summary>
+Read clamav configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_search_lib" lineno="89">
+<summary>
+Search clamav libraries directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_domtrans_clamscan" lineno="108">
+<summary>
+Execute a domain transition to run clamscan.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clamav_exec_clamscan" lineno="126">
+<summary>
+Execute clamscan without a transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_admin" lineno="151">
+<summary>
+All of the rules required to administrate
+an clamav environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the clamav domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="clamd_use_jit" dftval="false">
+<desc>
+<p>
+Allow clamd to use JIT compiler
+</p>
+</desc>
+</tunable>
+</module>
+<module name="clockspeed" filename="policy/modules/contrib/clockspeed.if">
+<summary>Clockspeed simple network time protocol client</summary>
+<interface name="clockspeed_domtrans_cli" lineno="13">
+<summary>
+Execute clockspeed utilities in the clockspeed_cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clockspeed_run_cli" lineno="37">
+<summary>
+Allow the specified role the clockspeed_cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="clogd" filename="policy/modules/contrib/clogd.if">
+<summary>clogd - Clustered Mirror Log Server</summary>
+<interface name="clogd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run clogd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clogd_stream_connect" lineno="33">
+<summary>
+Connect to clogd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clogd_rw_semaphores" lineno="52">
+<summary>
+Allow read and write access to clogd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clogd_rw_shm" lineno="70">
+<summary>
+Read and write to group shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cmirrord" filename="policy/modules/contrib/cmirrord.if">
+<summary>Cluster mirror log daemon</summary>
+<interface name="cmirrord_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run cmirrord.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_initrc_domtrans" lineno="31">
+<summary>
+Execute cmirrord server in the cmirrord domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_read_pid_files" lineno="49">
+<summary>
+Read cmirrord PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_rw_shm" lineno="68">
+<summary>
+Read and write to cmirrord shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_admin" lineno="98">
+<summary>
+All of the rules required to administrate
+an cmirrord environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cobbler" filename="policy/modules/contrib/cobbler.if">
+<summary>Cobbler installation server.</summary>
+<desc>
+<p>
+Cobbler is a Linux installation server that allows for
+rapid setup of network installation environments. It
+glues together and automates many associated Linux
+tasks so you do not have to hop between lots of various
+commands and applications when rolling out new systems,
+and, in some cases, changing existing ones.
+</p>
+</desc>
+<interface name="cobblerd_domtrans" lineno="23">
+<summary>
+Execute a domain transition to run cobblerd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cobblerd_initrc_domtrans" lineno="41">
+<summary>
+Execute cobblerd server in the cobblerd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_read_config" lineno="59">
+<summary>
+Read Cobbler content in /etc
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_dontaudit_rw_log" lineno="79">
+<summary>
+Do not audit attempts to read and write
+Cobbler log files (leaked fd).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_search_lib" lineno="97">
+<summary>
+Search cobbler dirs in /var/lib
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_read_lib_files" lineno="116">
+<summary>
+Read cobbler files in /var/lib
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_manage_lib_files" lineno="135">
+<summary>
+Manage cobbler files in /var/lib
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobblerd_admin" lineno="161">
+<summary>
+All of the rules required to administrate
+an cobblerd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="cobbler_anon_write" dftval="false">
+<desc>
+<p>
+Allow Cobbler to modify public files
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="colord" filename="policy/modules/contrib/colord.if">
+<summary>GNOME color manager</summary>
+<interface name="colord_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run colord.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="colord_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+colord over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="colord_read_lib_files" lineno="52">
+<summary>
+Read colord lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="comsat" filename="policy/modules/contrib/comsat.if">
+<summary>Comsat, a biff server.</summary>
+</module>
+<module name="consolekit" filename="policy/modules/contrib/consolekit.if">
+<summary>Framework for facilitating multiple user sessions on desktops.</summary>
+<interface name="consolekit_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run consolekit.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+consolekit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_read_log" lineno="52">
+<summary>
+Read consolekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_manage_log" lineno="71">
+<summary>
+Manage consolekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_read_pid_files" lineno="90">
+<summary>
+Read consolekit PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="corosync" filename="policy/modules/contrib/corosync.if">
+<summary>Corosync Cluster Engine</summary>
+<interface name="corosync_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run corosync.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="corosync_read_log" lineno="31">
+<summary>
+Allow the specified domain to read corosync's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosync_stream_connect" lineno="52">
+<summary>
+Connect to corosync over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosyncd_admin" lineno="78">
+<summary>
+All of the rules required to administrate
+an corosync environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the corosyncd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="courier" filename="policy/modules/contrib/courier.if">
+<summary>Courier IMAP and POP3 email servers</summary>
+<template name="courier_domain_template" lineno="13">
+<summary>
+Template for creating courier server processes.
+</summary>
+<param name="prefix">
+<summary>
+Prefix name of the server process.
+</summary>
+</param>
+</template>
+<interface name="courier_domtrans_authdaemon" lineno="99">
+<summary>
+Execute the courier authentication daemon with
+a domain transition.
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="courier_domtrans_pop" lineno="118">
+<summary>
+Execute the courier POP3 and IMAP server with
+a domain transition.
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="courier_read_config" lineno="136">
+<summary>
+Read courier config files
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_manage_spool_dirs" lineno="155">
+<summary>
+Create, read, write, and delete courier
+spool directories.
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_manage_spool_files" lineno="174">
+<summary>
+Create, read, write, and delete courier
+spool files.
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_read_spool" lineno="192">
+<summary>
+Read courier spool files.
+</summary>
+<param name="prefix">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_rw_spool_pipes" lineno="210">
+<summary>
+Read and write to courier spool pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cpucontrol" filename="policy/modules/contrib/cpucontrol.if">
+<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
+<interface name="cpucontrol_stub" lineno="13">
+<summary>
+CPUcontrol stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cpufreqselector" filename="policy/modules/contrib/cpufreqselector.if">
+<summary>Command-line CPU frequency settings.</summary>
+<interface name="cpufreqselector_dbus_chat" lineno="14">
+<summary>
+Send and receive messages from
+cpufreq-selector over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cron" filename="policy/modules/contrib/cron.if">
+<summary>Periodic execution of scheduled commands.</summary>
+<template name="cron_common_crontab_template" lineno="14">
+<summary>
+The common rules for a crontab domain.
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<interface name="cron_role" lineno="105">
+<summary>
+Role access for cron
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="cron_unconfined_role" lineno="154">
+<summary>
+Role access for unconfined cronjobs
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="cron_admin_role" lineno="203">
+<summary>
+Role access for cron
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="cron_system_entry" lineno="257">
+<summary>
+Make the specified program domain accessable
+from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+The type of the process to transition to.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type of the file used as an entrypoint to this domain.
+</summary>
+</param>
+</interface>
+<interface name="cron_domtrans" lineno="278">
+<summary>
+Execute cron in the cron system domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_exec" lineno="296">
+<summary>
+Execute crond_exec_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_initrc_domtrans" lineno="314">
+<summary>
+Execute crond server in the nscd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_use_fds" lineno="333">
+<summary>
+Inherit and use a file descriptor
+from the cron daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_sigchld" lineno="351">
+<summary>
+Send a SIGCHLD signal to the cron daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_pipes" lineno="369">
+<summary>
+Read a cron daemon unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_write_pipes" lineno="387">
+<summary>
+Do not audit attempts to write cron daemon unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_pipes" lineno="405">
+<summary>
+Read and write a cron daemon unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_tcp_sockets" lineno="423">
+<summary>
+Read, and write cron daemon TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_rw_tcp_sockets" lineno="441">
+<summary>
+Dontaudit Read, and write cron daemon TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_search_spool" lineno="459">
+<summary>
+Search the directory containing user cron tables.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_manage_pid_files" lineno="478">
+<summary>
+Manage pid files used by cron
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_anacron_domtrans_system_job" lineno="496">
+<summary>
+Execute anacron in the cron system domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_use_system_job_fds" lineno="515">
+<summary>
+Inherit and use a file descriptor
+from system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_write_system_job_pipes" lineno="533">
+<summary>
+Write a system cron job unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_system_job_pipes" lineno="551">
+<summary>
+Read and write a system cron job unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_system_job_stream_sockets" lineno="569">
+<summary>
+Allow read/write unix stream sockets from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_system_job_tmp_files" lineno="587">
+<summary>
+Read temporary files from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="607">
+<summary>
+Do not audit attempts to append temporary
+files from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="626">
+<summary>
+Do not audit attempts to write temporary
+files from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<tunable name="cron_can_relabel" dftval="false">
+<desc>
+<p>
+Allow system cron jobs to relabel filesystem
+for restoring file contexts.
+</p>
+</desc>
+</tunable>
+<tunable name="fcron_crond" dftval="false">
+<desc>
+<p>
+Enable extra rules in the cron domain
+to support fcron.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="cups" filename="policy/modules/contrib/cups.if">
+<summary>Common UNIX printing system</summary>
+<interface name="cups_backend" lineno="13">
+<summary>
+Setup cups to transtion to the cups backend domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_domtrans" lineno="40">
+<summary>
+Execute cups in the cups domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cups_stream_connect" lineno="58">
+<summary>
+Connect to cupsd over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_tcp_connect" lineno="77">
+<summary>
+Connect to cups over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_dbus_chat" lineno="92">
+<summary>
+Send and receive messages from
+cups over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_read_pid_files" lineno="112">
+<summary>
+Read cups PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_domtrans_config" lineno="131">
+<summary>
+Execute cups_config in the cups_config domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cups_signal_config" lineno="150">
+<summary>
+Send generic signals to the cups
+configuration daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_dbus_chat_config" lineno="169">
+<summary>
+Send and receive messages from
+cupsd_config over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_read_config" lineno="190">
+<summary>
+Read cups configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_read_rw_config" lineno="211">
+<summary>
+Read cups-writable configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_read_log" lineno="231">
+<summary>
+Read cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_append_log" lineno="250">
+<summary>
+Append cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_write_log" lineno="269">
+<summary>
+Write cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_stream_connect_ptal" lineno="288">
+<summary>
+Connect to ptal over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_admin" lineno="314">
+<summary>
+All of the rules required to administrate
+an cups environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the cups domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cvs" filename="policy/modules/contrib/cvs.if">
+<summary>Concurrent versions system</summary>
+<interface name="cvs_read_data" lineno="13">
+<summary>
+Read the CVS data and metadata.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cvs_exec" lineno="34">
+<summary>
+Allow the specified domain to execute cvs
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cvs_admin" lineno="59">
+<summary>
+All of the rules required to administrate
+an cvs environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the cvs domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_cvs_read_shadow" dftval="false">
+<desc>
+<p>
+Allow cvs daemon to read shadow
+</p>
+</desc>
+</tunable>
+</module>
+<module name="cyphesis" filename="policy/modules/contrib/cyphesis.if">
+<summary>Cyphesis WorldForge game server</summary>
+<interface name="cyphesis_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run cyphesis.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cyrus" filename="policy/modules/contrib/cyrus.if">
+<summary>Cyrus is an IMAP service intended to be run on sealed servers</summary>
+<interface name="cyrus_manage_data" lineno="14">
+<summary>
+Allow caller to create, read, write,
+and delete cyrus data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cyrus_stream_connect" lineno="33">
+<summary>
+Connect to Cyrus using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cyrus_admin" lineno="59">
+<summary>
+All of the rules required to administrate
+an cyrus environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the cyrus domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="daemontools" filename="policy/modules/contrib/daemontools.if">
+<summary>Collection of tools for managing UNIX services</summary>
+<desc>
+<p>
+Policy for DJB's daemontools
+</p>
+</desc>
+<interface name="daemontools_ipc_domain" lineno="18">
+<summary>
+An ipc channel between the supervised domain and svc_start_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_service_domain" lineno="44">
+<summary>
+Define a specified domain as a supervised service.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_domtrans_start" lineno="66">
+<summary>
+Execute in the svc_start_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemonstools_run_start" lineno="91">
+<summary>
+Execute svc_start in the svc_start domain, and
+allow the specified role the svc_start domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed the svc_start domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="daemontools_domtrans_run" lineno="110">
+<summary>
+Execute in the svc_run_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_sigchld_run" lineno="128">
+<summary>
+Send a SIGCHLD signal to svc_run domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_domtrans_multilog" lineno="146">
+<summary>
+Execute in the svc_multilog_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_search_svc_dir" lineno="164">
+<summary>
+Search svc_svc_t directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_read_svc" lineno="183">
+<summary>
+Allow a domain to read svc_svc_t files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="daemontools_manage_svc" lineno="203">
+<summary>
+Allow a domain to create svc_svc_t files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dante" filename="policy/modules/contrib/dante.if">
+<summary>Dante msproxy and socks4/5 proxy server</summary>
+</module>
+<module name="dbadm" filename="policy/modules/contrib/dbadm.if">
+<summary>Database administrator role</summary>
+<interface name="dbadm_role_change" lineno="14">
+<summary>
+Change to the database administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dbadm_role_change_to" lineno="44">
+<summary>
+Change from the database administrator role.
+</summary>
+<desc>
+<p>
+Change from the database administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="dbadm_manage_user_files" dftval="false">
+<desc>
+<p>
+Allow dbadm to manage files in users home directories
+</p>
+</desc>
+</tunable>
+<tunable name="dbadm_read_user_files" dftval="false">
+<desc>
+<p>
+Allow dbadm to read files in users home directories
+</p>
+</desc>
+</tunable>
+</module>
+<module name="dbskk" filename="policy/modules/contrib/dbskk.if">
+<summary>Dictionary server for the SKK Japanese input method system.</summary>
+</module>
+<module name="dbus" filename="policy/modules/contrib/dbus.if">
+<summary>Desktop messaging bus</summary>
+<interface name="dbus_stub" lineno="13">
+<summary>
+DBUS stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<template name="dbus_role_template" lineno="41">
+<summary>
+Role access for dbus
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</template>
+<interface name="dbus_system_bus_client" lineno="179">
+<summary>
+Template for creating connections to
+the system DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_session_bus_client" lineno="210">
+<summary>
+Template for creating connections to
+a user DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_send_session_bus" lineno="233">
+<summary>
+Send a message the session DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_read_config" lineno="252">
+<summary>
+Read dbus configuration.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_read_lib_files" lineno="271">
+<summary>
+Read system dbus lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_manage_lib_files" lineno="291">
+<summary>
+Create, read, write, and delete
+system dbus lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_connect_session_bus" lineno="311">
+<summary>
+Connect to the system DBUS
+for service (acquire_svc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_session_domain" lineno="337">
+<summary>
+Allow a application domain to be started
+by the session dbus.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an
+entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="dbus_connect_system_bus" lineno="359">
+<summary>
+Connect to the system DBUS
+for service (acquire_svc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_send_system_bus" lineno="378">
+<summary>
+Send a message on the system DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_system_bus_unconfined" lineno="397">
+<summary>
+Allow unconfined access to the system DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_system_domain" lineno="422">
+<summary>
+Create a domain for processes
+which can be started by the system dbus
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="dbus_use_system_bus_fds" lineno="457">
+<summary>
+Use and inherit system DBUS file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_dontaudit_system_bus_rw_tcp_sockets" lineno="475">
+<summary>
+Dontaudit Read, and write system dbus TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dbus_unconfined" lineno="494">
+<summary>
+Allow unconfined access to the system DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="dcc" filename="policy/modules/contrib/dcc.if">
+<summary>Distributed checksum clearinghouse spam filtering</summary>
+<interface name="dcc_domtrans_cdcc" lineno="13">
+<summary>
+Execute cdcc in the cdcc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_cdcc" lineno="39">
+<summary>
+Execute cdcc in the cdcc domain, and
+allow the specified role the cdcc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_domtrans_client" lineno="58">
+<summary>
+Execute dcc_client in the dcc_client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_signal_client" lineno="77">
+<summary>
+Send a signal to the dcc_client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_client" lineno="102">
+<summary>
+Execute dcc_client in the dcc_client domain, and
+allow the specified role the dcc_client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_domtrans_dbclean" lineno="121">
+<summary>
+Execute dbclean in the dcc_dbclean domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_dbclean" lineno="147">
+<summary>
+Execute dbclean in the dcc_dbclean domain, and
+allow the specified role the dcc_dbclean domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_stream_connect_dccifd" lineno="166">
+<summary>
+Connect to dccifd over a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ddclient" filename="policy/modules/contrib/ddclient.if">
+<summary>Update dynamic IP address at DynDNS.org</summary>
+<interface name="ddclient_domtrans" lineno="13">
+<summary>
+Execute ddclient in the ddclient domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ddclient_run" lineno="38">
+<summary>
+Execute ddclient daemon on behalf of a user or staff type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ddclient_admin" lineno="64">
+<summary>
+All of the rules required to administrate
+an ddclient environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the ddclient domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ddcprobe" filename="policy/modules/contrib/ddcprobe.if">
+<summary>ddcprobe retrieves monitor and graphics card information</summary>
+<interface name="ddcprobe_domtrans" lineno="13">
+<summary>
+Execute ddcprobe in the ddcprobe domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ddcprobe_run" lineno="38">
+<summary>
+Execute ddcprobe in the ddcprobe domain, and
+allow the specified role the ddcprobe domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role to be authenticated for ddcprobe domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="denyhosts" filename="policy/modules/contrib/denyhosts.if">
+<summary>DenyHosts SSH dictionary attack mitigation</summary>
+<desc>
+<p>
+DenyHosts is a script intended to be run by Linux
+system administrators to help thwart SSH server attacks
+(also known as dictionary based attacks and brute force
+attacks).
+</p>
+</desc>
+<interface name="denyhosts_domtrans" lineno="21">
+<summary>
+Execute a domain transition to run denyhosts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="denyhosts_initrc_domtrans" lineno="39">
+<summary>
+Execute denyhost server in the denyhost domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="denyhosts_admin" lineno="63">
+<summary>
+All of the rules required to administrate
+an denyhosts environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="devicekit" filename="policy/modules/contrib/devicekit.if">
+<summary>Devicekit modular hardware abstraction layer</summary>
+<interface name="devicekit_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run devicekit.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dgram_send" lineno="32">
+<summary>
+Send to devicekit over a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat" lineno="51">
+<summary>
+Send and receive messages from
+devicekit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat_disk" lineno="72">
+<summary>
+Send and receive messages from
+devicekit disk over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_signal_power" lineno="92">
+<summary>
+Send signal devicekit power
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat_power" lineno="111">
+<summary>
+Send and receive messages from
+devicekit power over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_read_pid_files" lineno="131">
+<summary>
+Read devicekit PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_admin" lineno="162">
+<summary>
+All of the rules required to administrate
+an devicekit environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the devicekit domain.
+</summary>
+</param>
+<param name="terminal">
+<summary>
+The type of the user terminal.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dhcp" filename="policy/modules/contrib/dhcp.if">
+<summary>Dynamic host configuration protocol (DHCP) server</summary>
+<interface name="dhcpd_domtrans" lineno="13">
+<summary>
+Transition to dhcpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_setattr_state_files" lineno="33">
+<summary>
+Set the attributes of the DCHP
+server state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_initrc_domtrans" lineno="53">
+<summary>
+Execute dhcp server in the dhcp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_admin" lineno="78">
+<summary>
+All of the rules required to administrate
+an dhcp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the dhcp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dictd" filename="policy/modules/contrib/dictd.if">
+<summary>Dictionary daemon</summary>
+<interface name="dictd_tcp_connect" lineno="14">
+<summary>
+Use dictionary services by connecting
+over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dictd_admin" lineno="35">
+<summary>
+All of the rules required to administrate
+an dictd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the dictd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="distcc" filename="policy/modules/contrib/distcc.if">
+<summary>Distributed compiler daemon</summary>
+</module>
+<module name="djbdns" filename="policy/modules/contrib/djbdns.if">
+<summary>small and secure DNS daemon</summary>
+<template name="djbdns_daemontools_domain_template" lineno="14">
+<summary>
+Create a set of derived types for djbdns
+components that are directly supervised by daemontools.
+</summary>
+<param name="prefix">
+<summary>
+The prefix to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="djbdns_search_tinydns_keys" lineno="66">
+<summary>
+Allow search the djbdns-tinydns key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="djbdns_link_tinydns_keys" lineno="84">
+<summary>
+Allow link to the djbdns-tinydns key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="dkim" filename="policy/modules/contrib/dkim.if">
+<summary>DomainKeys Identified Mail milter.</summary>
+</module>
+<module name="dmidecode" filename="policy/modules/contrib/dmidecode.if">
+<summary>Decode DMI data for x86/ia64 bioses.</summary>
+<interface name="dmidecode_domtrans" lineno="13">
+<summary>
+Execute dmidecode in the dmidecode domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dmidecode_run" lineno="43">
+<summary>
+Execute dmidecode in the dmidecode domain, and
+allow the specified role the dmidecode domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dnsmasq" filename="policy/modules/contrib/dnsmasq.if">
+<summary>dnsmasq DNS forwarder and DHCP server</summary>
+<interface name="dnsmasq_domtrans" lineno="14">
+<summary>
+Execute dnsmasq server in the dnsmasq domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_initrc_domtrans" lineno="34">
+<summary>
+Execute the dnsmasq init script in the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_signal" lineno="53">
+<summary>
+Send dnsmasq a signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_signull" lineno="72">
+<summary>
+Send dnsmasq a signull
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_kill" lineno="91">
+<summary>
+Send dnsmasq a kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_read_config" lineno="109">
+<summary>
+Read dnsmasq config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_write_config" lineno="128">
+<summary>
+Write to dnsmasq config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_delete_pid_files" lineno="148">
+<summary>
+Delete dnsmasq pid files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_read_pid_files" lineno="167">
+<summary>
+Read dnsmasq pid files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_admin" lineno="192">
+<summary>
+All of the rules required to administrate
+an dnsmasq environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the dnsmasq domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dovecot" filename="policy/modules/contrib/dovecot.if">
+<summary>Dovecot POP and IMAP mail server</summary>
+<interface name="dovecot_stream_connect_auth" lineno="14">
+<summary>
+Connect to dovecot auth unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dovecot_domtrans_deliver" lineno="32">
+<summary>
+Execute dovecot_deliver in the dovecot_deliver domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_manage_spool" lineno="50">
+<summary>
+Create, read, write, and delete the dovecot spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_dontaudit_unlink_lib_files" lineno="69">
+<summary>
+Do not audit attempts to delete dovecot lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_admin" lineno="94">
+<summary>
+All of the rules required to administrate
+an dovecot environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the dovecot domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dpkg" filename="policy/modules/contrib/dpkg.if">
+<summary>Policy for the Debian package manager.</summary>
+<interface name="dpkg_domtrans" lineno="15">
+<summary>
+Execute dpkg programs in the dpkg domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_domtrans_script" lineno="35">
+<summary>
+Execute dpkg_script programs in the dpkg_script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_run" lineno="63">
+<summary>
+Execute dpkg programs in the dpkg domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the dpkg domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dpkg_use_fds" lineno="82">
+<summary>
+Inherit and use file descriptors from dpkg.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_read_pipes" lineno="100">
+<summary>
+Read from an unnamed dpkg pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_rw_pipes" lineno="118">
+<summary>
+Read and write an unnamed dpkg pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_use_script_fds" lineno="136">
+<summary>
+Inherit and use file descriptors from dpkg scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_read_db" lineno="154">
+<summary>
+Read the dpkg package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_manage_db" lineno="175">
+<summary>
+Create, read, write, and delete the dpkg package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_dontaudit_manage_db" lineno="196">
+<summary>
+Do not audit attempts to create, read,
+write, and delete the dpkg package database.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dpkg_lock_db" lineno="216">
+<summary>
+Lock the dpkg package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="entropyd" filename="policy/modules/contrib/entropyd.if">
+<summary>Generate entropy from audio input</summary>
+<tunable name="entropyd_use_audio" dftval="false">
+<desc>
+<p>
+Allow the use of the audio devices as the source for the entropy feeds
+</p>
+</desc>
+</tunable>
+</module>
+<module name="evolution" filename="policy/modules/contrib/evolution.if">
+<summary>Evolution email client</summary>
+<interface name="evolution_role" lineno="18">
+<summary>
+Role access for evolution
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="evolution_home_filetrans" lineno="85">
+<summary>
+Create objects in users evolution home folders.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="class">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="evolution_stream_connect" lineno="104">
+<summary>
+Connect to evolution unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="evolution_dbus_chat" lineno="124">
+<summary>
+Send and receive messages from
+evolution over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="evolution_alarm_dbus_chat" lineno="145">
+<summary>
+Send and receive messages from
+evolution_alarm over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="exim" filename="policy/modules/contrib/exim.if">
+<summary>Exim mail transfer agent</summary>
+<interface name="exim_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run exim.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="exim_dontaudit_read_tmp_files" lineno="32">
+<summary>
+Do not audit attempts to read,
+exim tmp files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_tmp_files" lineno="50">
+<summary>
+Allow domain to read, exim tmp files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_pid_files" lineno="69">
+<summary>
+Read exim PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_log" lineno="89">
+<summary>
+Allow the specified domain to read exim's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="exim_append_log" lineno="109">
+<summary>
+Allow the specified domain to append
+exim log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_manage_log" lineno="129">
+<summary>
+Allow the specified domain to manage exim's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="exim_manage_spool_dirs" lineno="149">
+<summary>
+Create, read, write, and delete
+exim spool dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_spool_files" lineno="168">
+<summary>
+Read exim spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_manage_spool_files" lineno="189">
+<summary>
+Create, read, write, and delete
+exim spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="exim_can_connect_db" dftval="false">
+<desc>
+<p>
+Allow exim to connect to databases (postgres, mysql)
+</p>
+</desc>
+</tunable>
+<tunable name="exim_read_user_files" dftval="false">
+<desc>
+<p>
+Allow exim to read unprivileged user files.
+</p>
+</desc>
+</tunable>
+<tunable name="exim_manage_user_files" dftval="false">
+<desc>
+<p>
+Allow exim to create, read, write, and delete
+unprivileged user files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="fail2ban" filename="policy/modules/contrib/fail2ban.if">
+<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
+<interface name="fail2ban_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run fail2ban.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_stream_connect" lineno="32">
+<summary>
+Connect to fail2ban over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_rw_stream_sockets" lineno="51">
+<summary>
+Read and write to an fail2ban unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_lib_files" lineno="69">
+<summary>
+Read fail2ban lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_log" lineno="89">
+<summary>
+Allow the specified domain to read fail2ban's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fail2ban_append_log" lineno="110">
+<summary>
+Allow the specified domain to append
+fail2ban log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_pid_files" lineno="130">
+<summary>
+Read fail2ban PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_admin" lineno="156">
+<summary>
+All of the rules required to administrate
+an fail2ban environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the fail2ban domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="fetchmail" filename="policy/modules/contrib/fetchmail.if">
+<summary>Remote-mail retrieval and forwarding utility</summary>
+<interface name="fetchmail_admin" lineno="15">
+<summary>
+All of the rules required to administrate
+an fetchmail environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="finger" filename="policy/modules/contrib/finger.if">
+<summary>Finger user information service.</summary>
+<interface name="finger_domtrans" lineno="13">
+<summary>
+Execute fingerd in the fingerd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="finger_tcp_connect" lineno="31">
+<summary>
+Allow the specified domain to connect to fingerd with a tcp socket. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="firstboot" filename="policy/modules/contrib/firstboot.if">
+<summary>
+Final system configuration run during the first boot
+after installation of Red Hat/Fedora systems.
+</summary>
+<interface name="firstboot_domtrans" lineno="16">
+<summary>
+Execute firstboot in the firstboot domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_run" lineno="40">
+<summary>
+Execute firstboot in the firstboot domain, and
+allow the specified role the firstboot domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_use_fds" lineno="59">
+<summary>
+Inherit and use a file descriptor from firstboot.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_dontaudit_use_fds" lineno="78">
+<summary>
+Do not audit attempts to inherit a
+file descriptor from firstboot.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_write_pipes" lineno="96">
+<summary>
+Write to a firstboot unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_rw_pipes" lineno="114">
+<summary>
+Read and Write to a firstboot unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_dontaudit_rw_pipes" lineno="132">
+<summary>
+Do not audit attemps to read and write to a firstboot unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="151">
+<summary>
+Do not audit attemps to read and write to a firstboot
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+</module>
+<module name="fprintd" filename="policy/modules/contrib/fprintd.if">
+<summary>DBus fingerprint reader service</summary>
+<interface name="fprintd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run fprintd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fprintd_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+fprintd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ftp" filename="policy/modules/contrib/ftp.if">
+<summary>File transfer protocol service</summary>
+<interface name="ftp_dyntrans_anon_sftpd" lineno="13">
+<summary>
+Allow domain dyntransition to sftpd_anon domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_tcp_connect" lineno="31">
+<summary>
+Use ftp by connecting over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_read_config" lineno="45">
+<summary>
+Read ftpd etc files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_check_exec" lineno="64">
+<summary>
+Execute FTP daemon entry point programs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_read_log" lineno="83">
+<summary>
+Read FTP transfer logs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_domtrans_ftpdctl" lineno="102">
+<summary>
+Execute the ftpdctl program in the ftpdctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_run_ftpdctl" lineno="127">
+<summary>
+Execute the ftpdctl program in the ftpdctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the ftpdctl domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ftp_dyntrans_sftpd" lineno="146">
+<summary>
+Allow domain dyntransition to sftpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_admin" lineno="171">
+<summary>
+All of the rules required to administrate
+an ftp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the ftp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_ftpd_anon_write" dftval="false">
+<desc>
+<p>
+Allow ftp servers to upload files, used for public file
+transfer services. Directories must be labeled
+public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_full_access" dftval="false">
+<desc>
+<p>
+Allow ftp servers to login to local users and
+read/write all files on the system, governed by DAC.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_use_cifs" dftval="false">
+<desc>
+<p>
+Allow ftp servers to use cifs
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_use_nfs" dftval="false">
+<desc>
+<p>
+Allow ftp servers to use nfs
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="ftp_home_dir" dftval="false">
+<desc>
+<p>
+Allow ftp to read and write files in the user home directories
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_anon_write" dftval="false">
+<desc>
+<p>
+Allow anon internal-sftp to upload files, used for
+public file transfer services. Directories must be labeled
+public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_enable_homedirs" dftval="false">
+<desc>
+<p>
+Allow sftp-internal to read and write files
+in the user home directories
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_full_access" dftval="false">
+<desc>
+<p>
+Allow sftp-internal to login to local users and
+read/write all files on the system, governed by DAC.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="games" filename="policy/modules/contrib/games.if">
+<summary>Games</summary>
+<interface name="games_role" lineno="18">
+<summary>
+Role access for games
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="games_rw_data" lineno="45">
+<summary>
+Allow the specified domain to read/write
+games data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="gatekeeper" filename="policy/modules/contrib/gatekeeper.if">
+<summary>OpenH.323 Voice-Over-IP Gatekeeper</summary>
+</module>
+<module name="gift" filename="policy/modules/contrib/gift.if">
+<summary>giFT peer to peer file sharing tool</summary>
+<interface name="gift_role" lineno="18">
+<summary>
+Role access for gift
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+</module>
+<module name="git" filename="policy/modules/contrib/git.if">
+<summary>GIT revision control system.</summary>
+<template name="git_role" lineno="18">
+<summary>
+Role access for Git session.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</template>
+<tunable name="git_cgi_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can search home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="git_cgi_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can access cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_cgi_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can access nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_session_users" dftval="false">
+<desc>
+<p>
+Determine whether calling user domains
+can execute Git daemon in the
+git_session_t domain.
+</p>
+</desc>
+</tunable>
+<tunable name="git_session_send_syslog_msg" dftval="false">
+<desc>
+<p>
+Determine whether Git session daemons
+can send syslog messages.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can search home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can access cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can access nfs file systems.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="gitosis" filename="policy/modules/contrib/gitosis.if">
+<summary>Tools for managing and hosting git repositories.</summary>
+<interface name="gitosis_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run gitosis.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gitosis_run" lineno="37">
+<summary>
+Execute gitosis-serve in the gitosis domain, and
+allow the specified role the gitosis domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gitosis_read_lib_files" lineno="57">
+<summary>
+Allow the specified domain to read
+gitosis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gitosis_manage_lib_files" lineno="79">
+<summary>
+Allow the specified domain to manage
+gitosis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="glance" filename="policy/modules/contrib/glance.if">
+<summary>policy for glance</summary>
+<interface name="glance_domtrans_registry" lineno="13">
+<summary>
+Transition to glance registry.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="glance_domtrans_api" lineno="32">
+<summary>
+Transition to glance api.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_log" lineno="52">
+<summary>
+Read glance's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="glance_append_log" lineno="71">
+<summary>
+Append to glance log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_log" lineno="90">
+<summary>
+Manage glance log files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_search_lib" lineno="111">
+<summary>
+Search glance lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_lib_files" lineno="130">
+<summary>
+Read glance lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_lib_files" lineno="149">
+<summary>
+Manage glance lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_lib_dirs" lineno="168">
+<summary>
+Manage glance lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_pid_files" lineno="187">
+<summary>
+Read glance PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_pid_files" lineno="206">
+<summary>
+Manage glance PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_admin" lineno="232">
+<summary>
+All of the rules required to administrate
+an glance environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="gnome" filename="policy/modules/contrib/gnome.if">
+<summary>GNU network object model environment (GNOME)</summary>
+<interface name="gnome_role" lineno="18">
+<summary>
+Role access for gnome
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="gnome_exec_gconf" lineno="49">
+<summary>
+Execute gconf programs in
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="gnome_read_gconf_config" lineno="67">
+<summary>
+Read gconf config files.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</template>
+<interface name="gnome_manage_gconf_config" lineno="87">
+<summary>
+Create, read, write, and delete gconf config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnome_stream_connect_gconf" lineno="106">
+<summary>
+gconf connection template.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnome_domtrans_gconfd" lineno="125">
+<summary>
+Run gconfd in gconfd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnome_setattr_config_dirs" lineno="143">
+<summary>
+Set attributes of Gnome config dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="gnome_read_config" lineno="162">
+<summary>
+Read gnome homedir content (.config)
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</template>
+<interface name="gnome_manage_config" lineno="182">
+<summary>
+manage gnome homedir content (.config)
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="gnomeclock" filename="policy/modules/contrib/gnomeclock.if">
+<summary>Gnome clock handler for setting the time.</summary>
+<interface name="gnomeclock_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run gnomeclock.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gnomeclock_run" lineno="37">
+<summary>
+Execute gnomeclock in the gnomeclock domain, and
+allow the specified role the gnomeclock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnomeclock_dbus_chat" lineno="57">
+<summary>
+Send and receive messages from
+gnomeclock over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="gpg" filename="policy/modules/contrib/gpg.if">
+<summary>Policy for GNU Privacy Guard and related programs.</summary>
+<interface name="gpg_role" lineno="18">
+<summary>
+Role access for gpg
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="gpg_domtrans" lineno="80">
+<summary>
+Transition to a user gpg domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gpg_exec" lineno="98">
+<summary>
+Execute the gpg application without transitioning
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to execute gpg
+</summary>
+</param>
+</interface>
+<interface name="gpg_signal" lineno="116">
+<summary>
+Send generic signals to user gpg processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpg_rw_agent_pipes" lineno="134">
+<summary>
+Read and write GPG agent pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpg_pinentry_dbus_chat" lineno="154">
+<summary>
+Send messages to and from GPG
+Pinentry over DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpg_list_user_secrets" lineno="174">
+<summary>
+List Gnu Privacy Guard user secrets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="gpg_agent_env_file" dftval="false">
+<desc>
+<p>
+Allow usage of the gpg-agent --write-env-file option.
+This also allows gpg-agent to manage user files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="gpm" filename="policy/modules/contrib/gpm.if">
+<summary>General Purpose Mouse driver</summary>
+<interface name="gpm_stream_connect" lineno="14">
+<summary>
+Connect to GPM over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpm_getattr_gpmctl" lineno="34">
+<summary>
+Get the attributes of the GPM
+control channel named socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpm_dontaudit_getattr_gpmctl" lineno="55">
+<summary>
+Do not audit attempts to get the
+attributes of the GPM control channel
+named socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="gpm_setattr_gpmctl" lineno="74">
+<summary>
+Set the attributes of the GPM
+control channel named socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="gpsd" filename="policy/modules/contrib/gpsd.if">
+<summary>gpsd monitor daemon</summary>
+<interface name="gpsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run gpsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gpsd_run" lineno="37">
+<summary>
+Execute gpsd in the gpsd domain, and
+allow the specified role the gpsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpsd_rw_shm" lineno="56">
+<summary>
+Read and write gpsd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="guest" filename="policy/modules/contrib/guest.if">
+<summary>Least privledge terminal user role</summary>
+<interface name="guest_role_change" lineno="14">
+<summary>
+Change to the guest role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="guest_role_change_to" lineno="44">
+<summary>
+Change from the guest role.
+</summary>
+<desc>
+<p>
+Change from the guest role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hadoop" filename="policy/modules/contrib/hadoop.if">
+<summary>Software for reliable, scalable, distributed computing.</summary>
+<template name="hadoop_domain_template" lineno="13">
+<summary>
+The template to define a hadoop domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="hadoop_role" lineno="219">
+<summary>
+Role access for hadoop.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="hadoop_domtrans" lineno="248">
+<summary>
+Execute hadoop in the
+hadoop domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom" lineno="268">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_domtrans_zookeeper_client" lineno="287">
+<summary>
+Execute zookeeper client in the
+zookeeper client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_zookeeper_client" lineno="308">
+<summary>
+Give permission to a domain to
+recvfrom zookeeper_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_domtrans_zookeeper_server" lineno="327">
+<summary>
+Execute zookeeper server in the
+zookeeper server domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_zookeeper_server" lineno="348">
+<summary>
+Give permission to a domain to
+recvfrom zookeeper_server_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_initrc_domtrans_zookeeper_server" lineno="367">
+<summary>
+Execute zookeeper server in the
+zookeeper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_datanode" lineno="387">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_datanode_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_read_config" lineno="406">
+<summary>
+Give permission to a domain to read
+hadoop_etc_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing read permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_exec_config" lineno="427">
+<summary>
+Give permission to a domain to
+execute hadoop_etc_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing read and execute
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_jobtracker" lineno="448">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_jobtracker_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_match_lan_spd" lineno="468">
+<summary>
+Give permission to a domain to
+polmatch on hadoop_lan_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing polmatch
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_namenode" lineno="488">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_namenode_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_secondarynamenode" lineno="508">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_secondarynamenode_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_tasktracker" lineno="528">
+<summary>
+Give permission to a domain to
+recvfrom hadoop_tasktracker_t
+</summary>
+<param name="domain">
+<summary>
+Domain needing recvfrom
+permission
+</summary>
+</param>
+</interface>
+</module>
+<module name="hal" filename="policy/modules/contrib/hal.if">
+<summary>Hardware abstraction layer</summary>
+<interface name="hal_domtrans" lineno="13">
+<summary>
+Execute hal in the hal domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hal_getattr" lineno="31">
+<summary>
+Get the attributes of a hal process.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_state" lineno="49">
+<summary>
+Read hal system state
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_ptrace" lineno="67">
+<summary>
+Allow ptrace of hal domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_use_fds" lineno="85">
+<summary>
+Allow domain to use file descriptors from hal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_use_fds" lineno="103">
+<summary>
+Do not audit attempts to use file descriptors from hal.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_rw_pipes" lineno="122">
+<summary>
+Allow attempts to read and write to
+hald unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_rw_pipes" lineno="141">
+<summary>
+Do not audit attempts to read and write to
+hald unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_dgram_send" lineno="160">
+<summary>
+Send to hal over a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_stream_connect" lineno="179">
+<summary>
+Send to hal over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_rw_dgram_sockets" lineno="197">
+<summary>
+Dontaudit read/write to a hal unix datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_dbus_send" lineno="215">
+<summary>
+Send a dbus message to hal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dbus_chat" lineno="235">
+<summary>
+Send and receive messages from
+hal over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_domtrans_mac" lineno="255">
+<summary>
+Execute hal mac in the hal mac domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hal_write_log" lineno="274">
+<summary>
+Allow attempts to write the hal
+log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_write_log" lineno="294">
+<summary>
+Do not audit attempts to write the hal
+log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_log" lineno="312">
+<summary>
+Manage hald log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_tmp_files" lineno="332">
+<summary>
+Read hald tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_append_lib_files" lineno="351">
+<summary>
+Do not audit attempts to read or write
+HAL libraries files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_pid_files" lineno="369">
+<summary>
+Read hald PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_rw_pid_files" lineno="388">
+<summary>
+Read/Write hald PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_pid_dirs" lineno="407">
+<summary>
+Manage hald PID dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_pid_files" lineno="426">
+<summary>
+Manage hald PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="hddtemp" filename="policy/modules/contrib/hddtemp.if">
+<summary>hddtemp hard disk temperature tool running as a daemon.</summary>
+<interface name="hddtemp_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run hddtemp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hddtemp_exec" lineno="32">
+<summary>
+Execute hddtemp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hddtemp_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an hddtemp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="howl" filename="policy/modules/contrib/howl.if">
+<summary>Port of Apple Rendezvous multicast DNS</summary>
+<interface name="howl_signal" lineno="13">
+<summary>
+Send generic signals to howl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="i18n_input" filename="policy/modules/contrib/i18n_input.if">
+<summary>IIIMF htt server</summary>
+<interface name="i18n_use" lineno="13">
+<summary>
+Use i18n_input over a TCP connection. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="icecast" filename="policy/modules/contrib/icecast.if">
+<summary> ShoutCast compatible streaming media server</summary>
+<interface name="icecast_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run icecast.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="icecast_signal" lineno="31">
+<summary>
+Allow domain signal icecast
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_initrc_domtrans" lineno="49">
+<summary>
+Execute icecast server in the icecast domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="icecast_read_pid_files" lineno="67">
+<summary>
+Read icecast PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_manage_pid_files" lineno="86">
+<summary>
+Manage icecast pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_read_log" lineno="106">
+<summary>
+Allow the specified domain to read icecast's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="icecast_append_log" lineno="126">
+<summary>
+Allow the specified domain to append
+icecast log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_manage_log" lineno="145">
+<summary>
+Allow domain to manage icecast log files
+</summary>
+<param name="domain">
+<summary>
+Domain allow access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_admin" lineno="171">
+<summary>
+All of the rules required to administrate
+an icecast environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ifplugd" filename="policy/modules/contrib/ifplugd.if">
+<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
+<interface name="ifplugd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ifplugd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_signal" lineno="31">
+<summary>
+Send a generic signal to ifplugd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_read_config" lineno="49">
+<summary>
+Read ifplugd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_manage_config" lineno="68">
+<summary>
+Manage ifplugd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_read_pid_files" lineno="88">
+<summary>
+Read ifplugd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_admin" lineno="114">
+<summary>
+All of the rules required to administrate
+an ifplugd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the ifplugd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="imaze" filename="policy/modules/contrib/imaze.if">
+<summary>iMaze game server</summary>
+</module>
+<module name="inetd" filename="policy/modules/contrib/inetd.if">
+<summary>Internet services daemon.</summary>
+<interface name="inetd_core_service_domain" lineno="27">
+<summary>
+Define the specified domain as a inetd service.
+</summary>
+<desc>
+<p>
+Define the specified domain as a inetd service. The
+inetd_service_domain(), inetd_tcp_service_domain(),
+or inetd_udp_service_domain() interfaces should be used
+instead of this interface, as this interface only provides
+the common rules to these three interfaces.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_tcp_service_domain" lineno="57">
+<summary>
+Define the specified domain as a TCP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_udp_service_domain" lineno="83">
+<summary>
+Define the specified domain as a UDP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_service_domain" lineno="108">
+<summary>
+Define the specified domain as a TCP and UDP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_use_fds" lineno="134">
+<summary>
+Inherit and use file descriptors from inetd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inetd_tcp_connect" lineno="152">
+<summary>
+Connect to the inetd service using a TCP connection. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inetd_domtrans_child" lineno="166">
+<summary>
+Run inetd child process in the inet child domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="inetd_udp_send" lineno="185">
+<summary>
+Send UDP network traffic to inetd. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inetd_rw_tcp_sockets" lineno="199">
+<summary>
+Read and write inetd TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="inn" filename="policy/modules/contrib/inn.if">
+<summary>Internet News NNTP server</summary>
+<interface name="inn_exec" lineno="14">
+<summary>
+Allow the specified domain to execute innd
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_exec_config" lineno="33">
+<summary>
+Allow the specified domain to execute
+inn configuration files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_manage_log" lineno="51">
+<summary>
+Create, read, write, and delete the innd log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_manage_pid" lineno="70">
+<summary>
+Create, read, write, and delete the innd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_config" lineno="91">
+<summary>
+Read innd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_news_lib" lineno="111">
+<summary>
+Read innd news library files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_news_spool" lineno="131">
+<summary>
+Read innd news library files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_dgram_send" lineno="151">
+<summary>
+Send to a innd unix dgram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_domtrans" lineno="169">
+<summary>
+Execute inn in the inn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="inn_admin" lineno="195">
+<summary>
+All of the rules required to administrate
+an inn environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the inn domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="irc" filename="policy/modules/contrib/irc.if">
+<summary>IRC client policy</summary>
+<interface name="irc_role" lineno="18">
+<summary>
+Role access for IRC
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+</module>
+<module name="ircd" filename="policy/modules/contrib/ircd.if">
+<summary>IRC server</summary>
+</module>
+<module name="irqbalance" filename="policy/modules/contrib/irqbalance.if">
+<summary>IRQ balancing daemon</summary>
+</module>
+<module name="iscsi" filename="policy/modules/contrib/iscsi.if">
+<summary>Establish connections to iSCSI devices</summary>
+<interface name="iscsid_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run iscsid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_manage_semaphores" lineno="31">
+<summary>
+Manage iscsid sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_stream_connect" lineno="49">
+<summary>
+Connect to ISCSI using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_read_lib_files" lineno="68">
+<summary>
+Read iscsi lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="jabber" filename="policy/modules/contrib/jabber.if">
+<summary>Jabber instant messaging server</summary>
+<interface name="jabber_tcp_connect" lineno="13">
+<summary>
+Connect to jabber over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="jabber_admin" lineno="34">
+<summary>
+All of the rules required to administrate
+an jabber environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the jabber domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="java" filename="policy/modules/contrib/java.if">
+<summary>Java virtual machine</summary>
+<interface name="java_role" lineno="18">
+<summary>
+Role access for java
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<template name="java_role_template" lineno="63">
+<summary>
+The role template for the java module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for java applications.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<template name="java_domtrans" lineno="108">
+<summary>
+Run java in javaplugin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</template>
+<interface name="java_run" lineno="132">
+<summary>
+Execute java in the java domain, and
+allow the specified role the java domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="java_domtrans_unconfined" lineno="151">
+<summary>
+Execute the java program in the unconfined java domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="java_run_unconfined" lineno="175">
+<summary>
+Execute the java program in the unconfined java domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="java_exec" lineno="194">
+<summary>
+Execute the java program in the java domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_java_execstack" dftval="false">
+<desc>
+<p>
+Allow java executable stack
+</p>
+</desc>
+</tunable>
+</module>
+<module name="kdump" filename="policy/modules/contrib/kdump.if">
+<summary>Kernel crash dumping mechanism</summary>
+<interface name="kdump_domtrans" lineno="13">
+<summary>
+Execute kdump in the kdump domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kdump_initrc_domtrans" lineno="32">
+<summary>
+Execute kdump in the kdump domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kdump_read_config" lineno="50">
+<summary>
+Read kdump configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kdump_manage_config" lineno="69">
+<summary>
+Manage kdump configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kdump_admin" lineno="95">
+<summary>
+All of the rules required to administrate
+an kdump environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the kdump domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="kdumpgui" filename="policy/modules/contrib/kdumpgui.if">
+<summary>system-config-kdump GUI</summary>
+</module>
+<module name="kerberos" filename="policy/modules/contrib/kerberos.if">
+<summary>MIT Kerberos admin and KDC</summary>
+<desc>
+<p>
+This policy supports:
+</p>
+<p>
+Servers:
+<ul>
+<li>kadmind</li>
+<li>krb5kdc</li>
+</ul>
+</p>
+<p>
+Clients:
+<ul>
+<li>kinit</li>
+<li>kdestroy</li>
+<li>klist</li>
+<li>ksu (incomplete)</li>
+</ul>
+</p>
+</desc>
+<interface name="kerberos_exec_kadmind" lineno="34">
+<summary>
+Execute kadmind in the current domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_domtrans_kpropd" lineno="52">
+<summary>
+Execute a domain transition to run kpropd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_use" lineno="70">
+<summary>
+Use kerberos services
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_read_config" lineno="131">
+<summary>
+Read the kerberos configuration file (/etc/krb5.conf).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_dontaudit_write_config" lineno="152">
+<summary>
+Do not audit attempts to write the kerberos
+configuration file (/etc/krb5.conf).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_rw_config" lineno="171">
+<summary>
+Read and write the kerberos configuration file (/etc/krb5.conf).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_read_keytab" lineno="191">
+<summary>
+Read the kerberos key table.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_rw_keytab" lineno="210">
+<summary>
+Read/Write the kerberos key table.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="kerberos_keytab_template" lineno="234">
+<summary>
+Create a derived type for kerberos keytab
+</summary>
+<param name="prefix">
+<summary>
+The prefix to be used for deriving type names.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</template>
+<interface name="kerberos_read_kdc_config" lineno="255">
+<summary>
+Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_manage_host_rcache" lineno="275">
+<summary>
+Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_connect_524" lineno="307">
+<summary>
+Connect to krb524 service
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_admin" lineno="336">
+<summary>
+All of the rules required to administrate
+an kerberos environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the kerberos domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_kerberos" dftval="false">
+<desc>
+<p>
+Allow confined applications to run with kerberos.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="kerneloops" filename="policy/modules/contrib/kerneloops.if">
+<summary>Service for reporting kernel oopses to kerneloops.org</summary>
+<interface name="kerneloops_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run kerneloops.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+kerneloops over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_dontaudit_dbus_chat" lineno="54">
+<summary>
+dontaudit attempts to Send and receive messages from
+kerneloops over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_manage_tmp_files" lineno="74">
+<summary>
+Allow domain to manage kerneloops tmp files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_admin" lineno="100">
+<summary>
+All of the rules required to administrate
+an kerneloops environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the kerneloops domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="kismet" filename="policy/modules/contrib/kismet.if">
+<summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
+<interface name="kismet_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run kismet.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kismet_run" lineno="38">
+<summary>
+Execute kismet in the kismet domain, and
+allow the specified role the kismet domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_read_pid_files" lineno="57">
+<summary>
+Read kismet PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_manage_pid_files" lineno="76">
+<summary>
+Manage kismet var_run files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_search_lib" lineno="95">
+<summary>
+Search kismet lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_read_lib_files" lineno="114">
+<summary>
+Read kismet lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_manage_lib_files" lineno="135">
+<summary>
+Create, read, write, and delete
+kismet lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_manage_lib" lineno="154">
+<summary>
+Manage kismet var_lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_read_log" lineno="175">
+<summary>
+Allow the specified domain to read kismet's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kismet_append_log" lineno="195">
+<summary>
+Allow the specified domain to append
+kismet log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_manage_log" lineno="214">
+<summary>
+Allow domain to manage kismet log files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kismet_admin" lineno="236">
+<summary>
+All of the rules required to administrate an kismet environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ksmtuned" filename="policy/modules/contrib/ksmtuned.if">
+<summary>Kernel Samepage Merging (KSM) Tuning Daemon</summary>
+<interface name="ksmtuned_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ksmtuned.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ksmtuned_initrc_domtrans" lineno="31">
+<summary>
+Execute ksmtuned server in the ksmtuned domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ksmtuned_admin" lineno="56">
+<summary>
+All of the rules required to administrate
+an ksmtuned environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ktalk" filename="policy/modules/contrib/ktalk.if">
+<summary>KDE Talk daemon</summary>
+</module>
+<module name="kudzu" filename="policy/modules/contrib/kudzu.if">
+<summary>Hardware detection and configuration tools</summary>
+<interface name="kudzu_domtrans" lineno="13">
+<summary>
+Execute kudzu in the kudzu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kudzu_run" lineno="38">
+<summary>
+Execute kudzu in the kudzu domain, and
+allow the specified role the kudzu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kudzu_getattr_exec_files" lineno="58">
+<summary>
+Get attributes of kudzu executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ldap" filename="policy/modules/contrib/ldap.if">
+<summary>OpenLDAP directory server</summary>
+<interface name="ldap_list_db" lineno="14">
+<summary>
+Read the contents of the OpenLDAP
+database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_read_config" lineno="33">
+<summary>
+Read the OpenLDAP configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ldap_use" lineno="52">
+<summary>
+Use LDAP over TCP connection. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_stream_connect" lineno="66">
+<summary>
+Connect to slapd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_admin" lineno="93">
+<summary>
+All of the rules required to administrate
+an ldap environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the ldap domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="likewise" filename="policy/modules/contrib/likewise.if">
+<summary>Likewise Active Directory support for UNIX.</summary>
+<desc>
+<p>
+Likewise Open is a free, open source application that joins Linux, Unix,
+and Mac machines to Microsoft Active Directory to securely authenticate
+users with their domain credentials.
+</p>
+</desc>
+<template name="likewise_domain_template" lineno="26">
+<summary>
+The template to define a likewise domain.
+</summary>
+<desc>
+<p>
+This template creates a domain to be used for
+a new likewise daemon.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The type of daemon to be used.
+</summary>
+</param>
+</template>
+<interface name="likewise_stream_connect_lsassd" lineno="98">
+<summary>
+Connect to lsassd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="lircd" filename="policy/modules/contrib/lircd.if">
+<summary>Linux infared remote control daemon</summary>
+<interface name="lircd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run lircd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="lircd_stream_connect" lineno="33">
+<summary>
+Connect to lircd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lircd_read_config" lineno="52">
+<summary>
+Read lircd etc file
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lircd_admin" lineno="77">
+<summary>
+All of the rules required to administrate
+a lircd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the syslog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="livecd" filename="policy/modules/contrib/livecd.if">
+<summary>Livecd tool for building alternate livecd for different os and policy versions.</summary>
+<interface name="livecd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run livecd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="livecd_run" lineno="37">
+<summary>
+Execute livecd in the livecd domain, and
+allow the specified role the livecd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="livecd_read_tmp_files" lineno="56">
+<summary>
+Read livecd temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="livecd_rw_tmp_files" lineno="75">
+<summary>
+Read and write livecd temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="livecd_rw_semaphores" lineno="94">
+<summary>
+Allow read and write access to livecd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="loadkeys" filename="policy/modules/contrib/loadkeys.if">
+<summary>Load keyboard mappings.</summary>
+<interface name="loadkeys_domtrans" lineno="13">
+<summary>
+Execute the loadkeys program in the loadkeys domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="loadkeys_run" lineno="42">
+<summary>
+Execute the loadkeys program in the loadkeys domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the loadkeys domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="loadkeys_exec" lineno="61">
+<summary>
+Execute the loadkeys program in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="lockdev" filename="policy/modules/contrib/lockdev.if">
+<summary>device locking policy for lockdev</summary>
+<interface name="lockdev_role" lineno="18">
+<summary>
+Role access for lockdev
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+</module>
+<module name="logrotate" filename="policy/modules/contrib/logrotate.if">
+<summary>Rotate and archive system logs</summary>
+<interface name="logrotate_domtrans" lineno="13">
+<summary>
+Execute logrotate in the logrotate domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logrotate_run" lineno="39">
+<summary>
+Execute logrotate in the logrotate domain, and
+allow the specified role the logrotate domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logrotate_exec" lineno="58">
+<summary>
+Execute logrotate in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logrotate_use_fds" lineno="77">
+<summary>
+Inherit and use logrotate file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logrotate_dontaudit_use_fds" lineno="95">
+<summary>
+Do not audit attempts to inherit logrotate file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="logrotate_read_tmp_files" lineno="113">
+<summary>
+Read a logrotate temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="logwatch" filename="policy/modules/contrib/logwatch.if">
+<summary>System log analyzer and reporter</summary>
+<interface name="logwatch_read_tmp_files" lineno="13">
+<summary>
+Read logwatch temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logwatch_search_cache_dir" lineno="32">
+<summary>
+Search logwatch cache directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="lpd" filename="policy/modules/contrib/lpd.if">
+<summary>Line printer daemon</summary>
+<interface name="lpd_role" lineno="18">
+<summary>
+Role access for lpd
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="lpd_domtrans_checkpc" lineno="47">
+<summary>
+Execute lpd in the lpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="lpd_run_checkpc" lineno="72">
+<summary>
+Execute amrecover in the lpd domain, and
+allow the specified role the lpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lpd_list_spool" lineno="91">
+<summary>
+List the contents of the printer spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_read_spool" lineno="110">
+<summary>
+Read the printer spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_manage_spool" lineno="129">
+<summary>
+Create, read, write, and delete printer spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_relabel_spool" lineno="150">
+<summary>
+Relabel from and to the spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_read_config" lineno="170">
+<summary>
+List the contents of the printer spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<template name="lpd_domtrans_lpr" lineno="189">
+<summary>
+Transition to a user lpr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</template>
+<interface name="lpd_exec_lpr" lineno="208">
+<summary>
+Allow the specified domain to execute lpr
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="use_lpd_server" dftval="false">
+<desc>
+<p>
+Use lpd server instead of cups
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mailman" filename="policy/modules/contrib/mailman.if">
+<summary>Mailman is for managing electronic mail discussion and e-newsletter lists</summary>
+<template name="mailman_domain_template" lineno="19">
+<summary>
+The template to define a mailmain domain.
+</summary>
+<desc>
+<p>
+This template creates a domain to be used for
+a new mailman daemon.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The type of daemon to be used eg, cgi would give mailman_cgi_
+</summary>
+</param>
+</template>
+<interface name="mailman_domtrans" lineno="103">
+<summary>
+Execute mailman in the mailman domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mailman_domtrans_cgi" lineno="122">
+<summary>
+Execute mailman CGI scripts in the
+mailman CGI domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mailman_exec" lineno="140">
+<summary>
+Execute mailman in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowd access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_signal_cgi" lineno="158">
+<summary>
+Send generic signals to the mailman cgi domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_search_data" lineno="176">
+<summary>
+Allow domain to search data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_data_files" lineno="194">
+<summary>
+Allow domain to to read mailman data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_manage_data_files" lineno="215">
+<summary>
+Allow domain to to create mailman data files
+and write the directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_list_data" lineno="234">
+<summary>
+List the contents of mailman data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_data_symlinks" lineno="252">
+<summary>
+Allow read acces to mailman data symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_log" lineno="270">
+<summary>
+Read mailman logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_append_log" lineno="288">
+<summary>
+Append to mailman logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_manage_log" lineno="307">
+<summary>
+Create, read, write, and delete
+mailman logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_archive" lineno="326">
+<summary>
+Allow domain to read mailman archive files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_domtrans_queue" lineno="346">
+<summary>
+Execute mailman_queue in the mailman_queue domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mcelog" filename="policy/modules/contrib/mcelog.if">
+<summary>policy for mcelog</summary>
+<interface name="mcelog_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run mcelog.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mediawiki" filename="policy/modules/contrib/mediawiki.if">
+<summary>Mediawiki policy</summary>
+</module>
+<module name="memcached" filename="policy/modules/contrib/memcached.if">
+<summary>high-performance memory object caching system</summary>
+<interface name="memcached_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run memcached.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="memcached_read_pid_files" lineno="32">
+<summary>
+Read memcached PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="memcached_admin" lineno="58">
+<summary>
+All of the rules required to administrate
+an memcached environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the memcached domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="milter" filename="policy/modules/contrib/milter.if">
+<summary>Milter mail filters</summary>
+<template name="milter_template" lineno="14">
+<summary>
+Create a set of derived types for various
+mail filter applications using the milter interface.
+</summary>
+<param name="milter_name">
+<summary>
+The name to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="milter_stream_connect_all" lineno="59">
+<summary>
+MTA communication with milter sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="milter_getattr_all_sockets" lineno="78">
+<summary>
+Allow getattr of milter sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="milter_manage_spamass_state" lineno="97">
+<summary>
+Manage spamassassin milter state
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="modemmanager" filename="policy/modules/contrib/modemmanager.if">
+<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
+<interface name="modemmanager_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run modemmanager.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modemmanager_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+modemmanager over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mojomojo" filename="policy/modules/contrib/mojomojo.if">
+<summary>MojoMojo Wiki</summary>
+<interface name="mojomojo_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an mojomojo environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mono" filename="policy/modules/contrib/mono.if">
+<summary>Run .NET server and client applications on Linux.</summary>
+<template name="mono_role_template" lineno="30">
+<summary>
+The role template for the mono module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for mono applications.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="mono_domtrans" lineno="69">
+<summary>
+Execute the mono program in the mono domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mono_run" lineno="94">
+<summary>
+Execute mono in the mono domain, and
+allow the specified role the mono domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mono_exec" lineno="113">
+<summary>
+Execute the mono program in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mono_rw_shm" lineno="132">
+<summary>
+Read and write to mono shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="monop" filename="policy/modules/contrib/monop.if">
+<summary>Monopoly daemon</summary>
+</module>
+<module name="mozilla" filename="policy/modules/contrib/mozilla.if">
+<summary>Policy for Mozilla and related web browsers</summary>
+<interface name="mozilla_role" lineno="18">
+<summary>
+Role access for mozilla
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="mozilla_read_user_home_files" lineno="62">
+<summary>
+Read mozilla home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_write_user_home_files" lineno="83">
+<summary>
+Write mozilla home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_dontaudit_rw_user_home_files" lineno="102">
+<summary>
+Dontaudit attempts to read/write mozilla home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_dontaudit_manage_user_home_files" lineno="120">
+<summary>
+Dontaudit attempts to write mozilla home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_exec_user_home_files" lineno="139">
+<summary>
+Execute mozilla home directory content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_execmod_user_home_files" lineno="157">
+<summary>
+Execmod mozilla home directory content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_domtrans" lineno="175">
+<summary>
+Run mozilla in the mozilla domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_domtrans_plugin" lineno="193">
+<summary>
+Execute a domain transition to run mozilla_plugin.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_run_plugin" lineno="219">
+<summary>
+Execute mozilla_plugin in the mozilla_plugin domain, and
+allow the specified role the mozilla_plugin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed the mozilla_plugin domain.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_dbus_chat" lineno="239">
+<summary>
+Send and receive messages from
+mozilla over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_rw_tcp_sockets" lineno="259">
+<summary>
+read/write mozilla per user tcp_socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mozilla_plugin_read_tmpfs_files" lineno="277">
+<summary>
+Read mozilla_plugin tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="mozilla_plugin_delete_tmpfs_files" lineno="295">
+<summary>
+Delete mozilla_plugin tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<tunable name="mozilla_read_content" dftval="false">
+<desc>
+<p>
+Allow confined web browsers to read home directory content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mpd" filename="policy/modules/contrib/mpd.if">
+<summary>Music Player Daemon</summary>
+<interface name="mpd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run mpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mpd_initrc_domtrans" lineno="31">
+<summary>
+Execute mpd server in the mpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_data_files" lineno="49">
+<summary>
+Read mpd data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_data_files" lineno="68">
+<summary>
+Manage mpd data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_tmpfs_files" lineno="87">
+<summary>
+Read mpd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_tmpfs_files" lineno="106">
+<summary>
+Manage mpd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_search_lib" lineno="126">
+<summary>
+Search mpd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_lib_files" lineno="145">
+<summary>
+Read mpd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_lib_files" lineno="165">
+<summary>
+Create, read, write, and delete
+mpd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_var_lib_filetrans" lineno="195">
+<summary>
+Create an object in the root directory, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_lib_dirs" lineno="214">
+<summary>
+Manage mpd lib dirs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_admin" lineno="240">
+<summary>
+All of the rules required to administrate
+an mpd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mplayer" filename="policy/modules/contrib/mplayer.if">
+<summary>Mplayer media player and encoder</summary>
+<interface name="mplayer_role" lineno="18">
+<summary>
+Role access for mplayer
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="mplayer_domtrans" lineno="60">
+<summary>
+Run mplayer in mplayer domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mplayer_exec" lineno="79">
+<summary>
+Execute mplayer in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mplayer_read_user_home_files" lineno="97">
+<summary>
+Read mplayer per user homedir
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_mplayer_execstack" dftval="false">
+<desc>
+<p>
+Allow mplayer executable stack
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mrtg" filename="policy/modules/contrib/mrtg.if">
+<summary>Network traffic graphing</summary>
+<interface name="mrtg_append_create_logs" lineno="13">
+<summary>
+Create and append mrtg logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mta" filename="policy/modules/contrib/mta.if">
+<summary>Policy common to all email tranfer agents.</summary>
+<interface name="mta_stub" lineno="13">
+<summary>
+MTA stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="mta_base_mail_template" lineno="41">
+<summary>
+Basic mail transfer agent domain template.
+</summary>
+<desc>
+<p>
+This template creates a derived domain which is
+a email transfer agent, which sends mail on
+behalf of the user.
+</p>
+<p>
+This is the basic types and rules, common
+to the system agent and user agents.
+</p>
+</desc>
+<param name="domain_prefix">
+<summary>
+The prefix of the domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<interface name="mta_role" lineno="162">
+<summary>
+Role access for mta
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver" lineno="194">
+<summary>
+Make the specified domain usable for a mail server.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail server domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="mta_agent_executable" lineno="213">
+<summary>
+Make the specified type a MTA executable file.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail client.
+</summary>
+</param>
+</interface>
+<interface name="mta_system_content" lineno="233">
+<summary>
+Make the specified type by a system MTA.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail client.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_mailserver" lineno="266">
+<summary>
+Modified mailserver interface for
+sendmail daemon use.
+</summary>
+<desc>
+<p>
+A modified MTA mail server interface for
+the sendmail program. It's design does
+not fit well with policy, and using the
+regular interface causes a type_transition
+conflict if direct running of init scripts
+is enabled.
+</p>
+<p>
+This interface should most likely only be used
+by the sendmail policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type to be used for the mail server.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_sender" lineno="287">
+<summary>
+Make a type a mailserver type used
+for sending mail.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for sending mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_delivery" lineno="306">
+<summary>
+Make a type a mailserver type used
+for delivering mail to local users.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for delivering mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_user_agent" lineno="327">
+<summary>
+Make a type a mailserver type used
+for sending mail on behalf of local
+users to the local mail spool.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for sending local mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_send_mail" lineno="351">
+<summary>
+Send mail from the system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_domtrans" lineno="392">
+<summary>
+Execute send mail in a specified domain.
+</summary>
+<desc>
+<p>
+Execute send mail in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="mta_signal_system_mail" lineno="413">
+<summary>
+Send system mail client a signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_exec" lineno="431">
+<summary>
+Execute sendmail in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_config" lineno="450">
+<summary>
+Read mail server configuration.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_write_config" lineno="472">
+<summary>
+write mail server configuration.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_read_aliases" lineno="490">
+<summary>
+Read mail address aliases.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_aliases" lineno="509">
+<summary>
+Create, read, write, and delete mail address aliases.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_etc_filetrans_aliases" lineno="530">
+<summary>
+Type transition files created in /etc
+to the mail address aliases type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_aliases" lineno="549">
+<summary>
+Read and write mail aliases.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="569">
+<summary>
+Do not audit attempts to read and write TCP
+sockets of mail delivery domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_tcp_connect_all_mailservers" lineno="587">
+<summary>
+Connect to all mail servers over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_read_spool_symlinks" lineno="602">
+<summary>
+Do not audit attempts to read a symlink
+in the mail spool.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_getattr_spool" lineno="620">
+<summary>
+Get the attributes of mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_getattr_spool_files" lineno="642">
+<summary>
+Do not audit attempts to get the attributes
+of mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_spool_filetrans" lineno="674">
+<summary>
+Create private objects in the
+mail spool directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_spool" lineno="693">
+<summary>
+Read and write the mail spool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_append_spool" lineno="715">
+<summary>
+Create, read, and write the mail spool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_delete_spool" lineno="737">
+<summary>
+Delete from the mail spool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_spool" lineno="756">
+<summary>
+Create, read, write, and delete mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_search_queue" lineno="777">
+<summary>
+Search mail queue dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_list_queue" lineno="796">
+<summary>
+List the mail queue.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_queue" lineno="815">
+<summary>
+Read the mail queue.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_rw_queue" lineno="835">
+<summary>
+Do not audit attempts to read and
+write the mail queue.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_queue" lineno="855">
+<summary>
+Create, read, write, and delete
+mail queue files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_sendmail_bin" lineno="876">
+<summary>
+Read sendmail binary.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_user_mail_stream_sockets" lineno="895">
+<summary>
+Read and write unix domain stream sockets
+of user mail domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="munin" filename="policy/modules/contrib/munin.if">
+<summary>Munin network-wide load graphing (formerly LRRD)</summary>
+<template name="munin_plugin_template" lineno="14">
+<summary>
+Create a set of derived types for various
+munin plugins,
+</summary>
+<param name="prefix">
+<summary>
+The name to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="munin_stream_connect" lineno="63">
+<summary>
+Connect to munin over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_read_config" lineno="84">
+<summary>
+Read munin configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="munin_append_log" lineno="106">
+<summary>
+Append to the munin log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="munin_search_lib" lineno="126">
+<summary>
+Search munin library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_dontaudit_search_lib" lineno="146">
+<summary>
+Do not audit attempts to search
+munin library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="munin_admin" lineno="171">
+<summary>
+All of the rules required to administrate
+an munin environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the munin domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mysql" filename="policy/modules/contrib/mysql.if">
+<summary>Policy for MySQL</summary>
+<interface name="mysql_domtrans" lineno="13">
+<summary>
+Execute MySQL in the mysql domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mysql_signal" lineno="31">
+<summary>
+Send a generic signal to MySQL.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_tcp_connect" lineno="49">
+<summary>
+Allow the specified domain to connect to postgresql with a tcp socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_stream_connect" lineno="71">
+<summary>
+Connect to MySQL using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mysql_read_config" lineno="91">
+<summary>
+Read MySQL configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mysql_search_db" lineno="114">
+<summary>
+Search the directories that contain MySQL
+database storage.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_rw_db_dirs" lineno="133">
+<summary>
+Read and write to the MySQL database directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_manage_db_dirs" lineno="152">
+<summary>
+Create, read, write, and delete MySQL database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_append_db_files" lineno="171">
+<summary>
+Append to the MySQL database directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_rw_db_files" lineno="190">
+<summary>
+Read and write to the MySQL database directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_manage_db_files" lineno="209">
+<summary>
+Create, read, write, and delete MySQL database files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_rw_db_sockets" lineno="229">
+<summary>
+Read and write to the MySQL database
+named socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_write_log" lineno="249">
+<summary>
+Write to the MySQL log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_domtrans_mysql_safe" lineno="268">
+<summary>
+Execute MySQL server in the mysql domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mysql_read_pid_files" lineno="286">
+<summary>
+Read MySQL PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_search_pid_files" lineno="306">
+<summary>
+Search MySQL PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="mysql_admin" lineno="330">
+<summary>
+All of the rules required to administrate an mysql environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the mysql domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="mysql_connect_any" dftval="false">
+<desc>
+<p>
+Allow mysqld to connect to all ports
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nagios" filename="policy/modules/contrib/nagios.if">
+<summary>Net Saint / NAGIOS - network monitoring server</summary>
+<template name="nagios_plugin_template" lineno="14">
+<summary>
+Create a set of derived types for various
+nagios plugins,
+</summary>
+<param name="plugins_group_name">
+<summary>
+The name to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="nagios_dontaudit_rw_pipes" lineno="54">
+<summary>
+Do not audit attempts to read or write nagios
+unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nagios_read_config" lineno="74">
+<summary>
+Allow the specified domain to read
+nagios configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nagios_read_log" lineno="94">
+<summary>
+Read nagios logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_dontaudit_rw_log" lineno="113">
+<summary>
+Do not audit attempts to read or write nagios logs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="nagios_search_spool" lineno="131">
+<summary>
+Search nagios spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_read_tmp_files" lineno="151">
+<summary>
+Allow the specified domain to read
+nagios temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_domtrans_nrpe" lineno="171">
+<summary>
+Execute the nagios NRPE with
+a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nagios_admin" lineno="196">
+<summary>
+All of the rules required to administrate
+an nagios environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the nagios domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ncftool" filename="policy/modules/contrib/ncftool.if">
+<summary>Netcf network configuration tool (ncftool).</summary>
+<interface name="ncftool_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ncftool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ncftool_run" lineno="37">
+<summary>
+Execute ncftool in the ncftool domain, and
+allow the specified role the ncftool domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed the ncftool domain.
+</summary>
+</param>
+</interface>
+</module>
+<module name="nessus" filename="policy/modules/contrib/nessus.if">
+<summary>Nessus network scanning daemon</summary>
+<interface name="nessus_tcp_connect" lineno="13">
+<summary>
+Connect to nessus over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="networkmanager" filename="policy/modules/contrib/networkmanager.if">
+<summary>Manager for dynamically switching between networks.</summary>
+<interface name="networkmanager_rw_udp_sockets" lineno="14">
+<summary>
+Read and write NetworkManager UDP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_rw_packet_sockets" lineno="33">
+<summary>
+Read and write NetworkManager packet sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_attach_tun_iface" lineno="51">
+<summary>
+Allow caller to relabel tun_socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_rw_routing_sockets" lineno="72">
+<summary>
+Read and write NetworkManager netlink
+routing sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_domtrans" lineno="90">
+<summary>
+Execute NetworkManager with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_initrc_domtrans" lineno="109">
+<summary>
+Execute NetworkManager scripts with an automatic domain transition to initrc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_dbus_chat" lineno="128">
+<summary>
+Send and receive messages from
+NetworkManager over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_signal" lineno="148">
+<summary>
+Send a generic signal to NetworkManager
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_lib_files" lineno="166">
+<summary>
+Read NetworkManager lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_pid_files" lineno="186">
+<summary>
+Read NetworkManager PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="nis" filename="policy/modules/contrib/nis.if">
+<summary>Policy for NIS (YP) servers and clients</summary>
+<interface name="nis_use_ypbind_uncond" lineno="26">
+<summary>
+Use the ypbind service to access NIS services
+unconditionally.
+</summary>
+<desc>
+<p>
+Use the ypbind service to access NIS services
+unconditionally.
+</p>
+<p>
+This interface was added because of apache and
+spamassassin, to fix a nested conditionals problem.
+When that support is added, this should be removed,
+and the regular interface should be used.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_use_ypbind" lineno="90">
+<summary>
+Use the ypbind service to access NIS services.
+</summary>
+<desc>
+<p>
+Allow the specified domain to use the ypbind service
+to access Network Information Service (NIS) services.
+Information that can be retreived from NIS includes
+usernames, passwords, home directories, and groups.
+If the network is configured to have a single sign-on
+using NIS, it is likely that any program that does
+authentication will need this access.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+<rolecap/>
+</interface>
+<interface name="nis_authenticate" lineno="107">
+<summary>
+Use the nis to authenticate passwords
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nis_domtrans_ypbind" lineno="125">
+<summary>
+Execute ypbind in the ypbind domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_run_ypbind" lineno="151">
+<summary>
+Execute ypbind in the ypbind domain, and
+allow the specified role the ypbind domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nis_signal_ypbind" lineno="170">
+<summary>
+Send generic signals to ypbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_list_var_yp" lineno="188">
+<summary>
+List the contents of the NIS data directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_udp_send_ypbind" lineno="207">
+<summary>
+Send UDP network traffic to NIS clients. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_tcp_connect_ypbind" lineno="221">
+<summary>
+Connect to ypbind over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_read_ypbind_pid" lineno="235">
+<summary>
+Read ypbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_delete_ypbind_pid" lineno="254">
+<summary>
+Delete ypbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_read_ypserv_config" lineno="273">
+<summary>
+Read ypserv configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_domtrans_ypxfr" lineno="292">
+<summary>
+Execute ypxfr in the ypxfr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_initrc_domtrans" lineno="312">
+<summary>
+Execute nis server in the nis domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_initrc_domtrans_ypbind" lineno="330">
+<summary>
+Execute nis server in the nis domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_admin" lineno="355">
+<summary>
+All of the rules required to administrate
+an nis environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nscd" filename="policy/modules/contrib/nscd.if">
+<summary>Name service cache daemon</summary>
+<interface name="nscd_signal" lineno="13">
+<summary>
+Send generic signals to NSCD.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_kill" lineno="31">
+<summary>
+Send NSCD the kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_signull" lineno="49">
+<summary>
+Send signulls to NSCD.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_domtrans" lineno="67">
+<summary>
+Execute NSCD in the nscd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nscd_exec" lineno="87">
+<summary>
+Allow the specified domain to execute nscd
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_socket_use" lineno="106">
+<summary>
+Use NSCD services by connecting using
+a unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_shm_use" lineno="133">
+<summary>
+Use NSCD services by mapping the database from
+an inherited NSCD file descriptor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_dontaudit_search_pid" lineno="166">
+<summary>
+Do not audit attempts to search the NSCD pid directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="nscd_read_pid" lineno="184">
+<summary>
+Read NSCD pid file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_unconfined" lineno="203">
+<summary>
+Unconfined access to NSCD services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_run" lineno="228">
+<summary>
+Execute nscd in the nscd domain, and
+allow the specified role the nscd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_initrc_domtrans" lineno="247">
+<summary>
+Execute the nscd server init script.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nscd_admin" lineno="272">
+<summary>
+All of the rules required to administrate
+an nscd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the nscd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nsd" filename="policy/modules/contrib/nsd.if">
+<summary>Authoritative only name server</summary>
+<interface name="nsd_udp_chat" lineno="13">
+<summary>
+Send and receive datagrams from NSD. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nsd_tcp_connect" lineno="27">
+<summary>
+Connect to NSD over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="nslcd" filename="policy/modules/contrib/nslcd.if">
+<summary>nslcd - local LDAP name service daemon.</summary>
+<interface name="nslcd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run nslcd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_initrc_domtrans" lineno="31">
+<summary>
+Execute nslcd server in the nslcd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_read_pid_files" lineno="49">
+<summary>
+Read nslcd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_stream_connect" lineno="68">
+<summary>
+Connect to nslcd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_admin" lineno="94">
+<summary>
+All of the rules required to administrate
+an nslcd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ntop" filename="policy/modules/contrib/ntop.if">
+<summary>Network Top</summary>
+</module>
+<module name="ntp" filename="policy/modules/contrib/ntp.if">
+<summary>Network time protocol daemon</summary>
+<interface name="ntp_stub" lineno="13">
+<summary>
+NTP stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_domtrans" lineno="29">
+<summary>
+Execute ntp server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_run" lineno="55">
+<summary>
+Execute ntp in the ntp domain, and
+allow the specified role the ntp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ntp_domtrans_ntpdate" lineno="74">
+<summary>
+Execute ntp server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_initrc_domtrans" lineno="93">
+<summary>
+Execute ntp server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_rw_shm" lineno="111">
+<summary>
+Read and write ntpd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_admin" lineno="140">
+<summary>
+All of the rules required to administrate
+an ntp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the ntp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nut" filename="policy/modules/contrib/nut.if">
+<summary>nut - Network UPS Tools </summary>
+</module>
+<module name="nx" filename="policy/modules/contrib/nx.if">
+<summary>NX remote desktop</summary>
+<interface name="nx_spec_domtrans_server" lineno="13">
+<summary>
+Transition to NX server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nx_read_home_files" lineno="31">
+<summary>
+Read nx home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nx_search_var_lib" lineno="50">
+<summary>
+Read nx /var/lib content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nx_var_lib_filetrans" lineno="79">
+<summary>
+Create an object in the root directory, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+</module>
+<module name="oav" filename="policy/modules/contrib/oav.if">
+<summary>Open AntiVirus scannerdaemon and signature update</summary>
+<interface name="oav_domtrans_update" lineno="13">
+<summary>
+Execute oav_update in the oav_update domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oav_run_update" lineno="39">
+<summary>
+Execute oav_update in the oav_update domain, and
+allow the specified role the oav_update domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="oddjob" filename="policy/modules/contrib/oddjob.if">
+<summary>
+Oddjob provides a mechanism by which unprivileged applications can
+request that specified privileged operations be performed on their
+behalf.
+</summary>
+<interface name="oddjob_domtrans" lineno="17">
+<summary>
+Execute a domain transition to run oddjob.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_system_entry" lineno="41">
+<summary>
+Make the specified program domain accessable
+from the oddjob.
+</summary>
+<param name="domain">
+<summary>
+The type of the process to transition to.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type of the file used as an entrypoint to this domain.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_dbus_chat" lineno="60">
+<summary>
+Send and receive messages from
+oddjob over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_domtrans_mkhomedir" lineno="80">
+<summary>
+Execute a domain transition to run oddjob_mkhomedir.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_run_mkhomedir" lineno="104">
+<summary>
+Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="oident" filename="policy/modules/contrib/oident.if">
+<summary>SELinux policy for Oident daemon.</summary>
+<desc>
+<p>
+Oident daemon is a server that implements the TCP/IP
+standard IDENT user identification protocol as
+specified in the RFC 1413 document.
+</p>
+</desc>
+<interface name="oident_read_user_content" lineno="21">
+<summary>
+Allow the specified domain to read
+Oidentd personal configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oident_manage_user_content" lineno="41">
+<summary>
+Allow the specified domain to create, read, write, and delete
+Oidentd personal configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oident_relabel_user_content" lineno="61">
+<summary>
+Allow the specified domain to relabel
+Oidentd personal configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="openca" filename="policy/modules/contrib/openca.if">
+<summary>OpenCA - Open Certificate Authority</summary>
+<interface name="openca_domtrans" lineno="14">
+<summary>
+Execute the OpenCA program with
+a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openca_signal" lineno="34">
+<summary>
+Send OpenCA generic signals.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openca_sigstop" lineno="52">
+<summary>
+Send OpenCA stop signals.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openca_kill" lineno="70">
+<summary>
+Kill OpenCA.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="openct" filename="policy/modules/contrib/openct.if">
+<summary>Service for handling smart card readers.</summary>
+<interface name="openct_signull" lineno="13">
+<summary>
+Send openct a null signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_exec" lineno="31">
+<summary>
+Execute openct in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_domtrans" lineno="50">
+<summary>
+Execute a domain transition to run openct.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openct_read_pid_files" lineno="69">
+<summary>
+Read openct PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_stream_connect" lineno="88">
+<summary>
+Connect to openct over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="openvpn" filename="policy/modules/contrib/openvpn.if">
+<summary>full-featured SSL VPN solution</summary>
+<interface name="openvpn_domtrans" lineno="13">
+<summary>
+Execute OPENVPN clients in the openvpn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_run" lineno="38">
+<summary>
+Execute OPENVPN clients in the openvpn domain, and
+allow the specified role the openvpn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="openvpn_kill" lineno="57">
+<summary>
+Send OPENVPN clients the kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_signal" lineno="75">
+<summary>
+Send generic signals to OPENVPN clients.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_signull" lineno="93">
+<summary>
+Send signulls to OPENVPN clients.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_read_config" lineno="113">
+<summary>
+Allow the specified domain to read
+OpenVPN configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="openvpn_admin" lineno="141">
+<summary>
+All of the rules required to administrate
+an openvpn environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the openvpn domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="openvpn_enable_homedirs" dftval="false">
+<desc>
+<p>
+Allow openvpn to read home directories
+</p>
+</desc>
+</tunable>
+</module>
+<module name="pads" filename="policy/modules/contrib/pads.if">
+<summary>Passive Asset Detection System</summary>
+<desc>
+<p>
+PADS is a libpcap based detection engine used to
+passively detect network assets. It is designed to
+complement IDS technology by providing context to IDS
+alerts.
+</p>
+</desc>
+<interface name="pads_admin" lineno="28">
+<summary>
+All of the rules required to administrate
+an pads environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="passenger" filename="policy/modules/contrib/passenger.if">
+<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
+<interface name="passenger_domtrans" lineno="13">
+<summary>
+Execute passenger in the passenger domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="passenger_read_lib_files" lineno="31">
+<summary>
+Read passenger lib files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="pcmcia" filename="policy/modules/contrib/pcmcia.if">
+<summary>PCMCIA card management services</summary>
+<interface name="pcmcia_stub" lineno="13">
+<summary>
+PCMCIA stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_domtrans_cardmgr" lineno="29">
+<summary>
+Execute cardmgr in the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_use_cardmgr_fds" lineno="47">
+<summary>
+Inherit and use file descriptors from cardmgr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_domtrans_cardctl" lineno="65">
+<summary>
+Execute cardctl in the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_run_cardctl" lineno="90">
+<summary>
+Execute cardmgr in the cardctl domain, and
+allow the specified role the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="pcmcia_read_pid" lineno="109">
+<summary>
+Read cardmgr pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_manage_pid" lineno="129">
+<summary>
+Create, read, write, and delete
+cardmgr pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_manage_pid_chr_files" lineno="149">
+<summary>
+Create, read, write, and delete
+cardmgr runtime character nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="pcscd" filename="policy/modules/contrib/pcscd.if">
+<summary>PCSC smart card service</summary>
+<interface name="pcscd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run pcscd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_read_pub_files" lineno="31">
+<summary>
+Read pcscd pub files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_manage_pub_files" lineno="50">
+<summary>
+Manage pcscd pub files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_manage_pub_pipes" lineno="69">
+<summary>
+Manage pcscd pub fifo files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_stream_connect" lineno="88">
+<summary>
+Connect to pcscd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="pegasus" filename="policy/modules/contrib/pegasus.if">
+<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+</module>
+<module name="perdition" filename="policy/modules/contrib/perdition.if">
+<summary>Perdition POP and IMAP proxy</summary>
+<interface name="perdition_tcp_connect" lineno="13">
+<summary>
+Connect to perdition over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="pingd" filename="policy/modules/contrib/pingd.if">
+<summary>Pingd of the Whatsup cluster node up/down detection utility</summary>
+<interface name="pingd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run pingd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pingd_read_config" lineno="31">
+<summary>
+Read pingd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pingd_manage_config" lineno="50">
+<summary>
+Manage pingd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pingd_admin" lineno="78">
+<summary>
+All of the rules required to administrate
+an pingd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the pingd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="plymouthd" filename="policy/modules/contrib/plymouthd.if">
+<summary>Plymouth graphical boot</summary>
+<interface name="plymouthd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run plymouthd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_exec" lineno="31">
+<summary>
+Execute the plymoth daemon in the current domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_stream_connect" lineno="50">
+<summary>
+Allow domain to Stream socket connect
+to Plymouth daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_exec_plymouth" lineno="68">
+<summary>
+Execute the plymoth command in the current domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_domtrans_plymouth" lineno="86">
+<summary>
+Execute a domain transition to run plymouthd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_search_spool" lineno="104">
+<summary>
+Search plymouthd spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_spool_files" lineno="123">
+<summary>
+Read plymouthd spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_manage_spool_files" lineno="143">
+<summary>
+Create, read, write, and delete
+plymouthd spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_search_lib" lineno="162">
+<summary>
+Search plymouthd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_lib_files" lineno="181">
+<summary>
+Read plymouthd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_manage_lib_files" lineno="201">
+<summary>
+Create, read, write, and delete
+plymouthd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_pid_files" lineno="220">
+<summary>
+Read plymouthd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_admin" lineno="246">
+<summary>
+All of the rules required to administrate
+an plymouthd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="podsleuth" filename="policy/modules/contrib/podsleuth.if">
+<summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM)</summary>
+<interface name="podsleuth_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run podsleuth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="podsleuth_run" lineno="38">
+<summary>
+Execute podsleuth in the podsleuth domain, and
+allow the specified role the podsleuth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="policykit" filename="policy/modules/contrib/policykit.if">
+<summary>Policy framework for controlling privileges for system-wide services.</summary>
+<interface name="policykit_dbus_chat" lineno="14">
+<summary>
+Send and receive messages from
+policykit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_auth" lineno="34">
+<summary>
+Execute a domain transition to run polkit_auth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_run_auth" lineno="58">
+<summary>
+Execute a policy_auth in the policy_auth domain, and
+allow the specified role the policy_auth domain,
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_grant" lineno="77">
+<summary>
+Execute a domain transition to run polkit_grant.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_run_grant" lineno="102">
+<summary>
+Execute a policy_grant in the policy_grant domain, and
+allow the specified role the policy_grant domain,
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="policykit_read_reload" lineno="125">
+<summary>
+read policykit reload files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_rw_reload" lineno="144">
+<summary>
+rw policykit reload files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_resolve" lineno="163">
+<summary>
+Execute a domain transition to run polkit_resolve.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_search_lib" lineno="183">
+<summary>
+Search policykit lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_read_lib" lineno="202">
+<summary>
+read policykit lib files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="portage" filename="policy/modules/contrib/portage.if">
+<summary>
+Portage Package Management System. The primary package management and
+distribution system for Gentoo.
+</summary>
+<interface name="portage_domtrans" lineno="16">
+<summary>
+Execute emerge in the portage domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portage_run" lineno="44">
+<summary>
+Execute emerge in the portage domain, and
+allow the specified role the portage domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the portage domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portage_compile_domain" lineno="69">
+<summary>
+Template for portage sandbox.
+</summary>
+<desc>
+<p>
+Template for portage sandbox. Portage
+does all compiling in the sandbox.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain Allowed Access
+</summary>
+</param>
+</interface>
+<interface name="portage_domtrans_fetch" lineno="222">
+<summary>
+Execute tree management functions (fetching, layman, ...)
+in the portage_fetch_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portage_run_fetch" lineno="251">
+<summary>
+Execute tree management functions (fetching, layman, ...)
+in the portage_fetch_t domain, and allow the specified role
+the portage_fetch_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the portage_fetch domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portage_domtrans_gcc_config" lineno="271">
+<summary>
+Execute gcc-config in the gcc_config domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portage_run_gcc_config" lineno="299">
+<summary>
+Execute gcc-config in the gcc_config domain, and
+allow the specified role the gcc_config domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the gcc_config domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portage_dontaudit_use_fds" lineno="319">
+<summary>
+Do not audit attempts to use
+portage file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="portage_dontaudit_search_tmp" lineno="338">
+<summary>
+Do not audit attempts to search the
+portage temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="portage_dontaudit_rw_tmp_files" lineno="357">
+<summary>
+Do not audit attempts to read and write
+the portage temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<tunable name="portage_use_nfs" dftval="false">
+<desc>
+<p>
+Allow the portage domains to use NFS mounts (regular nfs_t)
+</p>
+</desc>
+</tunable>
+</module>
+<module name="portmap" filename="policy/modules/contrib/portmap.if">
+<summary>RPC port mapping service.</summary>
+<interface name="portmap_domtrans_helper" lineno="13">
+<summary>
+Execute portmap_helper in the helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portmap_run_helper" lineno="40">
+<summary>
+Execute portmap helper in the helper domain, and
+allow the specified role the helper domain.
+Communicate with portmap.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portmap_udp_send" lineno="59">
+<summary>
+Send UDP network traffic to portmap. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portmap_udp_chat" lineno="73">
+<summary>
+Send and receive UDP network traffic from portmap. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portmap_tcp_connect" lineno="87">
+<summary>
+Connect to portmap over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="portreserve" filename="policy/modules/contrib/portreserve.if">
+<summary>Reserve well-known ports in the RPC port range.</summary>
+<interface name="portreserve_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run portreserve.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_read_config" lineno="33">
+<summary>
+Allow the specified domain to read
+portreserve etcuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portreserve_manage_config" lineno="55">
+<summary>
+Allow the specified domain to manage
+portreserve etcuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_initrc_domtrans" lineno="76">
+<summary>
+Execute portreserve in the portreserve domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_admin" lineno="101">
+<summary>
+All of the rules required to administrate
+an portreserve environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="portslave" filename="policy/modules/contrib/portslave.if">
+<summary>Portslave terminal server software</summary>
+<interface name="portslave_domtrans" lineno="13">
+<summary>
+Execute portslave with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="postfix" filename="policy/modules/contrib/postfix.if">
+<summary>Postfix email server</summary>
+<interface name="postfix_stub" lineno="13">
+<summary>
+Postfix stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="postfix_domain_template" lineno="30">
+<summary>
+Creates types and rules for a basic
+postfix process domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<template name="postfix_server_domain_template" lineno="112">
+<summary>
+Creates a postfix server process domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix of the domain.
+</summary>
+</param>
+</template>
+<template name="postfix_user_domain_template" lineno="154">
+<summary>
+Creates a process domain for programs
+that are ran by users.
+</summary>
+<param name="prefix">
+<summary>
+Prefix of the domain.
+</summary>
+</param>
+</template>
+<interface name="postfix_read_config" lineno="181">
+<summary>
+Read postfix configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_config_filetrans" lineno="212">
+<summary>
+Create files with the specified type in
+the postfix configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="233">
+<summary>
+Do not audit attempts to read and
+write postfix local delivery
+TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="postfix_rw_local_pipes" lineno="252">
+<summary>
+Allow read/write postfix local pipes
+TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_local_state" lineno="270">
+<summary>
+Allow domain to read postfix local process state
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_master_state" lineno="288">
+<summary>
+Allow domain to read postfix master process state
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_dontaudit_use_fds" lineno="308">
+<summary>
+Do not audit attempts to use
+postfix master process file
+file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_map" lineno="326">
+<summary>
+Execute postfix_map in the postfix_map domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_run_map" lineno="351">
+<summary>
+Execute postfix_map in the postfix_map domain, and
+allow the specified role the postfix_map domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_domtrans_master" lineno="371">
+<summary>
+Execute the master postfix program in the
+postfix_master domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_exec_master" lineno="390">
+<summary>
+Execute the master postfix program in the
+caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_stream_connect_master" lineno="409">
+<summary>
+Connect to postfix master process using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_domtrans_postdrop" lineno="428">
+<summary>
+Execute the master postdrop in the
+postfix_postdrop domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_postqueue" lineno="447">
+<summary>
+Execute the master postqueue in the
+postfix_postqueue domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="posftix_exec_postqueue" lineno="465">
+<summary>
+Execute the master postqueue in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_create_private_sockets" lineno="483">
+<summary>
+Create a named socket in a postfix private directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_manage_private_sockets" lineno="502">
+<summary>
+manage named socket in a postfix private directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_smtp" lineno="522">
+<summary>
+Execute the master postfix program in the
+postfix_master domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_search_spool" lineno="540">
+<summary>
+Search postfix mail spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_list_spool" lineno="559">
+<summary>
+List postfix mail spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_spool_files" lineno="578">
+<summary>
+Read postfix mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_manage_spool_files" lineno="597">
+<summary>
+Create, read, write, and delete postfix mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_user_mail_handler" lineno="617">
+<summary>
+Execute postfix user mail programs
+in their respective domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="postfixpolicyd" filename="policy/modules/contrib/postfixpolicyd.if">
+<summary>Postfix policy server</summary>
+<interface name="postfixpolicyd_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an postfixpolicyd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the postfixpolicyd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="postgrey" filename="policy/modules/contrib/postgrey.if">
+<summary>Postfix grey-listing server</summary>
+<interface name="postgrey_stream_connect" lineno="13">
+<summary>
+Write to postgrey socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgrey_search_spool" lineno="33">
+<summary>
+Search the spool directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgrey_admin" lineno="58">
+<summary>
+All of the rules required to administrate
+an postgrey environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the postgrey domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ppp" filename="policy/modules/contrib/ppp.if">
+<summary>Point to Point Protocol daemon creates links in ppp networks</summary>
+<interface name="ppp_use_fds" lineno="13">
+<summary>
+Use PPP file discriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_dontaudit_use_fds" lineno="32">
+<summary>
+Do not audit attempts to inherit
+and use PPP file discriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ppp_sigchld" lineno="50">
+<summary>
+Send a SIGCHLD signal to PPP.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_kill" lineno="70">
+<summary>
+Send ppp a kill signal
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_signal" lineno="88">
+<summary>
+Send a generic signal to PPP.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_signull" lineno="106">
+<summary>
+Send a generic signull to PPP.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_domtrans" lineno="124">
+<summary>
+Execute domain in the ppp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ppp_run_cond" lineno="149">
+<summary>
+Conditionally execute ppp daemon on behalf of a user or staff type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the ppp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ppp_run" lineno="177">
+<summary>
+Unconditionally execute ppp daemon on behalf of a user or staff type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the ppp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ppp_exec" lineno="196">
+<summary>
+Execute domain in the ppp caller.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_config" lineno="215">
+<summary>
+Read ppp configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_rw_config" lineno="234">
+<summary>
+Read PPP-writable configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_secrets" lineno="254">
+<summary>
+Read PPP secrets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_pid_files" lineno="274">
+<summary>
+Read PPP pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_manage_pid_files" lineno="292">
+<summary>
+Create, read, write, and delete PPP pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_pid_filetrans" lineno="310">
+<summary>
+Create, read, write, and delete PPP pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_initrc_domtrans" lineno="328">
+<summary>
+Execute ppp server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ppp_admin" lineno="348">
+<summary>
+All of the rules required to administrate
+an ppp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="pppd_can_insmod" dftval="false">
+<desc>
+<p>
+Allow pppd to load kernel modules for certain modems
+</p>
+</desc>
+</tunable>
+<tunable name="pppd_for_user" dftval="false">
+<desc>
+<p>
+Allow pppd to be run for a regular user
+</p>
+</desc>
+</tunable>
+</module>
+<module name="prelink" filename="policy/modules/contrib/prelink.if">
+<summary>Prelink ELF shared library mappings.</summary>
+<interface name="prelink_domtrans" lineno="13">
+<summary>
+Execute the prelink program in the prelink domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="prelink_exec" lineno="37">
+<summary>
+Execute the prelink program in the current domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_run" lineno="62">
+<summary>
+Execute the prelink program in the prelink domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the prelink domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="prelink_object_file" lineno="82">
+<summary>
+Make the specified file type prelinkable.
+</summary>
+<param name="file_type">
+<summary>
+File type to be prelinked.
+</summary>
+</param>
+</interface>
+<interface name="prelink_read_cache" lineno="100">
+<summary>
+Read the prelink cache.
+</summary>
+<param name="file_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_delete_cache" lineno="119">
+<summary>
+Delete the prelink cache.
+</summary>
+<param name="file_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_manage_log" lineno="139">
+<summary>
+Create, read, write, and delete
+prelink log files.
+</summary>
+<param name="file_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_manage_lib" lineno="159">
+<summary>
+Create, read, write, and delete
+prelink var_lib files.
+</summary>
+<param name="file_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_relabelfrom_lib" lineno="178">
+<summary>
+Relabel from files in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelink_relabel_lib" lineno="197">
+<summary>
+Relabel from files in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="prelude" filename="policy/modules/contrib/prelude.if">
+<summary>Prelude hybrid intrusion detection system</summary>
+<interface name="prelude_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run prelude.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="prelude_domtrans_audisp" lineno="31">
+<summary>
+Execute a domain transition to run prelude_audisp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="prelude_signal_audisp" lineno="49">
+<summary>
+Signal the prelude_audisp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed acccess.
+</summary>
+</param>
+</interface>
+<interface name="prelude_read_spool" lineno="67">
+<summary>
+Read the prelude spool files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelude_manage_spool" lineno="86">
+<summary>
+Manage to prelude-manager spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelude_admin" lineno="113">
+<summary>
+All of the rules required to administrate
+an prelude environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="privoxy" filename="policy/modules/contrib/privoxy.if">
+<summary>Privacy enhancing web proxy.</summary>
+<interface name="privoxy_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an privoxy environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="privoxy_connect_any" dftval="false">
+<desc>
+<p>
+Allow privoxy to connect to all ports, not just
+HTTP, FTP, and Gopher ports.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="procmail" filename="policy/modules/contrib/procmail.if">
+<summary>Procmail mail delivery agent</summary>
+<interface name="procmail_domtrans" lineno="13">
+<summary>
+Execute procmail with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="procmail_exec" lineno="33">
+<summary>
+Execute procmail in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_read_tmp_files" lineno="53">
+<summary>
+Read procmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_rw_tmp_files" lineno="72">
+<summary>
+Read/write procmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="psad" filename="policy/modules/contrib/psad.if">
+<summary>Intrusion Detection and Log Analysis with iptables</summary>
+<interface name="psad_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run psad.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="psad_signal" lineno="31">
+<summary>
+Send a generic signal to psad
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_signull" lineno="49">
+<summary>
+Send a null signal to psad.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_config" lineno="67">
+<summary>
+Read psad etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_manage_config" lineno="86">
+<summary>
+Manage psad etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_pid_files" lineno="107">
+<summary>
+Read psad PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_rw_pid_files" lineno="126">
+<summary>
+Read psad PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_log" lineno="146">
+<summary>
+Allow the specified domain to read psad's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="psad_append_log" lineno="167">
+<summary>
+Allow the specified domain to append to psad's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="psad_rw_fifo_file" lineno="187">
+<summary>
+Read and write psad fifo files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_rw_tmp_files" lineno="207">
+<summary>
+Read and write psad tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_admin" lineno="233">
+<summary>
+All of the rules required to administrate
+an psad environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the syslog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ptchown" filename="policy/modules/contrib/ptchown.if">
+<summary>helper function for grantpt(3), changes ownship and permissions of pseudotty</summary>
+<interface name="ptchown_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ptchown.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ptchown_run" lineno="37">
+<summary>
+Execute ptchown in the ptchown domain, and
+allow the specified role the ptchown domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="publicfile" filename="policy/modules/contrib/publicfile.if">
+<summary>publicfile supplies files to the public through HTTP and FTP</summary>
+</module>
+<module name="pulseaudio" filename="policy/modules/contrib/pulseaudio.if">
+<summary>Pulseaudio network sound server.</summary>
+<interface name="pulseaudio_role" lineno="18">
+<summary>
+Role access for pulseaudio
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_domtrans" lineno="52">
+<summary>
+Execute a domain transition to run pulseaudio.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_run" lineno="76">
+<summary>
+Execute pulseaudio in the pulseaudio domain, and
+allow the specified role the pulseaudio domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_exec" lineno="95">
+<summary>
+Execute a pulseaudio in the current domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_dontaudit_exec" lineno="113">
+<summary>
+Do not audit to execute a pulseaudio.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_signull" lineno="132">
+<summary>
+Send signull signal to pulseaudio
+processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_stream_connect" lineno="151">
+<summary>
+Connect to pulseaudio over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_dbus_chat" lineno="173">
+<summary>
+Send and receive messages from
+pulseaudio over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_setattr_home_dir" lineno="193">
+<summary>
+Set the attributes of the pulseaudio homedir.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_read_home_files" lineno="211">
+<summary>
+Read pulseaudio homedir files.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_rw_home_files" lineno="231">
+<summary>
+Read and write Pulse Audio files.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_manage_home_files" lineno="252">
+<summary>
+Create, read, write, and delete pulseaudio
+home directory files.
+</summary>
+<param name="user_domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="puppet" filename="policy/modules/contrib/puppet.if">
+<summary>Puppet client daemon</summary>
+<desc>
+<p>
+Puppet is a configuration management system written in Ruby.
+The client daemon is responsible for periodically requesting the
+desired system state from the server and ensuring the state of
+the client system matches.
+</p>
+</desc>
+<interface name="puppet_rw_tmp" lineno="24">
+<summary>
+Read / Write to Puppet temp files. Puppet uses
+some system binaries (groupadd, etc) that run in
+a non-puppet domain and redirects output into temp
+files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="puppet_manage_all_files" dftval="false">
+<desc>
+<p>
+Allow Puppet client to manage all file
+types.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="pxe" filename="policy/modules/contrib/pxe.if">
+<summary>Server for the PXE network boot protocol</summary>
+</module>
+<module name="pyicqt" filename="policy/modules/contrib/pyicqt.if">
+<summary>PyICQt is an ICQ transport for XMPP server.</summary>
+</module>
+<module name="pyzor" filename="policy/modules/contrib/pyzor.if">
+<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
+<interface name="pyzor_role" lineno="18">
+<summary>
+Role access for pyzor
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="pyzor_signal" lineno="44">
+<summary>
+Send generic signals to pyzor
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pyzor_domtrans" lineno="62">
+<summary>
+Execute pyzor with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pyzor_exec" lineno="82">
+<summary>
+Execute pyzor in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="qemu" filename="policy/modules/contrib/qemu.if">
+<summary>QEMU machine emulator and virtualizer</summary>
+<template name="qemu_domain_template" lineno="14">
+<summary>
+Creates types and rules for a basic
+qemu process domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<template name="qemu_role" lineno="127">
+<summary>
+The per role template for the qemu module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for qemu web browser.
+</p>
+<p>
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+</p>
+</desc>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="qemu_domtrans" lineno="150">
+<summary>
+Execute a domain transition to run qemu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qemu_run" lineno="174">
+<summary>
+Execute qemu in the qemu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the qemu domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="qemu_read_state" lineno="195">
+<summary>
+Allow the domain to read state files in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_setsched" lineno="213">
+<summary>
+Set the schedule on qemu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_signal" lineno="231">
+<summary>
+Send a signal to qemu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_kill" lineno="249">
+<summary>
+Send a sigill to qemu
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_domtrans_unconfined" lineno="267">
+<summary>
+Execute a domain transition to run qemu unconfined.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qemu_manage_tmp_dirs" lineno="285">
+<summary>
+Manage qemu temporary dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_manage_tmp_files" lineno="303">
+<summary>
+Manage qemu temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="qemu_full_network" dftval="false">
+<desc>
+<p>
+Allow qemu to connect fully to the network
+</p>
+</desc>
+</tunable>
+<tunable name="qemu_use_cifs" dftval="true">
+<desc>
+<p>
+Allow qemu to use cifs/Samba file systems
+</p>
+</desc>
+</tunable>
+<tunable name="qemu_use_comm" dftval="false">
+<desc>
+<p>
+Allow qemu to use serial/parallel communication ports
+</p>
+</desc>
+</tunable>
+<tunable name="qemu_use_nfs" dftval="true">
+<desc>
+<p>
+Allow qemu to use nfs file systems
+</p>
+</desc>
+</tunable>
+<tunable name="qemu_use_usb" dftval="true">
+<desc>
+<p>
+Allow qemu to use usb devices
+</p>
+</desc>
+</tunable>
+</module>
+<module name="qmail" filename="policy/modules/contrib/qmail.if">
+<summary>Qmail Mail Server</summary>
+<template name="qmail_child_domain_template" lineno="18">
+<summary>
+Template for qmail parent/sub-domain pairs
+</summary>
+<param name="child_prefix">
+<summary>
+The prefix of the child domain
+</summary>
+</param>
+<param name="parent_domain">
+<summary>
+The name of the parent domain.
+</summary>
+</param>
+</template>
+<interface name="qmail_domtrans_inject" lineno="60">
+<summary>
+Transition to qmail_inject_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qmail_domtrans_queue" lineno="86">
+<summary>
+Transition to qmail_queue_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qmail_read_config" lineno="113">
+<summary>
+Read qmail configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="qmail_smtpd_service_domain" lineno="145">
+<summary>
+Define the specified domain as a qmail-smtp service.
+Needed by antivirus/antispam filters.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+</module>
+<module name="qpid" filename="policy/modules/contrib/qpid.if">
+<summary>Apache QPID AMQP messaging server.</summary>
+<interface name="qpidd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run qpidd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_rw_semaphores" lineno="31">
+<summary>
+Allow read and write access to qpidd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_rw_shm" lineno="49">
+<summary>
+Read and write to qpidd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_initrc_domtrans" lineno="67">
+<summary>
+Execute qpidd server in the qpidd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_read_pid_files" lineno="85">
+<summary>
+Read qpidd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_search_lib" lineno="104">
+<summary>
+Search qpidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_read_lib_files" lineno="123">
+<summary>
+Read qpidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_manage_lib_files" lineno="143">
+<summary>
+Create, read, write, and delete
+qpidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_admin" lineno="169">
+<summary>
+All of the rules required to administrate
+an qpidd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="quota" filename="policy/modules/contrib/quota.if">
+<summary>File system quota management</summary>
+<interface name="quota_domtrans" lineno="13">
+<summary>
+Execute quota management tools in the quota domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="quota_run" lineno="39">
+<summary>
+Execute quota management tools in the quota domain, and
+allow the specified role the quota domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="quota_dontaudit_getattr_db" lineno="59">
+<summary>
+Do not audit attempts to get the attributes
+of filesystem quota data files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="quota_manage_flags" lineno="78">
+<summary>
+Create, read, write, and delete quota
+flag files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="radius" filename="policy/modules/contrib/radius.if">
+<summary>RADIUS authentication and accounting server.</summary>
+<interface name="radius_use" lineno="13">
+<summary>
+Use radius over a UDP connection. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="radius_admin" lineno="34">
+<summary>
+All of the rules required to administrate
+an radius environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="radvd" filename="policy/modules/contrib/radvd.if">
+<summary>IPv6 router advertisement daemon</summary>
+<interface name="radvd_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an radvd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="raid" filename="policy/modules/contrib/raid.if">
+<summary>RAID array management tools</summary>
+<interface name="raid_domtrans_mdadm" lineno="13">
+<summary>
+Execute software raid tools in the mdadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="raid_run_mdadm" lineno="39">
+<summary>
+Execute a domain transition to mdadm_t for the
+specified role, allowing it to use the mdadm_t
+domain
+</summary>
+<param name="role">
+<summary>
+Role allowed to access mdadm_t domain
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed to transition to mdadm_t
+</summary>
+</param>
+</interface>
+<interface name="raid_manage_mdadm_pid" lineno="66">
+<summary>
+Create, read, write, and delete the mdadm pid files.
+</summary>
+<desc>
+<p>
+Create, read, write, and delete the mdadm pid files.
+</p>
+<p>
+Added for use in the init module.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="razor" filename="policy/modules/contrib/razor.if">
+<summary>A distributed, collaborative, spam detection and filtering network.</summary>
+<desc>
+<p>
+A distributed, collaborative, spam detection and filtering network.
+</p>
+<p>
+This policy will work with either the ATrpms provided config
+file in /etc/razor, or with the default of dumping everything into
+$HOME/.razor.
+</p>
+</desc>
+<template name="razor_common_domain_template" lineno="25">
+<summary>
+Template to create types and rules common to
+all razor domains.
+</summary>
+<param name="prefix">
+<summary>
+The prefix of the domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<interface name="razor_role" lineno="121">
+<summary>
+Role access for razor
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="razor_domtrans" lineno="153">
+<summary>
+Execute razor in the system razor domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rdisc" filename="policy/modules/contrib/rdisc.if">
+<summary>Network router discovery daemon</summary>
+<interface name="rdisc_exec" lineno="13">
+<summary>
+Execute rdisc in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="readahead" filename="policy/modules/contrib/readahead.if">
+<summary>Readahead, read files into page cache for improved performance</summary>
+</module>
+<module name="remotelogin" filename="policy/modules/contrib/remotelogin.if">
+<summary>Policy for rshd, rlogind, and telnetd.</summary>
+<interface name="remotelogin_domtrans" lineno="13">
+<summary>
+Domain transition to the remote login domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="remotelogin_signal" lineno="31">
+<summary>
+allow Domain to signal remote login domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="resmgr" filename="policy/modules/contrib/resmgr.if">
+<summary>Resource management daemon</summary>
+<interface name="resmgr_stream_connect" lineno="14">
+<summary>
+Connect to resmgrd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rgmanager" filename="policy/modules/contrib/rgmanager.if">
+<summary>rgmanager - Resource Group Manager</summary>
+<interface name="rgmanager_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rgmanager.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_stream_connect" lineno="32">
+<summary>
+Connect to rgmanager over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_manage_tmp_files" lineno="51">
+<summary>
+Allow manage rgmanager tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_manage_tmpfs_files" lineno="70">
+<summary>
+Allow manage rgmanager tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="rgmanager_can_network_connect" dftval="false">
+<desc>
+<p>
+Allow rgmanager domain to connect to the network using TCP.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rhcs" filename="policy/modules/contrib/rhcs.if">
+<summary>RHCS - Red Hat Cluster Suite</summary>
+<template name="rhcs_domain_template" lineno="14">
+<summary>
+Creates types and rules for a basic
+rhcs init daemon domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<interface name="rhcs_domtrans_dlm_controld" lineno="67">
+<summary>
+Execute a domain transition to run dlm_controld.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_dlm_controld" lineno="87">
+<summary>
+Connect to dlm_controld over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_dlm_controld_semaphores" lineno="106">
+<summary>
+Allow read and write access to dlm_controld semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_fenced" lineno="127">
+<summary>
+Execute a domain transition to run fenced.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_fenced_semaphores" lineno="146">
+<summary>
+Allow read and write access to fenced semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_fenced" lineno="167">
+<summary>
+Connect to fenced over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_gfs_controld" lineno="187">
+<summary>
+Execute a domain transition to run gfs_controld.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_gfs_controld_semaphores" lineno="206">
+<summary>
+Allow read and write access to gfs_controld semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_gfs_controld_shm" lineno="227">
+<summary>
+Read and write to gfs_controld_t shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_gfs_controld" lineno="248">
+<summary>
+Connect to gfs_controld_t over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_groupd" lineno="267">
+<summary>
+Execute a domain transition to run groupd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_groupd" lineno="287">
+<summary>
+Connect to groupd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_groupd_semaphores" lineno="306">
+<summary>
+Allow read and write access to groupd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_groupd_shm" lineno="327">
+<summary>
+Read and write to group shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_qdiskd" lineno="348">
+<summary>
+Execute a domain transition to run qdiskd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<tunable name="fenced_can_network_connect" dftval="false">
+<desc>
+<p>
+Allow fenced domain to connect to the network using TCP.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rhgb" filename="policy/modules/contrib/rhgb.if">
+<summary> Red Hat Graphical Boot </summary>
+<interface name="rhgb_stub" lineno="13">
+<summary>
+RHGB stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+N/A
+</summary>
+</param>
+</interface>
+<interface name="rhgb_use_fds" lineno="29">
+<summary>
+Use a rhgb file descriptor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_getpgid" lineno="47">
+<summary>
+Get the process group of rhgb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_signal" lineno="65">
+<summary>
+Send a signal to rhgb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_stream_sockets" lineno="83">
+<summary>
+Read and write to unix stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_dontaudit_rw_stream_sockets" lineno="102">
+<summary>
+Do not audit attempts to read and write
+rhgb unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_stream_connect" lineno="120">
+<summary>
+Connected to rhgb unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_shm" lineno="138">
+<summary>
+Read and write to rhgb shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_use_ptys" lineno="156">
+<summary>
+Read from and write to the rhgb devpts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_dontaudit_use_ptys" lineno="174">
+<summary>
+dontaudit Read from and write to the rhgb devpts.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_tmpfs_files" lineno="192">
+<summary>
+Read and write to rhgb temporary file system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rhsmcertd" filename="policy/modules/contrib/rhsmcertd.if">
+<summary>Subscription Management Certificate Daemon policy</summary>
+<interface name="rhsmcertd_domtrans" lineno="13">
+<summary>
+Transition to rhsmcertd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_initrc_domtrans" lineno="32">
+<summary>
+Execute rhsmcertd server in the rhsmcertd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_log" lineno="51">
+<summary>
+Read rhsmcertd's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rhsmcertd_append_log" lineno="70">
+<summary>
+Append to rhsmcertd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_log" lineno="89">
+<summary>
+Manage rhsmcertd log files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_search_lib" lineno="110">
+<summary>
+Search rhsmcertd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_lib_files" lineno="129">
+<summary>
+Read rhsmcertd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_lib_files" lineno="148">
+<summary>
+Manage rhsmcertd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_lib_dirs" lineno="167">
+<summary>
+Manage rhsmcertd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_pid_files" lineno="186">
+<summary>
+Read rhsmcertd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_stream_connect" lineno="206">
+<summary>
+Connect to rhsmcertd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_dbus_chat" lineno="226">
+<summary>
+Send and receive messages from
+rhsmcertd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="247">
+<summary>
+Dontaudit Send and receive messages from
+rhsmcertd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_admin" lineno="274">
+<summary>
+All of the rules required to administrate
+an rhsmcertd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ricci" filename="policy/modules/contrib/ricci.if">
+<summary>Ricci cluster management agent</summary>
+<interface name="ricci_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ricci.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modcluster" lineno="31">
+<summary>
+Execute a domain transition to run ricci_modcluster.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_dontaudit_use_modcluster_fds" lineno="50">
+<summary>
+Do not audit attempts to use
+ricci_modcluster file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="69">
+<summary>
+Do not audit attempts to read write
+ricci_modcluster unamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ricci_stream_connect_modclusterd" lineno="87">
+<summary>
+Connect to ricci_modclusterd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modlog" lineno="107">
+<summary>
+Execute a domain transition to run ricci_modlog.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modrpm" lineno="125">
+<summary>
+Execute a domain transition to run ricci_modrpm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modservice" lineno="143">
+<summary>
+Execute a domain transition to run ricci_modservice.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modstorage" lineno="161">
+<summary>
+Execute a domain transition to run ricci_modstorage.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rlogin" filename="policy/modules/contrib/rlogin.if">
+<summary>Remote login daemon</summary>
+<interface name="rlogin_domtrans" lineno="13">
+<summary>
+Execute rlogind in the rlogin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<template name="rlogin_read_home_content" lineno="38">
+<summary>
+read rlogin homedir content (.config)
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+</module>
+<module name="roundup" filename="policy/modules/contrib/roundup.if">
+<summary>Roundup Issue Tracking System policy</summary>
+<interface name="roundup_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an roundup environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the roundup domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rpc" filename="policy/modules/contrib/rpc.if">
+<summary>Remote Procedure Call Daemon for managment of network based process communication</summary>
+<interface name="rpc_stub" lineno="13">
+<summary>
+RPC stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="rpc_domain_template" lineno="35">
+<summary>
+The template to define a rpc domain.
+</summary>
+<desc>
+<p>
+This template creates a domain to be used for
+a new rpc daemon.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The type of daemon to be used.
+</summary>
+</param>
+</template>
+<interface name="rpc_udp_send" lineno="135">
+<summary>
+Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_dontaudit_getattr_exports" lineno="150">
+<summary>
+Do not audit attempts to get the attributes
+of the NFS export file.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_exports" lineno="168">
+<summary>
+Allow read access to exports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_write_exports" lineno="186">
+<summary>
+Allow write access to exports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_domtrans_nfsd" lineno="204">
+<summary>
+Execute domain in nfsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_initrc_domtrans_nfsd" lineno="222">
+<summary>
+Execute domain in nfsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_domtrans_rpcd" lineno="240">
+<summary>
+Execute domain in rpcd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_initrc_domtrans_rpcd" lineno="259">
+<summary>
+Execute domain in rpcd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_nfs_content" lineno="278">
+<summary>
+Read NFS exported content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_manage_nfs_rw_content" lineno="299">
+<summary>
+Allow domain to create read and write NFS directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_manage_nfs_ro_content" lineno="320">
+<summary>
+Allow domain to create read and write NFS directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_tcp_rw_nfs_sockets" lineno="340">
+<summary>
+Allow domain to read and write to an NFS TCP socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_udp_rw_nfs_sockets" lineno="358">
+<summary>
+Allow domain to read and write to an NFS UDP socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_udp_send_nfs" lineno="376">
+<summary>
+Send UDP traffic to NFSd. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_search_nfs_state_data" lineno="390">
+<summary>
+Search NFS state data in /var/lib/nfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_nfs_state_data" lineno="409">
+<summary>
+Read NFS state data in /var/lib/nfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_manage_nfs_state_data" lineno="428">
+<summary>
+Manage NFS state data in /var/lib/nfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_gssd_read_tmp" dftval="true">
+<desc>
+<p>
+Allow gssd to read temp directory. For access to kerberos tgt.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_nfsd_anon_write" dftval="false">
+<desc>
+<p>
+Allow nfs servers to modify public files
+used for public file transfer services. Files/Directories must be
+labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rpcbind" filename="policy/modules/contrib/rpcbind.if">
+<summary>Universal Addresses to RPC Program Number Mapper</summary>
+<interface name="rpcbind_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rpcbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_stream_connect" lineno="31">
+<summary>
+Connect to rpcbindd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_read_pid_files" lineno="51">
+<summary>
+Read rpcbind PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_search_lib" lineno="70">
+<summary>
+Search rpcbind lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_read_lib_files" lineno="89">
+<summary>
+Read rpcbind lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_manage_lib_files" lineno="109">
+<summary>
+Create, read, write, and delete
+rpcbind lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_admin" lineno="135">
+<summary>
+All of the rules required to administrate
+an rpcbind environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the rpcbind domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rpm" filename="policy/modules/contrib/rpm.if">
+<summary>Policy for the RPM package manager.</summary>
+<interface name="rpm_domtrans" lineno="13">
+<summary>
+Execute rpm programs in the rpm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpm_debuginfo_domtrans" lineno="32">
+<summary>
+Execute debuginfo_install programs in the rpm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpm_domtrans_script" lineno="51">
+<summary>
+Execute rpm_script programs in the rpm_script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpm_run" lineno="79">
+<summary>
+Execute RPM programs in the RPM domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the RPM domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpm_exec" lineno="98">
+<summary>
+Execute the rpm client in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_signull" lineno="117">
+<summary>
+Send a null signal to rpm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_use_fds" lineno="135">
+<summary>
+Inherit and use file descriptors from RPM.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_read_pipes" lineno="153">
+<summary>
+Read from an unnamed RPM pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_rw_pipes" lineno="171">
+<summary>
+Read and write an unnamed RPM pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_dbus_chat" lineno="190">
+<summary>
+Send and receive messages from
+rpm over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_dontaudit_dbus_chat" lineno="211">
+<summary>
+Do not audit attempts to send and
+receive messages from rpm over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rpm_script_dbus_chat" lineno="232">
+<summary>
+Send and receive messages from
+rpm_script over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_search_log" lineno="252">
+<summary>
+Search RPM log directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_append_log" lineno="272">
+<summary>
+Allow the specified domain to append
+to rpm log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_log" lineno="291">
+<summary>
+Create, read, write, and delete the RPM log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_use_script_fds" lineno="310">
+<summary>
+Inherit and use file descriptors from RPM scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_script_tmp_files" lineno="329">
+<summary>
+Create, read, write, and delete RPM
+script temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_append_tmp_files" lineno="349">
+<summary>
+Allow the specified domain to append
+to rpm tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_tmp_files" lineno="369">
+<summary>
+Create, read, write, and delete RPM
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_read_script_tmp_files" lineno="388">
+<summary>
+Read RPM script temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_read_cache" lineno="408">
+<summary>
+Read the RPM cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_cache" lineno="429">
+<summary>
+Create, read, write, and delete the RPM package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_read_db" lineno="450">
+<summary>
+Read the RPM package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_delete_db" lineno="471">
+<summary>
+Delete the RPM package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_db" lineno="490">
+<summary>
+Create, read, write, and delete the RPM package database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_dontaudit_manage_db" lineno="511">
+<summary>
+Do not audit attempts to create, read,
+write, and delete the RPM package database.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rpm_read_pid_files" lineno="531">
+<summary>
+Read rpm pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_manage_pid_files" lineno="550">
+<summary>
+Create, read, write, and delete rpm pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpm_pid_filetrans" lineno="569">
+<summary>
+Create files in /var/run with the rpm pid file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rshd" filename="policy/modules/contrib/rshd.if">
+<summary>Remote shell service.</summary>
+<interface name="rshd_domtrans" lineno="13">
+<summary>
+Domain transition to rshd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rssh" filename="policy/modules/contrib/rssh.if">
+<summary>Restricted (scp/sftp) only shell</summary>
+<interface name="rssh_role" lineno="18">
+<summary>
+Role access for rssh
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="rssh_spec_domtrans" lineno="40">
+<summary>
+Transition to all user rssh domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rssh_exec" lineno="59">
+<summary>
+Execute the rssh program
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rssh_domtrans_chroot_helper" lineno="77">
+<summary>
+Execute a domain transition to run rssh_chroot_helper.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rssh_read_ro_content" lineno="95">
+<summary>
+Read all users rssh read-only content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rsync" filename="policy/modules/contrib/rsync.if">
+<summary>Fast incremental file transfer for synchronization</summary>
+<interface name="rsync_entry_type" lineno="14">
+<summary>
+Make rsync an entry point for
+the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The domain for which init scripts are an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="rsync_entry_spec_domtrans" lineno="47">
+<summary>
+Execute a rsync in a specified domain.
+</summary>
+<desc>
+<p>
+Execute a rsync in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="rsync_entry_domtrans" lineno="80">
+<summary>
+Execute a rsync in a specified domain.
+</summary>
+<desc>
+<p>
+Execute a rsync in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="rsync_exec" lineno="99">
+<summary>
+Execute rsync in the caller domain domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rsync_read_config" lineno="117">
+<summary>
+Read rsync config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_write_config" lineno="136">
+<summary>
+Write to rsync config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="rsync_export_all_ro" dftval="false">
+<desc>
+<p>
+Allow rsync to export any files/directories read only.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_rsync_anon_write" dftval="false">
+<desc>
+<p>
+Allow rsync to modify public files
+used for public file transfer services. Files/Directories must be
+labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rtkit" filename="policy/modules/contrib/rtkit.if">
+<summary>Realtime scheduling for user processes.</summary>
+<interface name="rtkit_daemon_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rtkit_daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rtkit_daemon_dbus_chat" lineno="32">
+<summary>
+Send and receive messages from
+rtkit_daemon over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rtkit_scheduled" lineno="52">
+<summary>
+Allow rtkit to control scheduling for your process
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rwho" filename="policy/modules/contrib/rwho.if">
+<summary>Who is logged in on other machines?</summary>
+<interface name="rwho_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rwho.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rwho_search_log" lineno="31">
+<summary>
+Search rwho log directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_read_log_files" lineno="50">
+<summary>
+Read rwho log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_search_spool" lineno="70">
+<summary>
+Search rwho spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_read_spool_files" lineno="89">
+<summary>
+Read rwho spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_manage_spool_files" lineno="109">
+<summary>
+Create, read, write, and delete
+rwho spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_admin" lineno="135">
+<summary>
+All of the rules required to administrate
+an rwho environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="samba" filename="policy/modules/contrib/samba.if">
+<summary>
+SMB and CIFS client/server programs for UNIX and
+name Service Switch daemon for resolving names
+from Windows NT servers.
+</summary>
+<interface name="samba_domtrans_nmbd" lineno="17">
+<summary>
+Execute nmbd net in the nmbd_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_signal_nmbd" lineno="36">
+<summary>
+Allow domain to signal samba
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_initrc_domtrans" lineno="53">
+<summary>
+Execute samba server in the samba domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_net" lineno="71">
+<summary>
+Execute samba net in the samba_net domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_net" lineno="97">
+<summary>
+Execute samba net in the samba_net domain, and
+allow the specified role the samba_net domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_domtrans_smbmount" lineno="116">
+<summary>
+Execute smbmount in the smbmount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_smbmount" lineno="142">
+<summary>
+Execute smbmount interactively and do
+a domain transition to the smbmount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_config" lineno="163">
+<summary>
+Allow the specified domain to read
+samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_rw_config" lineno="184">
+<summary>
+Allow the specified domain to read
+and write samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_manage_config" lineno="205">
+<summary>
+Allow the specified domain to read
+and write samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_log" lineno="226">
+<summary>
+Allow the specified domain to read samba's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_append_log" lineno="247">
+<summary>
+Allow the specified domain to append to samba's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_exec_log" lineno="267">
+<summary>
+Execute samba log in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_secrets" lineno="286">
+<summary>
+Allow the specified domain to read samba's secrets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_share_files" lineno="305">
+<summary>
+Allow the specified domain to read samba's shares
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_search_var" lineno="325">
+<summary>
+Allow the specified domain to search
+samba /var directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_var_files" lineno="346">
+<summary>
+Allow the specified domain to
+read samba /var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_dontaudit_write_var_files" lineno="367">
+<summary>
+Do not audit attempts to write samba
+/var files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="samba_rw_var_files" lineno="386">
+<summary>
+Allow the specified domain to
+read and write samba /var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_manage_var_files" lineno="407">
+<summary>
+Allow the specified domain to
+read and write samba /var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_smbcontrol" lineno="427">
+<summary>
+Execute a domain transition to run smbcontrol.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_smbcontrol" lineno="452">
+<summary>
+Execute smbcontrol in the smbcontrol domain, and
+allow the specified role the smbcontrol domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_smbd" lineno="471">
+<summary>
+Execute smbd in the smbd_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_signal_smbd" lineno="490">
+<summary>
+Allow domain to signal samba
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_dontaudit_use_fds" lineno="507">
+<summary>
+Do not audit attempts to use file descriptors from samba.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="samba_write_smbmount_tcp_sockets" lineno="525">
+<summary>
+Allow the specified domain to write to smbmount tcp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_rw_smbmount_tcp_sockets" lineno="543">
+<summary>
+Allow the specified domain to read and write to smbmount tcp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_winbind_helper" lineno="561">
+<summary>
+Execute winbind_helper in the winbind_helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_winbind_helper" lineno="586">
+<summary>
+Execute winbind_helper in the winbind_helper domain, and
+allow the specified role the winbind_helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_winbind_pid" lineno="605">
+<summary>
+Allow the specified domain to read the winbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_stream_connect_winbind" lineno="624">
+<summary>
+Connect to winbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_admin" lineno="662">
+<summary>
+All of the rules required to administrate
+an samba environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the samba domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_smbd_anon_write" dftval="false">
+<desc>
+<p>
+Allow samba to modify public files used for public file
+transfer services. Files/Directories must be labeled
+public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_create_home_dirs" dftval="false">
+<desc>
+<p>
+Allow samba to create new home directories (e.g. via PAM)
+</p>
+</desc>
+</tunable>
+<tunable name="samba_domain_controller" dftval="false">
+<desc>
+<p>
+Allow samba to act as the domain controller, add users,
+groups and change passwords.
+
+</p>
+</desc>
+</tunable>
+<tunable name="samba_enable_home_dirs" dftval="false">
+<desc>
+<p>
+Allow samba to share users home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_export_all_ro" dftval="false">
+<desc>
+<p>
+Allow samba to share any file/directory read only.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_export_all_rw" dftval="false">
+<desc>
+<p>
+Allow samba to share any file/directory read/write.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_run_unconfined" dftval="false">
+<desc>
+<p>
+Allow samba to run unconfined scripts
+</p>
+</desc>
+</tunable>
+<tunable name="samba_share_nfs" dftval="false">
+<desc>
+<p>
+Allow samba to export NFS volumes.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_share_fusefs" dftval="false">
+<desc>
+<p>
+Allow samba to export ntfs/fusefs volumes.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sambagui" filename="policy/modules/contrib/sambagui.if">
+<summary>system-config-samba dbus service policy</summary>
+</module>
+<module name="samhain" filename="policy/modules/contrib/samhain.if">
+<summary>Samhain - check file integrity</summary>
+<template name="samhain_service_template" lineno="17">
+<summary>
+The template containing the most basic rules
+common to the samhain domains.
+</summary>
+<param name="samhaindomain_prefix">
+<summary>
+The prefix of the samhain domains(e.g., samhain
+for the domain of command line access, samhaind
+for the domain started by init script).
+</summary>
+</param>
+<rolebase/>
+</template>
+<interface name="samhain_domtrans" lineno="104">
+<summary>
+Execute samhain in the samhain domain
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samhain_run" lineno="141">
+<summary>
+Execute samhain in the samhain domain with the clearance security
+level and allow the specifiled role the samhain domain.
+</summary>
+<desc>
+<p>
+Execute samhain in the samhain domain with the clearance security
+level and allow the specifiled role the samhain domain.
+</p>
+<p>
+The range_transition rule used in this interface requires that
+the calling domain should have the clearance security level
+otherwise the MLS constraint for process transition would fail.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed to access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samhain_manage_config_files" lineno="164">
+<summary>
+Manage samhain configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samhain_manage_db_files" lineno="183">
+<summary>
+Manage samhain database files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samhain_manage_init_script_files" lineno="202">
+<summary>
+Manage samhain init script files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samhain_manage_log_files" lineno="221">
+<summary>
+Manage samhain log and log.lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samhain_manage_pid_files" lineno="240">
+<summary>
+Manage samhain pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samhain_admin" lineno="268">
+<summary>
+All of the rules required to administrate
+the samhain environment.
+</summary>
+<desc>
+<p>
+This interface assumes that the calling domain has been able to
+remove an entry from /var/lib/ or /var/log/ and belongs to the
+mlsfilewrite attribute, since samhain files may be of clearance
+security level while their parent directories are of s0.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="sanlock" filename="policy/modules/contrib/sanlock.if">
+<summary>policy for sanlock</summary>
+<interface name="sanlock_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run sanlock.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_initrc_domtrans" lineno="31">
+<summary>
+Execute sanlock server in the sanlock domain.
+</summary>
+<param name="domain">
+<summary>
+The type of the process performing this action.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_manage_pid_files" lineno="49">
+<summary>
+Create, read, write, and delete sanlock PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_stream_connect" lineno="68">
+<summary>
+Connect to sanlock over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_admin" lineno="94">
+<summary>
+All of the rules required to administrate
+an sanlock environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="sanlock_use_nfs" dftval="false">
+<desc>
+<p>
+Allow confined virtual guests to manage nfs files
+</p>
+</desc>
+</tunable>
+<tunable name="sanlock_use_samba" dftval="false">
+<desc>
+<p>
+Allow confined virtual guests to manage cifs files
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sasl" filename="policy/modules/contrib/sasl.if">
+<summary>SASL authentication server</summary>
+<interface name="sasl_connect" lineno="13">
+<summary>
+Connect to SASL.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sasl_admin" lineno="39">
+<summary>
+All of the rules required to administrate
+an sasl environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_saslauthd_read_shadow" dftval="false">
+<desc>
+<p>
+Allow sasl to read shadow
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sblim" filename="policy/modules/contrib/sblim.if">
+<summary> policy for SBLIM Gatherer </summary>
+<interface name="sblim_domtrans_gatherd" lineno="13">
+<summary>
+Transition to gatherd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sblim_read_pid_files" lineno="32">
+<summary>
+Read gatherd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sblim_admin" lineno="58">
+<summary>
+All of the rules required to administrate
+an gatherd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="screen" filename="policy/modules/contrib/screen.if">
+<summary>GNU terminal multiplexer</summary>
+<template name="screen_role_template" lineno="24">
+<summary>
+The role template for the screen module.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+</module>
+<module name="sectoolm" filename="policy/modules/contrib/sectoolm.if">
+<summary>Sectool security audit tool</summary>
+</module>
+<module name="sendmail" filename="policy/modules/contrib/sendmail.if">
+<summary>Policy for sendmail.</summary>
+<interface name="sendmail_stub" lineno="13">
+<summary>
+Sendmail stub interface. No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_pipes" lineno="30">
+<summary>
+Allow attempts to read and write to
+sendmail unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_domtrans" lineno="48">
+<summary>
+Domain transition to sendmail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_run" lineno="76">
+<summary>
+Execute the sendmail program in the sendmail domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the sendmail domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_signal" lineno="95">
+<summary>
+Send generic signals to sendmail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_tcp_sockets" lineno="113">
+<summary>
+Read and write sendmail TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="132">
+<summary>
+Do not audit attempts to read and write
+sendmail TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_unix_stream_sockets" lineno="150">
+<summary>
+Read and write sendmail unix_stream_sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="169">
+<summary>
+Do not audit attempts to read and write
+sendmail unix_stream_sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_read_log" lineno="188">
+<summary>
+Read sendmail logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_manage_log" lineno="208">
+<summary>
+Create, read, write, and delete sendmail logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_create_log" lineno="227">
+<summary>
+Create sendmail logs with the correct type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_manage_tmp_files" lineno="245">
+<summary>
+Manage sendmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_domtrans_unconfined" lineno="264">
+<summary>
+Execute sendmail in the unconfined sendmail domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_run_unconfined" lineno="290">
+<summary>
+Execute sendmail in the unconfined sendmail domain, and
+allow the specified role the unconfined sendmail domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="setroubleshoot" filename="policy/modules/contrib/setroubleshoot.if">
+<summary>SELinux troubleshooting service</summary>
+<interface name="setroubleshoot_stream_connect" lineno="13">
+<summary>
+Connect to setroubleshootd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dontaudit_stream_connect" lineno="34">
+<summary>
+Dontaudit attempts to connect to setroubleshootd
+over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dbus_chat" lineno="54">
+<summary>
+Send and receive messages from
+setroubleshoot over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="75">
+<summary>
+Do not audit send and receive messages from
+setroubleshoot over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dbus_chat_fixit" lineno="96">
+<summary>
+Send and receive messages from
+setroubleshoot fixit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_admin" lineno="118">
+<summary>
+All of the rules required to administrate
+an setroubleshoot environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="shorewall" filename="policy/modules/contrib/shorewall.if">
+<summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
+<interface name="shorewall_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run shorewall.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_lib_domtrans" lineno="31">
+<summary>
+Execute a domain transition to run shorewall.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_read_config" lineno="49">
+<summary>
+Read shorewall etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_read_pid_files" lineno="68">
+<summary>
+Read shorewall PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_rw_pid_files" lineno="87">
+<summary>
+Read and write shorewall PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_read_lib_files" lineno="106">
+<summary>
+Read shorewall /var/lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_rw_lib_files" lineno="126">
+<summary>
+Read and write shorewall /var/lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_read_tmp_files" lineno="146">
+<summary>
+Read shorewall tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shorewall_admin" lineno="172">
+<summary>
+All of the rules required to administrate
+an shorewall environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the syslog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="shutdown" filename="policy/modules/contrib/shutdown.if">
+<summary>System shutdown command</summary>
+<interface name="shutdown_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run shutdown.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="shutdown_run" lineno="43">
+<summary>
+Execute shutdown in the shutdown domain, and
+allow the specified role the shutdown domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="shutdown_getattr_exec_files" lineno="62">
+<summary>
+Get attributes of shutdown executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="slocate" filename="policy/modules/contrib/slocate.if">
+<summary>Update database for mlocate</summary>
+<interface name="slocate_create_append_log" lineno="13">
+<summary>
+Create the locate log with append mode.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="locate_read_lib_files" lineno="33">
+<summary>
+Read locate lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="slrnpull" filename="policy/modules/contrib/slrnpull.if">
+<summary>Service for downloading news feeds the slrn newsreader.</summary>
+<interface name="slrnpull_search_spool" lineno="13">
+<summary>
+Allow the domain to search slrnpull spools.
+</summary>
+<param name="pty_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="slrnpull_manage_spool" lineno="33">
+<summary>
+Allow the domain to create, read,
+write, and delete slrnpull spools.
+</summary>
+<param name="pty_type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="smartmon" filename="policy/modules/contrib/smartmon.if">
+<summary>Smart disk monitoring daemon policy</summary>
+<interface name="smartmon_read_tmp_files" lineno="13">
+<summary>
+Allow caller to read smartmon temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smartmon_admin" lineno="38">
+<summary>
+All of the rules required to administrate
+an smartmon environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="smartmon_3ware" dftval="false">
+<desc>
+<p>
+Enable additional permissions needed to support
+devices on 3ware controllers.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="smokeping" filename="policy/modules/contrib/smokeping.if">
+<summary>Smokeping network latency measurement.</summary>
+<interface name="smokeping_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run smokeping.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_initrc_domtrans" lineno="31">
+<summary>
+Execute smokeping server in the smokeping domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_read_pid_files" lineno="49">
+<summary>
+Read smokeping PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_manage_pid_files" lineno="68">
+<summary>
+Manage smokeping PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_getattr_lib_files" lineno="87">
+<summary>
+Get attributes of smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_read_lib_files" lineno="106">
+<summary>
+Read smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_manage_lib_files" lineno="125">
+<summary>
+Manage smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_admin" lineno="151">
+<summary>
+All of the rules required to administrate
+a smokeping environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="smoltclient" filename="policy/modules/contrib/smoltclient.if">
+<summary>The Fedora hardware profiler client</summary>
+</module>
+<module name="snmp" filename="policy/modules/contrib/snmp.if">
+<summary>Simple network management protocol services</summary>
+<interface name="snmp_stream_connect" lineno="13">
+<summary>
+Connect to snmpd using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_tcp_connect" lineno="32">
+<summary>
+Use snmp over a TCP connection. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_udp_chat" lineno="46">
+<summary>
+Send and receive UDP traffic to SNMP (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_read_snmp_var_lib_files" lineno="60">
+<summary>
+Read snmpd libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="80">
+<summary>
+dontaudit Read snmpd libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="99">
+<summary>
+dontaudit write snmpd libraries files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="snmp_admin" lineno="124">
+<summary>
+All of the rules required to administrate
+an snmp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the snmp domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="snort" filename="policy/modules/contrib/snort.if">
+<summary>Snort network intrusion detection system</summary>
+<interface name="snort_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run snort.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="snort_admin" lineno="38">
+<summary>
+All of the rules required to administrate
+an snort environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the snort domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="sosreport" filename="policy/modules/contrib/sosreport.if">
+<summary>sosreport - Generate debugging information for system</summary>
+<interface name="sosreport_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run sosreport.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sosreport_run" lineno="37">
+<summary>
+Execute sosreport in the sosreport domain, and
+allow the specified role the sosreport domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sosreport_role" lineno="61">
+<summary>
+Role access for sosreport
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="sosreport_read_tmp_files" lineno="85">
+<summary>
+Allow the specified domain to read
+sosreport tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sosreport_append_tmp_files" lineno="104">
+<summary>
+Append sosreport tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sosreport_delete_tmp_files" lineno="122">
+<summary>
+Delete sosreport tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="soundserver" filename="policy/modules/contrib/soundserver.if">
+<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
+<interface name="soundserver_tcp_connect" lineno="13">
+<summary>
+Connect to the sound server over a TCP socket (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="soundserver_admin" lineno="34">
+<summary>
+All of the rules required to administrate
+an soundd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the soundd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="spamassassin" filename="policy/modules/contrib/spamassassin.if">
+<summary>Filter used for removing unsolicited email.</summary>
+<interface name="spamassassin_role" lineno="18">
+<summary>
+Role access for spamassassin
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec" lineno="52">
+<summary>
+Execute the standalone spamassassin
+program in the caller directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_signal_spamd" lineno="71">
+<summary>
+Singnal the spam assassin daemon
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec_spamd" lineno="90">
+<summary>
+Execute the spamassassin daemon
+program in the caller directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_domtrans_client" lineno="108">
+<summary>
+Execute spamassassin client in the spamassassin client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec_client" lineno="127">
+<summary>
+Execute the spamassassin client
+program in the caller directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_domtrans_local_client" lineno="145">
+<summary>
+Execute spamassassin standalone client in the user spamassassin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_read_lib_files" lineno="163">
+<summary>
+read spamd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_manage_lib_files" lineno="183">
+<summary>
+Create, read, write, and delete
+spamd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_read_spamd_tmp_files" lineno="202">
+<summary>
+Read temporary spamd file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="221">
+<summary>
+Do not audit attempts to get attributes of temporary
+spamd sockets/
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<tunable name="spamassassin_can_network" dftval="false">
+<desc>
+<p>
+Allow user spamassassin clients to use the network.
+</p>
+</desc>
+</tunable>
+<tunable name="spamd_enable_home_dirs" dftval="true">
+<desc>
+<p>
+Allow spamd to read/write user home directories.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="speedtouch" filename="policy/modules/contrib/speedtouch.if">
+<summary>Alcatel speedtouch USB ADSL modem</summary>
+</module>
+<module name="squid" filename="policy/modules/contrib/squid.if">
+<summary>Squid caching http proxy server</summary>
+<interface name="squid_domtrans" lineno="13">
+<summary>
+Execute squid in the squid domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="squid_exec" lineno="32">
+<summary>
+Execute squid
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_signal" lineno="50">
+<summary>
+Send generic signals to squid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_rw_stream_sockets" lineno="69">
+<summary>
+Allow read and write squid
+unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_dontaudit_search_cache" lineno="88">
+<summary>
+Do not audit attempts to search squid cache dirs
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_read_config" lineno="107">
+<summary>
+Read squid configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_read_log" lineno="127">
+<summary>
+Append squid logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_append_log" lineno="146">
+<summary>
+Append squid logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_manage_logs" lineno="167">
+<summary>
+Create, read, write, and delete
+squid logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_use" lineno="186">
+<summary>
+Use squid services by connecting over TCP. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_admin" lineno="207">
+<summary>
+All of the rules required to administrate
+an squid environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the squid domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="squid_connect_any" dftval="false">
+<desc>
+<p>
+Allow squid to connect to all ports, not just
+HTTP, FTP, and Gopher ports.
+</p>
+</desc>
+</tunable>
+<tunable name="squid_use_tproxy" dftval="false">
+<desc>
+<p>
+Allow squid to run as a transparent proxy (TPROXY)
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sssd" filename="policy/modules/contrib/sssd.if">
+<summary>System Security Services Daemon</summary>
+<interface name="sssd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run sssd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sssd_initrc_domtrans" lineno="31">
+<summary>
+Execute sssd server in the sssd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_public_files" lineno="49">
+<summary>
+Read sssd public files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_pid_files" lineno="68">
+<summary>
+Read sssd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_pids" lineno="87">
+<summary>
+Manage sssd var_run files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_search_lib" lineno="106">
+<summary>
+Search sssd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_dontaudit_search_lib" lineno="125">
+<summary>
+Do not audit attempts to search sssd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_lib_files" lineno="144">
+<summary>
+Read sssd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_lib_files" lineno="164">
+<summary>
+Create, read, write, and delete
+sssd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_dbus_chat" lineno="184">
+<summary>
+Send and receive messages from
+sssd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_stream_connect" lineno="204">
+<summary>
+Connect to sssd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_admin" lineno="235">
+<summary>
+All of the rules required to administrate
+an sssd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the sssd domain.
+</summary>
+</param>
+<param name="terminal">
+<summary>
+The type of the user terminal.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="stunnel" filename="policy/modules/contrib/stunnel.if">
+<summary>SSL Tunneling Proxy</summary>
+<interface name="stunnel_service_domain" lineno="18">
+<summary>
+Define the specified domain as a stunnel inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the stunnel inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+</module>
+<module name="sxid" filename="policy/modules/contrib/sxid.if">
+<summary>SUID/SGID program monitoring</summary>
+<interface name="sxid_read_log" lineno="15">
+<summary>
+Allow the specified domain to read
+sxid log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="sysstat" filename="policy/modules/contrib/sysstat.if">
+<summary>Policy for sysstat. Reports on various system states</summary>
+<interface name="sysstat_manage_log" lineno="14">
+<summary>
+Manage sysstat logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="tcpd" filename="policy/modules/contrib/tcpd.if">
+<summary>Policy for TCP daemon.</summary>
+<interface name="tcpd_domtrans" lineno="13">
+<summary>
+Execute tcpd in the tcpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tcpd_wrapped_domain" lineno="37">
+<summary>
+Create a domain for services that
+utilize tcp wrappers.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+</module>
+<module name="tcsd" filename="policy/modules/contrib/tcsd.if">
+<summary>TSS Core Services (TCS) daemon (tcsd) policy</summary>
+<interface name="tcsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tcsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_initrc_domtrans" lineno="31">
+<summary>
+Execute tcsd server in the tcsd domain.
+</summary>
+<param name="domain">
+<summary>
+The type of the process performing this action.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_search_lib" lineno="49">
+<summary>
+Search tcsd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_manage_lib_dirs" lineno="68">
+<summary>
+Manage tcsd lib dirs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_read_lib_files" lineno="87">
+<summary>
+Read tcsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_manage_lib_files" lineno="107">
+<summary>
+Create, read, write, and delete
+tcsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_admin" lineno="133">
+<summary>
+All of the rules required to administrate
+an tcsd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="telepathy" filename="policy/modules/contrib/telepathy.if">
+<summary>Telepathy communications framework.</summary>
+<template name="telepathy_domain_template" lineno="15">
+<summary>
+Creates basic types for telepathy
+domain
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<template name="telepathy_role" lineno="45">
+<summary>
+Role access for telepathy domains
+</summary>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="telepathy_gabble_stream_connect" lineno="88">
+<summary>
+Stream connect to Telepathy Gabble
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="telepathy_gabble_dbus_chat" lineno="108">
+<summary>
+Send DBus messages to and from
+Telepathy Gabble.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="telepathy_mission_control_read_state" lineno="133">
+<summary>
+Read telepathy mission control state.
+</summary>
+<param name="role_prefix">
+<summary>
+Prefix to be used.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="telepathy_msn_stream_connect" lineno="152">
+<summary>
+Stream connect to telepathy MSN managers
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="telepathy_salut_stream_connect" lineno="171">
+<summary>
+Stream connect to Telepathy Salut
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
+<desc>
+<p>
+Allow the Telepathy connection managers
+to connect to any generic TCP port.
+</p>
+</desc>
+</tunable>
+<tunable name="telepathy_connect_all_ports" dftval="false">
+<desc>
+<p>
+Allow the Telepathy connection managers
+to connect to any network port.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="telnet" filename="policy/modules/contrib/telnet.if">
+<summary>Telnet daemon</summary>
+</module>
+<module name="tftp" filename="policy/modules/contrib/tftp.if">
+<summary>Trivial file transfer protocol daemon</summary>
+<interface name="tftp_read_content" lineno="13">
+<summary>
+Read tftp content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_manage_rw_content" lineno="31">
+<summary>
+Manage tftp /var/lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_admin" lineno="53">
+<summary>
+All of the rules required to administrate
+an tftp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="tftp_anon_write" dftval="false">
+<desc>
+<p>
+Allow tftp to modify public files
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="tgtd" filename="policy/modules/contrib/tgtd.if">
+<summary>Linux Target Framework Daemon.</summary>
+<desc>
+<p>
+Linux target framework (tgt) aims to simplify various
+SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
+and maintenance. Our key goals are the clean integration into
+the scsi-mid layer and implementing a great portion of tgt
+in user space.
+</p>
+</desc>
+<interface name="tgtd_rw_semaphores" lineno="22">
+<summary>
+Allow read and write access to tgtd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tgtd_manage_semaphores" lineno="40">
+<summary>
+Manage tgtd sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="thunderbird" filename="policy/modules/contrib/thunderbird.if">
+<summary>Thunderbird email client</summary>
+<interface name="thunderbird_role" lineno="18">
+<summary>
+Role access for thunderbird
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="thunderbird_domtrans" lineno="57">
+<summary>
+Run thunderbird in the user thunderbird domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="timidity" filename="policy/modules/contrib/timidity.if">
+<summary>MIDI to WAV converter and player configured as a service</summary>
+</module>
+<module name="tmpreaper" filename="policy/modules/contrib/tmpreaper.if">
+<summary>Manage temporary directory sizes and file ages</summary>
+<interface name="tmpreaper_exec" lineno="13">
+<summary>
+Execute tmpreaper in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="tor" filename="policy/modules/contrib/tor.if">
+<summary>TOR, the onion router</summary>
+<interface name="tor_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run TOR.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tor_admin" lineno="38">
+<summary>
+All of the rules required to administrate
+an tor environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the tor domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="tor_bind_all_unreserved_ports" dftval="false">
+<desc>
+<p>
+Allow tor daemon to bind
+tcp sockets to all unreserved ports.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="transproxy" filename="policy/modules/contrib/transproxy.if">
+<summary>HTTP transperant proxy</summary>
+</module>
+<module name="tripwire" filename="policy/modules/contrib/tripwire.if">
+<summary>Tripwire file integrity checker.</summary>
+<desc>
+<p>
+Tripwire file integrity checker.
+</p>
+<p>
+NOTE: Tripwire creates temp file in its current working directory.
+This policy does not allow write access to home directories, so
+users will need to either cd to a directory where they have write
+permission, or set the TEMPDIRECTORY variable in the tripwire config
+file. The latter is preferable, as then the file_type_auto_trans
+rules will kick in and label the files as private to tripwire.
+</p>
+</desc>
+<interface name="tripwire_domtrans_tripwire" lineno="26">
+<summary>
+Execute tripwire in the tripwire domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tripwire_run_tripwire" lineno="51">
+<summary>
+Execute tripwire in the tripwire domain, and
+allow the specified role the tripwire domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="tripwire_domtrans_twadmin" lineno="70">
+<summary>
+Execute twadmin in the twadmin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tripwire_run_twadmin" lineno="95">
+<summary>
+Execute twadmin in the twadmin domain, and
+allow the specified role the twadmin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="tripwire_domtrans_twprint" lineno="114">
+<summary>
+Execute twprint in the twprint domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tripwire_run_twprint" lineno="139">
+<summary>
+Execute twprint in the twprint domain, and
+allow the specified role the twprint domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="tripwire_domtrans_siggen" lineno="158">
+<summary>
+Execute siggen in the siggen domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tripwire_run_siggen" lineno="183">
+<summary>
+Execute siggen in the siggen domain, and
+allow the specified role the siggen domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="tuned" filename="policy/modules/contrib/tuned.if">
+<summary>Dynamic adaptive system tuning daemon</summary>
+<interface name="tuned_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tuned.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tuned_exec" lineno="31">
+<summary>
+Execute tuned in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_read_pid_files" lineno="50">
+<summary>
+Read tuned PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_manage_pid_files" lineno="69">
+<summary>
+Manage tuned PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_initrc_domtrans" lineno="88">
+<summary>
+Execute tuned server in the tuned domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_admin" lineno="113">
+<summary>
+All of the rules required to administrate
+an tuned environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="tvtime" filename="policy/modules/contrib/tvtime.if">
+<summary> tvtime - a high quality television application </summary>
+<interface name="tvtime_role" lineno="18">
+<summary>
+Role access for tvtime
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+</module>
+<module name="tzdata" filename="policy/modules/contrib/tzdata.if">
+<summary>Time zone updater</summary>
+<interface name="tzdata_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tzdata.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tzdata_run" lineno="38">
+<summary>
+Execute the tzdata program in the tzdata domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the tzdata domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ucspitcp" filename="policy/modules/contrib/ucspitcp.if">
+<summary>ucspitcp policy</summary>
+<desc>
+<p>
+Policy for DJB's ucspi-tcpd
+</p>
+</desc>
+<interface name="ucspitcp_service_domain" lineno="23">
+<summary>
+Define a specified domain as a ucspitcp service.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ulogd" filename="policy/modules/contrib/ulogd.if">
+<summary>Iptables/netfilter userspace logging daemon.</summary>
+<interface name="ulogd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ulogd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ulogd_read_config" lineno="33">
+<summary>
+Allow the specified domain to read
+ulogd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_read_log" lineno="53">
+<summary>
+Allow the specified domain to read ulogd's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_search_log" lineno="73">
+<summary>
+Allow the specified domain to search ulogd's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ulogd_append_log" lineno="93">
+<summary>
+Allow the specified domain to append to ulogd's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_admin" lineno="120">
+<summary>
+All of the rules required to administrate
+an ulogd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the syslog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uml" filename="policy/modules/contrib/uml.if">
+<summary>Policy for UML</summary>
+<interface name="uml_role" lineno="18">
+<summary>
+Role access for uml
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="uml_setattr_util_sockets" lineno="74">
+<summary>
+Set attributes on uml utility socket files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uml_manage_util_files" lineno="92">
+<summary>
+Manage uml utility files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="updfstab" filename="policy/modules/contrib/updfstab.if">
+<summary>Red Hat utility to change /etc/fstab.</summary>
+<interface name="updfstab_domtrans" lineno="13">
+<summary>
+Execute updfstab in the updfstab domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="uptime" filename="policy/modules/contrib/uptime.if">
+<summary>Uptime daemon</summary>
+</module>
+<module name="usbmodules" filename="policy/modules/contrib/usbmodules.if">
+<summary>List kernel modules of USB devices</summary>
+<interface name="usbmodules_domtrans" lineno="13">
+<summary>
+Execute usbmodules in the usbmodules domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usbmodules_run" lineno="39">
+<summary>
+Execute usbmodules in the usbmodules domain, and
+allow the specified role the usbmodules domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="usbmuxd" filename="policy/modules/contrib/usbmuxd.if">
+<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
+<interface name="usbmuxd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run usbmuxd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usbmuxd_stream_connect" lineno="32">
+<summary>
+Connect to usbmuxd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="userhelper" filename="policy/modules/contrib/userhelper.if">
+<summary>SELinux utility to run a shell with a new role</summary>
+<template name="userhelper_role_template" lineno="24">
+<summary>
+The role template for the userhelper module.
+</summary>
+<param name="userrole_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The user role.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The user domain associated with the role.
+</summary>
+</param>
+</template>
+<interface name="userhelper_search_config" lineno="178">
+<summary>
+Search the userhelper configuration directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userhelper_dontaudit_search_config" lineno="197">
+<summary>
+Do not audit attempts to search
+the userhelper configuration directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userhelper_use_fd" lineno="215">
+<summary>
+Allow domain to use userhelper file descriptor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userhelper_sigchld" lineno="233">
+<summary>
+Allow domain to send sigchld to userhelper.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userhelper_exec" lineno="251">
+<summary>
+Execute the userhelper program in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="usernetctl" filename="policy/modules/contrib/usernetctl.if">
+<summary>User network interface configuration helper</summary>
+<interface name="usernetctl_domtrans" lineno="13">
+<summary>
+Execute usernetctl in the usernetctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usernetctl_run" lineno="38">
+<summary>
+Execute usernetctl in the usernetctl domain, and
+allow the specified role the usernetctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uucp" filename="policy/modules/contrib/uucp.if">
+<summary>Unix to Unix Copy</summary>
+<interface name="uucp_domtrans" lineno="14">
+<summary>
+Execute the uucico program in the
+uucpd_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uucp_append_log" lineno="33">
+<summary>
+Allow the specified domain to append
+to uucp log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uucp_manage_spool" lineno="53">
+<summary>
+Create, read, write, and delete uucp spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uucp_domtrans_uux" lineno="75">
+<summary>
+Execute the master uux program in the
+uux_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uucp_admin" lineno="95">
+<summary>
+All of the rules required to administrate
+an uucp environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uuidd" filename="policy/modules/contrib/uuidd.if">
+<summary>policy for uuidd</summary>
+<interface name="uuidd_domtrans" lineno="13">
+<summary>
+Transition to uuidd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_initrc_domtrans" lineno="32">
+<summary>
+Execute uuidd server in the uuidd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_search_lib" lineno="50">
+<summary>
+Search uuidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_read_lib_files" lineno="69">
+<summary>
+Read uuidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_manage_lib_files" lineno="88">
+<summary>
+Manage uuidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_manage_lib_dirs" lineno="107">
+<summary>
+Manage uuidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_read_pid_files" lineno="126">
+<summary>
+Read uuidd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_stream_connect_manager" lineno="145">
+<summary>
+Connect to uuidd over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_admin" lineno="171">
+<summary>
+All of the rules required to administrate
+an uuidd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uwimap" filename="policy/modules/contrib/uwimap.if">
+<summary>University of Washington IMAP toolkit POP3 and IMAP mail server</summary>
+<interface name="uwimap_domtrans" lineno="13">
+<summary>
+Execute the UW IMAP/POP3 servers with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="varnishd" filename="policy/modules/contrib/varnishd.if">
+<summary>Varnishd http accelerator daemon</summary>
+<interface name="varnishd_domtrans" lineno="13">
+<summary>
+Execute varnishd in the varnishd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_exec" lineno="32">
+<summary>
+Execute varnishd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_config" lineno="50">
+<summary>
+Read varnishd configuration file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_lib_files" lineno="69">
+<summary>
+Read varnish lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_log" lineno="88">
+<summary>
+Read varnish logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_append_log" lineno="107">
+<summary>
+Append varnish logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_manage_log" lineno="126">
+<summary>
+Manage varnish logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_admin_varnishlog" lineno="152">
+<summary>
+All of the rules required to administrate
+an varnishlog environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the varnishlog domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="varnishd_admin" lineno="190">
+<summary>
+All of the rules required to administrate
+an varnishd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the varnishd domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="varnishd_connect_any" dftval="false">
+<desc>
+<p>
+Allow varnishd to connect to all ports,
+not just HTTP.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="vbetool" filename="policy/modules/contrib/vbetool.if">
+<summary>run real-mode video BIOS code to alter hardware state</summary>
+<interface name="vbetool_domtrans" lineno="13">
+<summary>
+Execute vbetool application in the vbetool domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vbetool_run" lineno="38">
+<summary>
+Execute vbetool in the vbetool domain, and
+allow the specified role the vbetool domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="vbetool_mmap_zero_ignore" dftval="false">
+<desc>
+<p>
+Ignore vbetool mmap_zero errors.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="vdagent" filename="policy/modules/contrib/vdagent.if">
+<summary>policy for vdagent</summary>
+<interface name="vdagent_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run vdagent.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_getattr_exec_files" lineno="31">
+<summary>
+Getattr on vdagent executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_getattr_log" lineno="49">
+<summary>
+Get the attributes of vdagent logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_read_pid_files" lineno="68">
+<summary>
+Read vdagent PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_stream_connect" lineno="88">
+<summary>
+Connect to vdagent over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_admin" lineno="114">
+<summary>
+All of the rules required to administrate
+an vdagent environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="vhostmd" filename="policy/modules/contrib/vhostmd.if">
+<summary>Virtual host metrics daemon</summary>
+<interface name="vhostmd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run vhostmd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_initrc_domtrans" lineno="31">
+<summary>
+Execute vhostmd server in the vhostmd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_read_tmpfs_files" lineno="49">
+<summary>
+Allow domain to read, vhostmd tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="69">
+<summary>
+Do not audit attempts to read,
+vhostmd tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_rw_tmpfs_files" lineno="87">
+<summary>
+Allow domain to read and write vhostmd tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_manage_tmpfs_files" lineno="106">
+<summary>
+Create, read, write, and delete vhostmd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_read_pid_files" lineno="125">
+<summary>
+Read vhostmd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_manage_pid_files" lineno="144">
+<summary>
+Manage vhostmd var_run files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_stream_connect" lineno="162">
+<summary>
+Connect to vhostmd over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="182">
+<summary>
+Dontaudit read and write to vhostmd
+over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_admin" lineno="207">
+<summary>
+All of the rules required to administrate
+an vhostmd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="virt" filename="policy/modules/contrib/virt.if">
+<summary>Libvirt virtualization API</summary>
+<template name="virt_domain_template" lineno="14">
+<summary>
+Creates types and rules for a basic
+qemu process domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<interface name="virt_image" lineno="87">
+<summary>
+Make the specified type usable as a virt image
+</summary>
+<param name="type">
+<summary>
+Type to be used as a virtual image
+</summary>
+</param>
+</interface>
+<interface name="virt_domtrans" lineno="109">
+<summary>
+Execute a domain transition to run virt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="virt_stream_connect" lineno="127">
+<summary>
+Connect to virt over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_attach_tun_iface" lineno="146">
+<summary>
+Allow domain to attach to virt TUN devices
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_config" lineno="165">
+<summary>
+Read virt config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_config" lineno="186">
+<summary>
+manage virt config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_content" lineno="207">
+<summary>
+Allow domain to manage virt image files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_pid_files" lineno="242">
+<summary>
+Read virt PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_pid_files" lineno="261">
+<summary>
+Manage virt pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_search_lib" lineno="280">
+<summary>
+Search virt lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_lib_files" lineno="299">
+<summary>
+Read virt lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_lib_files" lineno="320">
+<summary>
+Create, read, write, and delete
+virt lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_log" lineno="340">
+<summary>
+Allow the specified domain to read virt's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="virt_append_log" lineno="360">
+<summary>
+Allow the specified domain to append
+virt log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_log" lineno="379">
+<summary>
+Allow domain to manage virt log files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_images" lineno="399">
+<summary>
+Allow domain to read virt image files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_svirt_cache" lineno="436">
+<summary>
+Create, read, write, and delete
+svirt cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_images" lineno="457">
+<summary>
+Allow domain to manage virt image files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_admin" lineno="500">
+<summary>
+All of the rules required to administrate
+an virt environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="virt_use_comm" dftval="false">
+<desc>
+<p>
+Allow virt to use serial/parallell communication ports
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_fusefs" dftval="false">
+<desc>
+<p>
+Allow virt to read fuse files
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_nfs" dftval="false">
+<desc>
+<p>
+Allow virt to manage nfs files
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_samba" dftval="false">
+<desc>
+<p>
+Allow virt to manage cifs files
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_sysfs" dftval="false">
+<desc>
+<p>
+Allow virt to manage device configuration, (pci)
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_usb" dftval="true">
+<desc>
+<p>
+Allow virt to use usb devices
+</p>
+</desc>
+</tunable>
+</module>
+<module name="vlock" filename="policy/modules/contrib/vlock.if">
+<summary>Lock one or more sessions on the Linux console.</summary>
+<interface name="vlock_domtrans" lineno="13">
+<summary>
+Execute vlock in the vlock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vlock_run" lineno="39">
+<summary>
+Execute vlock in the vlock domain, and
+allow the specified role the vlock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed to access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="vmware" filename="policy/modules/contrib/vmware.if">
+<summary>VMWare Workstation virtual machines</summary>
+<interface name="vmware_role" lineno="18">
+<summary>
+Role access for vmware
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="vmware_exec_host" lineno="43">
+<summary>
+Execute vmware host executables
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vmware_read_system_config" lineno="61">
+<summary>
+Read VMWare system configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vmware_append_system_config" lineno="79">
+<summary>
+Append to VMWare system configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vmware_append_log" lineno="97">
+<summary>
+Append to VMWare log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="vnstatd" filename="policy/modules/contrib/vnstatd.if">
+<summary>Console network traffic monitor.</summary>
+<interface name="vnstatd_domtrans_vnstat" lineno="13">
+<summary>
+Execute a domain transition to run vnstat.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_domtrans" lineno="31">
+<summary>
+Execute a domain transition to run vnstatd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_search_lib" lineno="49">
+<summary>
+Search vnstatd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_manage_lib_dirs" lineno="68">
+<summary>
+Manage vnstatd lib dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_read_lib_files" lineno="87">
+<summary>
+Read vnstatd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_manage_lib_files" lineno="107">
+<summary>
+Create, read, write, and delete
+vnstatd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_admin" lineno="133">
+<summary>
+All of the rules required to administrate
+an vnstatd environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="vpn" filename="policy/modules/contrib/vpn.if">
+<summary>Virtual Private Networking client</summary>
+<interface name="vpn_domtrans" lineno="13">
+<summary>
+Execute VPN clients in the vpnc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vpn_run" lineno="38">
+<summary>
+Execute VPN clients in the vpnc domain, and
+allow the specified role the vpnc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="vpn_kill" lineno="57">
+<summary>
+Send VPN clients the kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vpn_signal" lineno="75">
+<summary>
+Send generic signals to VPN clients.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vpn_signull" lineno="93">
+<summary>
+Send signull to VPN clients.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vpn_dbus_chat" lineno="112">
+<summary>
+Send and receive messages from
+Vpnc over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vpn_relabelfrom_tun_socket" lineno="132">
+<summary>
+Relabelfrom from vpnc socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="w3c" filename="policy/modules/contrib/w3c.if">
+<summary>W3C Markup Validator</summary>
+</module>
+<module name="watchdog" filename="policy/modules/contrib/watchdog.if">
+<summary>Software watchdog</summary>
+</module>
+<module name="webadm" filename="policy/modules/contrib/webadm.if">
+<summary>Web administrator role</summary>
+<interface name="webadm_role_change" lineno="14">
+<summary>
+Change to the web administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="webadm_role_change_to" lineno="44">
+<summary>
+Change from the web administrator role.
+</summary>
+<desc>
+<p>
+Change from the web administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="webadm_manage_user_files" dftval="false">
+<desc>
+<p>
+Allow webadm to manage files in users home directories
+</p>
+</desc>
+</tunable>
+<tunable name="webadm_read_user_files" dftval="false">
+<desc>
+<p>
+Allow webadm to read files in users home directories
+</p>
+</desc>
+</tunable>
+</module>
+<module name="webalizer" filename="policy/modules/contrib/webalizer.if">
+<summary>Web server log analysis</summary>
+<interface name="webalizer_domtrans" lineno="13">
+<summary>
+Execute webalizer in the webalizer domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="webalizer_run" lineno="38">
+<summary>
+Execute webalizer in the webalizer domain, and
+allow the specified role the webalizer domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="wine" filename="policy/modules/contrib/wine.if">
+<summary>Wine Is Not an Emulator. Run Windows programs in Linux.</summary>
+<template name="wine_role" lineno="30">
+<summary>
+The per role template for the wine module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for wine applications.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+</template>
+<template name="wine_role_template" lineno="87">
+<summary>
+The role template for the wine module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for wine applications.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="wine_domtrans" lineno="127">
+<summary>
+Execute the wine program in the wine domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="wine_run" lineno="152">
+<summary>
+Execute wine in the wine domain, and
+allow the specified role the wine domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="wine_rw_shm" lineno="172">
+<summary>
+Read and write wine Shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="wine_mmap_zero_ignore" dftval="false">
+<desc>
+<p>
+Ignore wine mmap_zero errors.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="wireshark" filename="policy/modules/contrib/wireshark.if">
+<summary>Wireshark packet capture tool.</summary>
+<interface name="wireshark_role" lineno="18">
+<summary>
+Role access for wireshark
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="wireshark_domtrans" lineno="49">
+<summary>
+Run wireshark in wireshark domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="wm" filename="policy/modules/contrib/wm.if">
+<summary>X Window Managers</summary>
+<template name="wm_role_template" lineno="30">
+<summary>
+The role template for the wm module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for window manager applications.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="wm_exec" lineno="105">
+<summary>
+Execute the wm program in the wm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="xen" filename="policy/modules/contrib/xen.if">
+<summary>Xen hypervisor</summary>
+<interface name="xen_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run xend.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xen_use_fds" lineno="31">
+<summary>
+Inherit and use xen file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_dontaudit_use_fds" lineno="50">
+<summary>
+Do not audit attempts to inherit
+xen file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xen_read_image_files" lineno="68">
+<summary>
+Read xend image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_rw_image_files" lineno="90">
+<summary>
+Allow the specified domain to read/write
+xend image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_append_log" lineno="111">
+<summary>
+Allow the specified domain to append
+xend log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_manage_log" lineno="132">
+<summary>
+Create, read, write, and delete the
+xend log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="154">
+<summary>
+Do not audit attempts to read and write
+Xen unix domain stream sockets. These
+are leaked file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect_xenstore" lineno="172">
+<summary>
+Connect to xenstored over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect" lineno="191">
+<summary>
+Connect to xend over an unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_domtrans_xm" lineno="213">
+<summary>
+Execute a domain transition to run xm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect_xm" lineno="231">
+<summary>
+Connect to xm over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="xend_run_blktap" dftval="true">
+<desc>
+<p>
+Allow xend to run blktapctrl/tapdisk.
+Not required if using dedicated logical volumes for disk images.
+</p>
+</desc>
+</tunable>
+<tunable name="xend_run_qemu" dftval="true">
+<desc>
+<p>
+Allow xend to run qemu-dm.
+Not required if using paravirt and no vfb.
+</p>
+</desc>
+</tunable>
+<tunable name="xen_use_nfs" dftval="false">
+<desc>
+<p>
+Allow xen to manage nfs files
+</p>
+</desc>
+</tunable>
+</module>
+<module name="xfs" filename="policy/modules/contrib/xfs.if">
+<summary>X Windows Font Server </summary>
+<interface name="xfs_read_sockets" lineno="13">
+<summary>
+Read a X font server named socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_stream_connect" lineno="33">
+<summary>
+Connect to a X font server over
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_exec" lineno="53">
+<summary>
+Allow the specified domain to execute xfs
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="xguest" filename="policy/modules/contrib/xguest.if">
+<summary>Least privledge xwindows user role</summary>
+<interface name="xguest_role_change" lineno="14">
+<summary>
+Change to the xguest role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="xguest_role_change_to" lineno="44">
+<summary>
+Change from the xguest role.
+</summary>
+<desc>
+<p>
+Change from the xguest role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="xguest_mount_media" dftval="true">
+<desc>
+<p>
+Allow xguest users to mount removable media
+</p>
+</desc>
+</tunable>
+<tunable name="xguest_connect_network" dftval="true">
+<desc>
+<p>
+Allow xguest to configure Network Manager
+</p>
+</desc>
+</tunable>
+<tunable name="xguest_use_bluetooth" dftval="true">
+<desc>
+<p>
+Allow xguest to use blue tooth devices
+</p>
+</desc>
+</tunable>
+</module>
+<module name="xprint" filename="policy/modules/contrib/xprint.if">
+<summary>X print server</summary>
+</module>
+<module name="xscreensaver" filename="policy/modules/contrib/xscreensaver.if">
+<summary>X Screensaver</summary>
+<interface name="xscreensaver_role" lineno="18">
+<summary>
+Role access for xscreensaver
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+</module>
+<module name="yam" filename="policy/modules/contrib/yam.if">
+<summary>Yum/Apt Mirroring</summary>
+<interface name="yam_domtrans" lineno="13">
+<summary>
+Execute yam in the yam domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="yam_run" lineno="39">
+<summary>
+Execute yam in the yam domain, and
+allow the specified role the yam domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="yam_read_content" lineno="58">
+<summary>
+Read yam content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="zabbix" filename="policy/modules/contrib/zabbix.if">
+<summary>Distributed infrastructure monitoring</summary>
+<interface name="zabbix_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run zabbix.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_tcp_connect" lineno="31">
+<summary>
+Allow connectivity to the zabbix server
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_read_log" lineno="53">
+<summary>
+Allow the specified domain to read zabbix's log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="zabbix_append_log" lineno="73">
+<summary>
+Allow the specified domain to append
+zabbix log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_read_pid_files" lineno="92">
+<summary>
+Read zabbix PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_agent_tcp_connect" lineno="111">
+<summary>
+Allow connectivity to a zabbix agent
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_admin" lineno="139">
+<summary>
+All of the rules required to administrate
+an zabbix environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the zabbix domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="zarafa" filename="policy/modules/contrib/zarafa.if">
+<summary>Zarafa collaboration platform.</summary>
+<template name="zarafa_domain_template" lineno="14">
+<summary>
+Creates types and rules for a basic
+zararfa init daemon domain.
+</summary>
+<param name="prefix">
+<summary>
+Prefix for the domain.
+</summary>
+</param>
+</template>
+<interface name="zarafa_search_config" lineno="58">
+<summary>
+Allow the specified domain to search
+zarafa configuration dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_domtrans_deliver" lineno="77">
+<summary>
+Execute a domain transition to run zarafa_deliver.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_domtrans_server" lineno="95">
+<summary>
+Execute a domain transition to run zarafa_server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_stream_connect_server" lineno="113">
+<summary>
+Connect to zarafa-server unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="zebra" filename="policy/modules/contrib/zebra.if">
+<summary>Zebra border gateway protocol network routing service</summary>
+<interface name="zebra_read_config" lineno="14">
+<summary>
+Read the configuration files for zebra.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="zebra_stream_connect" lineno="35">
+<summary>
+Connect to zebra over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zebra_admin" lineno="62">
+<summary>
+All of the rules required to administrate
+an zebra environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the zebra domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_zebra_write_config" dftval="false">
+<desc>
+<p>
+Allow zebra daemon to write it configuration files
+</p>
+</desc>
+</tunable>
+</module>
+<module name="zosremote" filename="policy/modules/contrib/zosremote.if">
+<summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
+<interface name="zosremote_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run audispd-zos-remote.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zosremote_run" lineno="38">
+<summary>
+Allow specified type and role to transition and
+run in the zos_remote_t domain. Allow specified type
+to use zos_remote_t terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+</layer>
+<layer name="kernel">
+<summary>Policy modules for kernel resources.</summary>
+<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
+<summary>
+Core policy for shells, and generic programs
+in /bin, /sbin, /usr/bin, and /usr/sbin.
+</summary>
+<required val="true">
+Contains the base bin and sbin directory types
+which need to be searched for the kernel to
+run init.
+</required>
+<interface name="corecmd_executable_file" lineno="23">
+<summary>
+Make the specified type usable for files
+that are exectuables, such as binary programs.
+This does not include shared libraries.
+</summary>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_bin_alias" lineno="53">
+<summary>
+Create a aliased type to generic bin files. (Deprecated)
+</summary>
+<desc>
+<p>
+Create a aliased type to generic bin files. (Deprecated)
+</p>
+<p>
+This is added to support targeted policy. Its
+use should be limited. It has no effect
+on the strict policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Alias type for bin_t.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_bin_entry_type" lineno="68">
+<summary>
+Make general progams in bin an entrypoint for
+the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The domain for which bin_t is an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_sbin_entry_type" lineno="87">
+<summary>
+Make general progams in sbin an entrypoint for
+the specified domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+The domain for which sbin programs are an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_shell_entry_type" lineno="102">
+<summary>
+Make the shell an entrypoint for the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The domain for which the shell is an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_search_bin" lineno="120">
+<summary>
+Search the contents of bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_search_bin" lineno="138">
+<summary>
+Do not audit attempts to search the contents of bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_list_bin" lineno="156">
+<summary>
+List the contents of bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_write_bin_dirs" lineno="174">
+<summary>
+Do not audit attempts to write bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_getattr_bin_files" lineno="192">
+<summary>
+Get the attributes of files in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_getattr_bin_files" lineno="210">
+<summary>
+Get the attributes of files in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_bin_files" lineno="229">
+<summary>
+Read files in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_write_bin_files" lineno="247">
+<summary>
+Do not audit attempts to write bin files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_bin_symlinks" lineno="265">
+<summary>
+Read symbolic links in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_bin_pipes" lineno="283">
+<summary>
+Read pipes in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_bin_sockets" lineno="301">
+<summary>
+Read named sockets in bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_exec_bin" lineno="340">
+<summary>
+Execute generic programs in bin directories,
+in the caller domain.
+</summary>
+<desc>
+<p>
+Allow the specified domain to execute generic programs
+in system bin directories (/bin, /sbin, /usr/bin,
+/usr/sbin) a without domain transition.
+</p>
+<p>
+Typically, this interface should be used when the domain
+executes general system progams within the privileges
+of the source domain. Some examples of these programs
+are ls, cp, sed, python, and tar. This does not include
+shells, such as bash.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corecmd_exec_shell()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_manage_bin_files" lineno="360">
+<summary>
+Create, read, write, and delete bin files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_relabel_bin_files" lineno="378">
+<summary>
+Relabel to and from the bin type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_mmap_bin_files" lineno="396">
+<summary>
+Mmap a bin file as executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_bin_spec_domtrans" lineno="440">
+<summary>
+Execute a file in a bin directory
+in the specified domain but do not
+do it automatically. This is an explicit
+transition, requiring the caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Execute a file in a bin directory
+in the specified domain. This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain. This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the userhelper policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_bin_domtrans" lineno="483">
+<summary>
+Execute a file in a bin directory
+in the specified domain.
+</summary>
+<desc>
+<p>
+Execute a file in a bin directory
+in the specified domain. This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain. This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the ssh-agent policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_search_sbin" lineno="502">
+<summary>
+Search the contents of sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_search_sbin" lineno="518">
+<summary>
+Do not audit attempts to search
+sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_list_sbin" lineno="533">
+<summary>
+List the contents of sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_write_sbin_dirs" lineno="549">
+<summary>
+Do not audit attempts to write
+sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_getattr_sbin_files" lineno="564">
+<summary>
+Get the attributes of sbin files. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_dontaudit_getattr_sbin_files" lineno="580">
+<summary>
+Do not audit attempts to get the attibutes
+of sbin files. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_sbin_files" lineno="595">
+<summary>
+Read files in sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_sbin_symlinks" lineno="610">
+<summary>
+Read symbolic links in sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_sbin_pipes" lineno="625">
+<summary>
+Read named pipes in sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_read_sbin_sockets" lineno="640">
+<summary>
+Read named sockets in sbin directories. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_exec_sbin" lineno="656">
+<summary>
+Execute generic programs in sbin directories,
+in the caller domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_manage_sbin_files" lineno="672">
+<summary>
+Create, read, write, and delete sbin files. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_relabel_sbin_files" lineno="688">
+<summary>
+Relabel to and from the sbin type. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_mmap_sbin_files" lineno="704">
+<summary>
+Mmap a sbin file as executable. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_sbin_domtrans" lineno="743">
+<summary>
+Execute a file in a sbin directory
+in the specified domain. (Deprecated)
+</summary>
+<desc>
+<p>
+Execute a file in a sbin directory
+in the specified domain. This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain. This is not suggested. (Deprecated)
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the ssh-agent policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_sbin_spec_domtrans" lineno="784">
+<summary>
+Execute a file in a sbin directory
+in the specified domain but do not
+do it automatically. This is an explicit
+transition, requiring the caller to use setexeccon(). (Deprecated)
+</summary>
+<desc>
+<p>
+Execute a file in a sbin directory
+in the specified domain. This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain. This is not suggested. (Deprecated)
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the userhelper policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_check_exec_shell" lineno="799">
+<summary>
+Check if a shell is executable (DAC-wise).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_exec_shell" lineno="837">
+<summary>
+Execute shells in the caller domain.
+</summary>
+<desc>
+<p>
+Allow the specified domain to execute shells without
+a domain transition.
+</p>
+<p>
+Typically, this interface should be used when the domain
+executes shells within the privileges
+of the source domain. Some examples of these programs
+are bash, tcsh, and zsh.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corecmd_exec_bin()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_exec_ls" lineno="857">
+<summary>
+Execute ls in the caller domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_shell_spec_domtrans" lineno="891">
+<summary>
+Execute a shell in the target domain. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Execute a shell in the target domain. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the shell process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_shell_domtrans" lineno="926">
+<summary>
+Execute a shell in the specified domain.
+</summary>
+<desc>
+<p>
+Execute a shell in the specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the shell process.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_exec_chroot" lineno="945">
+<summary>
+Execute chroot in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_getattr_all_executables" lineno="966">
+<summary>
+Get the attributes of all executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="corecmd_read_all_executables" lineno="987">
+<summary>
+Read all executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="corecmd_exec_all_executables" lineno="1006">
+<summary>
+Execute all executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="corecmd_dontaudit_exec_all_executables" lineno="1027">
+<summary>
+Do not audit attempts to execute all executables.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_manage_all_executables" lineno="1046">
+<summary>
+Create, read, write, and all executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="corecmd_relabel_all_executables" lineno="1067">
+<summary>
+Relabel to and from the bin type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="corecmd_mmap_all_executables" lineno="1086">
+<summary>
+Mmap all executables as executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
+<summary>Policy controlling access to network objects</summary>
+<required val="true">
+Contains the initial SIDs for network objects.
+</required>
+<interface name="corenet_port" lineno="29">
+<summary>
+Define type to be a network port type
+</summary>
+<desc>
+<p>
+Define type to be a network port type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for network ports.
+</summary>
+</param>
+</interface>
+<interface name="corenet_reserved_port" lineno="56">
+<summary>
+Define network type to be a reserved port (lt 1024)
+</summary>
+<desc>
+<p>
+Define network type to be a reserved port (lt 1024)
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for network ports.
+</summary>
+</param>
+</interface>
+<interface name="corenet_rpc_port" lineno="83">
+<summary>
+Define network type to be a rpc port ( 512 lt PORT lt 1024)
+</summary>
+<desc>
+<p>
+Define network type to be a rpc port ( 512 lt PORT lt 1024)
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for network ports.
+</summary>
+</param>
+</interface>
+<interface name="corenet_node" lineno="110">
+<summary>
+Define type to be a network node type
+</summary>
+<desc>
+<p>
+Define type to be a network node type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for network nodes.
+</summary>
+</param>
+</interface>
+<interface name="corenet_packet" lineno="137">
+<summary>
+Define type to be a network packet type
+</summary>
+<desc>
+<p>
+Define type to be a network packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for a network packet.
+</summary>
+</param>
+</interface>
+<interface name="corenet_client_packet" lineno="164">
+<summary>
+Define type to be a network client packet type
+</summary>
+<desc>
+<p>
+Define type to be a network client packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for a network client packet.
+</summary>
+</param>
+</interface>
+<interface name="corenet_server_packet" lineno="191">
+<summary>
+Define type to be a network server packet type
+</summary>
+<desc>
+<p>
+Define type to be a network server packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for a network server packet.
+</summary>
+</param>
+</interface>
+<interface name="corenet_spd_type" lineno="210">
+<summary>
+Make the specified type usable
+for labeled ipsec.
+</summary>
+<param name="domain">
+<summary>
+Type to be used for labeled ipsec.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_generic_if" lineno="256">
+<summary>
+Send and receive TCP network traffic on generic interfaces.
+</summary>
+<desc>
+<p>
+Allow the specified domain to send and receive TCP network
+traffic on generic network interfaces.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_generic_if" lineno="274">
+<summary>
+Send UDP network traffic on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_send_generic_if" lineno="293">
+<summary>
+Dontaudit attempts to send UDP network traffic
+on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_generic_if" lineno="311">
+<summary>
+Receive UDP network traffic on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="330">
+<summary>
+Do not audit attempts to receive UDP network
+traffic on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_generic_if" lineno="374">
+<summary>
+Send and receive UDP network traffic on generic interfaces.
+</summary>
+<desc>
+<p>
+Allow the specified domain to send and receive UDP network
+traffic on generic network interfaces.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_node()</li>
+<li>corenet_udp_sendrecv_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="390">
+<summary>
+Do not audit attempts to send and receive UDP network
+traffic on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_send_generic_if" lineno="405">
+<summary>
+Send raw IP packets on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_receive_generic_if" lineno="423">
+<summary>
+Receive raw IP packets on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_sendrecv_generic_if" lineno="441">
+<summary>
+Send and receive raw IP packets on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_out_generic_if" lineno="457">
+<summary>
+Allow outgoing network traffic on the generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the outgoing network traffic.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_in_generic_if" lineno="476">
+<summary>
+Allow incoming traffic on the generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the incoming network traffic.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_inout_generic_if" lineno="495">
+<summary>
+Allow incoming and outgoing network traffic on the generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the network traffic.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_tcp_sendrecv_all_if" lineno="510">
+<summary>
+Send and receive TCP network traffic on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_send_all_if" lineno="528">
+<summary>
+Send UDP network traffic on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_all_if" lineno="546">
+<summary>
+Receive UDP network traffic on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_all_if" lineno="564">
+<summary>
+Send and receive UDP network traffic on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_send_all_if" lineno="579">
+<summary>
+Send raw IP packets on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_receive_all_if" lineno="597">
+<summary>
+Receive raw IP packets on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_sendrecv_all_if" lineno="615">
+<summary>
+Send and receive raw IP packets on all interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_generic_node" lineno="658">
+<summary>
+Send and receive TCP network traffic on generic nodes.
+</summary>
+<desc>
+<p>
+Allow the specified domain to send and receive TCP network
+traffic to/from generic network nodes (hostnames/networks).
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_generic_node" lineno="676">
+<summary>
+Send UDP network traffic on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_generic_node" lineno="694">
+<summary>
+Receive UDP network traffic on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_generic_node" lineno="738">
+<summary>
+Send and receive UDP network traffic on generic nodes.
+</summary>
+<desc>
+<p>
+Allow the specified domain to send and receive UDP network
+traffic to/from generic network nodes (hostnames/networks).
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_if()</li>
+<li>corenet_udp_sendrecv_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_raw_send_generic_node" lineno="753">
+<summary>
+Send raw IP packets on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_receive_generic_node" lineno="771">
+<summary>
+Receive raw IP packets on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_sendrecv_generic_node" lineno="789">
+<summary>
+Send and receive raw IP packets on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_generic_node" lineno="819">
+<summary>
+Bind TCP sockets to generic nodes.
+</summary>
+<desc>
+<p>
+Bind TCP sockets to generic nodes. This is
+necessary for binding a socket so it
+can be used for servers to listen
+for incoming connections.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_udp_bind_generic_node()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="1"/>
+</interface>
+<interface name="corenet_udp_bind_generic_node" lineno="852">
+<summary>
+Bind UDP sockets to generic nodes.
+</summary>
+<desc>
+<p>
+Bind UDP sockets to generic nodes. This is
+necessary for binding a socket so it
+can be used for servers to listen
+for incoming connections.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_tcp_bind_generic_node()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="1"/>
+</interface>
+<interface name="corenet_raw_bind_generic_node" lineno="871">
+<summary>
+Bind raw sockets to genric nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_out_generic_node" lineno="890">
+<summary>
+Allow outgoing network traffic to generic nodes.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the outgoing network traffic.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_in_generic_node" lineno="909">
+<summary>
+Allow incoming network traffic from generic nodes.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the incoming network traffic.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_inout_generic_node" lineno="928">
+<summary>
+Allow incoming and outgoing network traffic with generic nodes.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the network traffic.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_tcp_sendrecv_all_nodes" lineno="943">
+<summary>
+Send and receive TCP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_send_all_nodes" lineno="961">
+<summary>
+Send UDP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="980">
+<summary>
+Do not audit attempts to send UDP network
+traffic on any nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_all_nodes" lineno="998">
+<summary>
+Receive UDP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="1017">
+<summary>
+Do not audit attempts to receive UDP
+network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_all_nodes" lineno="1035">
+<summary>
+Send and receive UDP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1051">
+<summary>
+Do not audit attempts to send and receive UDP
+network traffic on any nodes nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_send_all_nodes" lineno="1066">
+<summary>
+Send raw IP packets on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_receive_all_nodes" lineno="1084">
+<summary>
+Receive raw IP packets on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_sendrecv_all_nodes" lineno="1102">
+<summary>
+Send and receive raw IP packets on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_all_nodes" lineno="1117">
+<summary>
+Bind TCP sockets to all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_all_nodes" lineno="1135">
+<summary>
+Bind UDP sockets to all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_bind_all_nodes" lineno="1154">
+<summary>
+Bind raw sockets to all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_generic_port" lineno="1172">
+<summary>
+Send and receive TCP network traffic on generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1190">
+<summary>
+Do not audit send and receive TCP network traffic on generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_send_generic_port" lineno="1208">
+<summary>
+Send UDP network traffic on generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_generic_port" lineno="1226">
+<summary>
+Receive UDP network traffic on generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_generic_port" lineno="1244">
+<summary>
+Send and receive UDP network traffic on generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_generic_port" lineno="1259">
+<summary>
+Bind TCP sockets to generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1279">
+<summary>
+Do not audit bind TCP sockets to generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_generic_port" lineno="1297">
+<summary>
+Bind UDP sockets to generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_generic_port" lineno="1317">
+<summary>
+Connect TCP sockets to generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_all_ports" lineno="1361">
+<summary>
+Send and receive TCP network traffic on all ports.
+</summary>
+<desc>
+<p>
+Send and receive TCP network traffic on all ports.
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+<li>corenet_tcp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_all_ports" lineno="1379">
+<summary>
+Send UDP network traffic on all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_all_ports" lineno="1397">
+<summary>
+Receive UDP network traffic on all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_all_ports" lineno="1439">
+<summary>
+Send and receive UDP network traffic on all ports.
+</summary>
+<desc>
+<p>
+Send and receive UDP network traffic on all ports.
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_if()</li>
+<li>corenet_udp_sendrecv_generic_node()</li>
+<li>corenet_udp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_tcp_bind_all_ports" lineno="1454">
+<summary>
+Bind TCP sockets to all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1473">
+<summary>
+Do not audit attepts to bind TCP sockets to any ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_all_ports" lineno="1491">
+<summary>
+Bind UDP sockets to all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="1510">
+<summary>
+Do not audit attepts to bind UDP sockets to any ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_all_ports" lineno="1556">
+<summary>
+Connect TCP sockets to all ports.
+</summary>
+<desc>
+<p>
+Connect TCP sockets to all ports
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="1"/>
+</interface>
+<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="1575">
+<summary>
+Do not audit attempts to connect TCP sockets
+to all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_reserved_port" lineno="1593">
+<summary>
+Send and receive TCP network traffic on generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_send_reserved_port" lineno="1611">
+<summary>
+Send UDP network traffic on generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_reserved_port" lineno="1629">
+<summary>
+Receive UDP network traffic on generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_reserved_port" lineno="1647">
+<summary>
+Send and receive UDP network traffic on generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_reserved_port" lineno="1662">
+<summary>
+Bind TCP sockets to generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_reserved_port" lineno="1681">
+<summary>
+Bind UDP sockets to generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_reserved_port" lineno="1700">
+<summary>
+Connect TCP sockets to generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="1718">
+<summary>
+Send and receive TCP network traffic on all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_send_all_reserved_ports" lineno="1736">
+<summary>
+Send UDP network traffic on all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_receive_all_reserved_ports" lineno="1754">
+<summary>
+Receive UDP network traffic on all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="1772">
+<summary>
+Send and receive UDP network traffic on all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_all_reserved_ports" lineno="1787">
+<summary>
+Bind TCP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="1806">
+<summary>
+Do not audit attempts to bind TCP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_all_reserved_ports" lineno="1824">
+<summary>
+Bind UDP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="1843">
+<summary>
+Do not audit attempts to bind UDP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="1861">
+<summary>
+Bind TCP sockets to all ports > 1024.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_all_unreserved_ports" lineno="1879">
+<summary>
+Bind UDP sockets to all ports > 1024.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_all_reserved_ports" lineno="1897">
+<summary>
+Connect TCP sockets to reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="1915">
+<summary>
+Connect TCP sockets to all ports > 1024.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="1934">
+<summary>
+Do not audit attempts to connect TCP sockets
+all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_connect_all_rpc_ports" lineno="1952">
+<summary>
+Connect TCP sockets to rpc ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="1971">
+<summary>
+Do not audit attempts to connect TCP sockets
+all rpc ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_rw_tun_tap_dev" lineno="1989">
+<summary>
+Read and write the TUN/TAP virtual network device.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="2009">
+<summary>
+Do not audit attempts to read or write the TUN/TAP
+virtual network device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_getattr_ppp_dev" lineno="2027">
+<summary>
+Getattr the point-to-point device.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_rw_ppp_dev" lineno="2045">
+<summary>
+Read and write the point-to-point device.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_bind_all_rpc_ports" lineno="2064">
+<summary>
+Bind TCP sockets to all RPC ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="2083">
+<summary>
+Do not audit attempts to bind TCP sockets to all RPC ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_all_rpc_ports" lineno="2101">
+<summary>
+Bind UDP sockets to all RPC ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="2120">
+<summary>
+Do not audit attempts to bind UDP sockets to all RPC ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_non_ipsec_sendrecv" lineno="2151">
+<summary>
+Send and receive messages on a
+non-encrypted (no IPSEC) network
+session.
+</summary>
+<desc>
+<p>
+Send and receive messages on a
+non-encrypted (no IPSEC) network
+session. (Deprecated)
+</p>
+<p>
+The corenet_all_recvfrom_unlabeled() interface should be used instead
+of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_non_ipsec_sendrecv" lineno="2179">
+<summary>
+Do not audit attempts to send and receive
+messages on a non-encrypted (no IPSEC) network
+session.
+</summary>
+<desc>
+<p>
+Do not audit attempts to send and receive
+messages on a non-encrypted (no IPSEC) network
+session.
+</p>
+<p>
+The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
+used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_recv_netlabel" lineno="2194">
+<summary>
+Receive TCP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_recvfrom_netlabel" lineno="2209">
+<summary>
+Receive TCP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_recvfrom_unlabeled" lineno="2228">
+<summary>
+Receive TCP packets from an unlabled connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_recv_netlabel" lineno="2249">
+<summary>
+Do not audit attempts to receive TCP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="2265">
+<summary>
+Do not audit attempts to receive TCP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="2285">
+<summary>
+Do not audit attempts to receive TCP packets from an unlabeled
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_recv_netlabel" lineno="2305">
+<summary>
+Receive UDP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_recvfrom_netlabel" lineno="2320">
+<summary>
+Receive UDP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_recvfrom_unlabeled" lineno="2339">
+<summary>
+Receive UDP packets from an unlabeled connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_recv_netlabel" lineno="2360">
+<summary>
+Do not audit attempts to receive UDP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="2376">
+<summary>
+Do not audit attempts to receive UDP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="2396">
+<summary>
+Do not audit attempts to receive UDP packets from an unlabeled
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_recv_netlabel" lineno="2416">
+<summary>
+Receive Raw IP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_recvfrom_netlabel" lineno="2431">
+<summary>
+Receive Raw IP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_recvfrom_unlabeled" lineno="2450">
+<summary>
+Receive Raw IP packets from an unlabeled connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_raw_recv_netlabel" lineno="2471">
+<summary>
+Do not audit attempts to receive Raw IP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="2487">
+<summary>
+Do not audit attempts to receive Raw IP packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="2507">
+<summary>
+Do not audit attempts to receive Raw IP packets from an unlabeled
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_all_recvfrom_unlabeled" lineno="2539">
+<summary>
+Receive packets from an unlabeled connection.
+</summary>
+<desc>
+<p>
+Allow the specified domain to receive packets from an
+unlabeled connection. On machines that do not utilize
+labeled networking, this will be required on all
+networking domains. On machines tha do utilize
+labeled networking, this will be required for any
+networking domain that is allowed to receive
+network traffic that does not have a label.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_all_recvfrom_netlabel" lineno="2572">
+<summary>
+Receive packets from a NetLabel connection.
+</summary>
+<desc>
+<p>
+Allow the specified domain to receive NetLabel
+network traffic, which utilizes the Commercial IP
+Security Option (CIPSO) to set the MLS level
+of the network packets. This is required for
+all networking domains that receive NetLabel
+network traffic.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="2591">
+<summary>
+Do not audit attempts to receive packets from an unlabeled connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="2614">
+<summary>
+Do not audit attempts to receive packets from a NetLabel
+connection.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_recvfrom_labeled" lineno="2646">
+<summary>
+Rules for receiving labeled TCP packets.
+</summary>
+<desc>
+<p>
+Rules for receiving labeled TCP packets.
+</p>
+<p>
+Due to the nature of TCP, this is bidirectional.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_recvfrom_labeled" lineno="2674">
+<summary>
+Rules for receiving labeled UDP packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_recvfrom_labeled" lineno="2699">
+<summary>
+Rules for receiving labeled raw IP packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_all_recvfrom_labeled" lineno="2733">
+<summary>
+Rules for receiving labeled packets via TCP, UDP and raw IP.
+</summary>
+<desc>
+<p>
+Rules for receiving labeled packets via TCP, UDP and raw IP.
+</p>
+<p>
+Due to the nature of TCP, the rules (for TCP
+networking only) are bidirectional.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_setcontext_all_spds" lineno="2750">
+<summary>
+Make the specified type usable
+for labeled ipsec.
+</summary>
+<param name="domain">
+<summary>
+Type to be used for labeled ipsec.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_generic_client_packets" lineno="2768">
+<summary>
+Send generic client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_receive_generic_client_packets" lineno="2786">
+<summary>
+Receive generic client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_generic_client_packets" lineno="2804">
+<summary>
+Send and receive generic client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_relabelto_generic_client_packets" lineno="2819">
+<summary>
+Relabel packets to the generic client packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_generic_server_packets" lineno="2837">
+<summary>
+Send generic server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_receive_generic_server_packets" lineno="2855">
+<summary>
+Receive generic server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_generic_server_packets" lineno="2873">
+<summary>
+Send and receive generic server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_relabelto_generic_server_packets" lineno="2888">
+<summary>
+Relabel packets to the generic server packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_unlabeled_packets" lineno="2913">
+<summary>
+Send and receive unlabeled packets.
+</summary>
+<desc>
+<p>
+Send and receive unlabeled packets.
+These packets do not match any netfilter
+SECMARK rules.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_all_client_packets" lineno="2927">
+<summary>
+Send all client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_receive_all_client_packets" lineno="2945">
+<summary>
+Receive all client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_all_client_packets" lineno="2963">
+<summary>
+Send and receive all client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_relabelto_all_client_packets" lineno="2978">
+<summary>
+Relabel packets to any client packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_all_server_packets" lineno="2996">
+<summary>
+Send all server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_receive_all_server_packets" lineno="3014">
+<summary>
+Receive all server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_all_server_packets" lineno="3032">
+<summary>
+Send and receive all server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_relabelto_all_server_packets" lineno="3047">
+<summary>
+Relabel packets to any server packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_all_packets" lineno="3065">
+<summary>
+Send all packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_receive_all_packets" lineno="3083">
+<summary>
+Receive all packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_sendrecv_all_packets" lineno="3101">
+<summary>
+Send and receive all packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_relabelto_all_packets" lineno="3116">
+<summary>
+Relabel packets to any packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_unconfined" lineno="3134">
+<summary>
+Unconfined access to network objects.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="3154">
+<summary>
+Send and receive TCP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_afs_bos_port" lineno="3173">
+<summary>
+Send UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="3192">
+<summary>
+Do not audit attempts to send UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_afs_bos_port" lineno="3211">
+<summary>
+Receive UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="3230">
+<summary>
+Do not audit attempts to receive UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="3249">
+<summary>
+Send and receive UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="3266">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_afs_bos_port" lineno="3282">
+<summary>
+Bind TCP sockets to the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_afs_bos_port" lineno="3302">
+<summary>
+Bind UDP sockets to the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_bos_port" lineno="3321">
+<summary>
+Make a TCP connection to the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_bos_client_packets" lineno="3341">
+<summary>
+Send afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="3360">
+<summary>
+Do not audit attempts to send afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_bos_client_packets" lineno="3379">
+<summary>
+Receive afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="3398">
+<summary>
+Do not audit attempts to receive afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="3417">
+<summary>
+Send and receive afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="3433">
+<summary>
+Do not audit attempts to send and receive afs_bos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_bos_client_packets" lineno="3448">
+<summary>
+Relabel packets to afs_bos_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_bos_server_packets" lineno="3468">
+<summary>
+Send afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="3487">
+<summary>
+Do not audit attempts to send afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_bos_server_packets" lineno="3506">
+<summary>
+Receive afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="3525">
+<summary>
+Do not audit attempts to receive afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="3544">
+<summary>
+Send and receive afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="3560">
+<summary>
+Do not audit attempts to send and receive afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_bos_server_packets" lineno="3575">
+<summary>
+Relabel packets to afs_bos_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="3597">
+<summary>
+Send and receive TCP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_afs_fs_port" lineno="3616">
+<summary>
+Send UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="3635">
+<summary>
+Do not audit attempts to send UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_afs_fs_port" lineno="3654">
+<summary>
+Receive UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="3673">
+<summary>
+Do not audit attempts to receive UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="3692">
+<summary>
+Send and receive UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="3709">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_afs_fs_port" lineno="3725">
+<summary>
+Bind TCP sockets to the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_afs_fs_port" lineno="3745">
+<summary>
+Bind UDP sockets to the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_fs_port" lineno="3764">
+<summary>
+Make a TCP connection to the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_fs_client_packets" lineno="3784">
+<summary>
+Send afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="3803">
+<summary>
+Do not audit attempts to send afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_fs_client_packets" lineno="3822">
+<summary>
+Receive afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="3841">
+<summary>
+Do not audit attempts to receive afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="3860">
+<summary>
+Send and receive afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="3876">
+<summary>
+Do not audit attempts to send and receive afs_fs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_fs_client_packets" lineno="3891">
+<summary>
+Relabel packets to afs_fs_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_fs_server_packets" lineno="3911">
+<summary>
+Send afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="3930">
+<summary>
+Do not audit attempts to send afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_fs_server_packets" lineno="3949">
+<summary>
+Receive afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="3968">
+<summary>
+Do not audit attempts to receive afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="3987">
+<summary>
+Send and receive afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="4003">
+<summary>
+Do not audit attempts to send and receive afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_fs_server_packets" lineno="4018">
+<summary>
+Relabel packets to afs_fs_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="4040">
+<summary>
+Send and receive TCP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_afs_ka_port" lineno="4059">
+<summary>
+Send UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="4078">
+<summary>
+Do not audit attempts to send UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_afs_ka_port" lineno="4097">
+<summary>
+Receive UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="4116">
+<summary>
+Do not audit attempts to receive UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="4135">
+<summary>
+Send and receive UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="4152">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_afs_ka_port" lineno="4168">
+<summary>
+Bind TCP sockets to the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_afs_ka_port" lineno="4188">
+<summary>
+Bind UDP sockets to the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_ka_port" lineno="4207">
+<summary>
+Make a TCP connection to the afs_ka port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_ka_client_packets" lineno="4227">
+<summary>
+Send afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="4246">
+<summary>
+Do not audit attempts to send afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_ka_client_packets" lineno="4265">
+<summary>
+Receive afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="4284">
+<summary>
+Do not audit attempts to receive afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="4303">
+<summary>
+Send and receive afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="4319">
+<summary>
+Do not audit attempts to send and receive afs_ka_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_ka_client_packets" lineno="4334">
+<summary>
+Relabel packets to afs_ka_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_ka_server_packets" lineno="4354">
+<summary>
+Send afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="4373">
+<summary>
+Do not audit attempts to send afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_ka_server_packets" lineno="4392">
+<summary>
+Receive afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="4411">
+<summary>
+Do not audit attempts to receive afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="4430">
+<summary>
+Send and receive afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="4446">
+<summary>
+Do not audit attempts to send and receive afs_ka_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_ka_server_packets" lineno="4461">
+<summary>
+Relabel packets to afs_ka_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="4483">
+<summary>
+Send and receive TCP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_afs_pt_port" lineno="4502">
+<summary>
+Send UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="4521">
+<summary>
+Do not audit attempts to send UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_afs_pt_port" lineno="4540">
+<summary>
+Receive UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="4559">
+<summary>
+Do not audit attempts to receive UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="4578">
+<summary>
+Send and receive UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="4595">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_afs_pt_port" lineno="4611">
+<summary>
+Bind TCP sockets to the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_afs_pt_port" lineno="4631">
+<summary>
+Bind UDP sockets to the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_pt_port" lineno="4650">
+<summary>
+Make a TCP connection to the afs_pt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_pt_client_packets" lineno="4670">
+<summary>
+Send afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="4689">
+<summary>
+Do not audit attempts to send afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_pt_client_packets" lineno="4708">
+<summary>
+Receive afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="4727">
+<summary>
+Do not audit attempts to receive afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="4746">
+<summary>
+Send and receive afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="4762">
+<summary>
+Do not audit attempts to send and receive afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_pt_client_packets" lineno="4777">
+<summary>
+Relabel packets to afs_pt_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_pt_server_packets" lineno="4797">
+<summary>
+Send afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="4816">
+<summary>
+Do not audit attempts to send afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_pt_server_packets" lineno="4835">
+<summary>
+Receive afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="4854">
+<summary>
+Do not audit attempts to receive afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="4873">
+<summary>
+Send and receive afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="4889">
+<summary>
+Do not audit attempts to send and receive afs_pt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_pt_server_packets" lineno="4904">
+<summary>
+Relabel packets to afs_pt_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="4926">
+<summary>
+Send and receive TCP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_afs_vl_port" lineno="4945">
+<summary>
+Send UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="4964">
+<summary>
+Do not audit attempts to send UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_afs_vl_port" lineno="4983">
+<summary>
+Receive UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="5002">
+<summary>
+Do not audit attempts to receive UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="5021">
+<summary>
+Send and receive UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="5038">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_afs_vl_port" lineno="5054">
+<summary>
+Bind TCP sockets to the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_afs_vl_port" lineno="5074">
+<summary>
+Bind UDP sockets to the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_vl_port" lineno="5093">
+<summary>
+Make a TCP connection to the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_vl_client_packets" lineno="5113">
+<summary>
+Send afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="5132">
+<summary>
+Do not audit attempts to send afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_vl_client_packets" lineno="5151">
+<summary>
+Receive afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="5170">
+<summary>
+Do not audit attempts to receive afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="5189">
+<summary>
+Send and receive afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="5205">
+<summary>
+Do not audit attempts to send and receive afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_vl_client_packets" lineno="5220">
+<summary>
+Relabel packets to afs_vl_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_afs_vl_server_packets" lineno="5240">
+<summary>
+Send afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="5259">
+<summary>
+Do not audit attempts to send afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_vl_server_packets" lineno="5278">
+<summary>
+Receive afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="5297">
+<summary>
+Do not audit attempts to receive afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="5316">
+<summary>
+Send and receive afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="5332">
+<summary>
+Do not audit attempts to send and receive afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_vl_server_packets" lineno="5347">
+<summary>
+Relabel packets to afs_vl_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_agentx_port" lineno="5369">
+<summary>
+Send and receive TCP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_agentx_port" lineno="5388">
+<summary>
+Send UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="5407">
+<summary>
+Do not audit attempts to send UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_agentx_port" lineno="5426">
+<summary>
+Receive UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="5445">
+<summary>
+Do not audit attempts to receive UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_agentx_port" lineno="5464">
+<summary>
+Send and receive UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="5481">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_agentx_port" lineno="5497">
+<summary>
+Bind TCP sockets to the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_agentx_port" lineno="5517">
+<summary>
+Bind UDP sockets to the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_agentx_port" lineno="5536">
+<summary>
+Make a TCP connection to the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_agentx_client_packets" lineno="5556">
+<summary>
+Send agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="5575">
+<summary>
+Do not audit attempts to send agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_agentx_client_packets" lineno="5594">
+<summary>
+Receive agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="5613">
+<summary>
+Do not audit attempts to receive agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_agentx_client_packets" lineno="5632">
+<summary>
+Send and receive agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="5648">
+<summary>
+Do not audit attempts to send and receive agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_agentx_client_packets" lineno="5663">
+<summary>
+Relabel packets to agentx_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_agentx_server_packets" lineno="5683">
+<summary>
+Send agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="5702">
+<summary>
+Do not audit attempts to send agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_agentx_server_packets" lineno="5721">
+<summary>
+Receive agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="5740">
+<summary>
+Do not audit attempts to receive agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_agentx_server_packets" lineno="5759">
+<summary>
+Send and receive agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="5775">
+<summary>
+Do not audit attempts to send and receive agentx_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_agentx_server_packets" lineno="5790">
+<summary>
+Relabel packets to agentx_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_amanda_port" lineno="5812">
+<summary>
+Send and receive TCP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_amanda_port" lineno="5831">
+<summary>
+Send UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="5850">
+<summary>
+Do not audit attempts to send UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amanda_port" lineno="5869">
+<summary>
+Receive UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="5888">
+<summary>
+Do not audit attempts to receive UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_amanda_port" lineno="5907">
+<summary>
+Send and receive UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="5924">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_amanda_port" lineno="5940">
+<summary>
+Bind TCP sockets to the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_amanda_port" lineno="5960">
+<summary>
+Bind UDP sockets to the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_amanda_port" lineno="5979">
+<summary>
+Make a TCP connection to the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amanda_client_packets" lineno="5999">
+<summary>
+Send amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="6018">
+<summary>
+Do not audit attempts to send amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amanda_client_packets" lineno="6037">
+<summary>
+Receive amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="6056">
+<summary>
+Do not audit attempts to receive amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amanda_client_packets" lineno="6075">
+<summary>
+Send and receive amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="6091">
+<summary>
+Do not audit attempts to send and receive amanda_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amanda_client_packets" lineno="6106">
+<summary>
+Relabel packets to amanda_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amanda_server_packets" lineno="6126">
+<summary>
+Send amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="6145">
+<summary>
+Do not audit attempts to send amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amanda_server_packets" lineno="6164">
+<summary>
+Receive amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="6183">
+<summary>
+Do not audit attempts to receive amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amanda_server_packets" lineno="6202">
+<summary>
+Send and receive amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="6218">
+<summary>
+Do not audit attempts to send and receive amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amanda_server_packets" lineno="6233">
+<summary>
+Relabel packets to amanda_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="6255">
+<summary>
+Send and receive TCP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_amavisd_recv_port" lineno="6274">
+<summary>
+Send UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="6293">
+<summary>
+Do not audit attempts to send UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amavisd_recv_port" lineno="6312">
+<summary>
+Receive UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="6331">
+<summary>
+Do not audit attempts to receive UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="6350">
+<summary>
+Send and receive UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="6367">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="6383">
+<summary>
+Bind TCP sockets to the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_amavisd_recv_port" lineno="6403">
+<summary>
+Bind UDP sockets to the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="6422">
+<summary>
+Make a TCP connection to the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amavisd_recv_client_packets" lineno="6442">
+<summary>
+Send amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="6461">
+<summary>
+Do not audit attempts to send amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amavisd_recv_client_packets" lineno="6480">
+<summary>
+Receive amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="6499">
+<summary>
+Do not audit attempts to receive amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="6518">
+<summary>
+Send and receive amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="6534">
+<summary>
+Do not audit attempts to send and receive amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="6549">
+<summary>
+Relabel packets to amavisd_recv_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amavisd_recv_server_packets" lineno="6569">
+<summary>
+Send amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="6588">
+<summary>
+Do not audit attempts to send amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amavisd_recv_server_packets" lineno="6607">
+<summary>
+Receive amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="6626">
+<summary>
+Do not audit attempts to receive amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="6645">
+<summary>
+Send and receive amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="6661">
+<summary>
+Do not audit attempts to send and receive amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="6676">
+<summary>
+Relabel packets to amavisd_recv_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="6698">
+<summary>
+Send and receive TCP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_amavisd_send_port" lineno="6717">
+<summary>
+Send UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="6736">
+<summary>
+Do not audit attempts to send UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amavisd_send_port" lineno="6755">
+<summary>
+Receive UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="6774">
+<summary>
+Do not audit attempts to receive UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="6793">
+<summary>
+Send and receive UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="6810">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_amavisd_send_port" lineno="6826">
+<summary>
+Bind TCP sockets to the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_amavisd_send_port" lineno="6846">
+<summary>
+Bind UDP sockets to the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_amavisd_send_port" lineno="6865">
+<summary>
+Make a TCP connection to the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amavisd_send_client_packets" lineno="6885">
+<summary>
+Send amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="6904">
+<summary>
+Do not audit attempts to send amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amavisd_send_client_packets" lineno="6923">
+<summary>
+Receive amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="6942">
+<summary>
+Do not audit attempts to receive amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="6961">
+<summary>
+Send and receive amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="6977">
+<summary>
+Do not audit attempts to send and receive amavisd_send_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="6992">
+<summary>
+Relabel packets to amavisd_send_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amavisd_send_server_packets" lineno="7012">
+<summary>
+Send amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="7031">
+<summary>
+Do not audit attempts to send amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amavisd_send_server_packets" lineno="7050">
+<summary>
+Receive amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="7069">
+<summary>
+Do not audit attempts to receive amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="7088">
+<summary>
+Send and receive amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="7104">
+<summary>
+Do not audit attempts to send and receive amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="7119">
+<summary>
+Relabel packets to amavisd_send_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_amqp_port" lineno="7141">
+<summary>
+Send and receive TCP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_amqp_port" lineno="7160">
+<summary>
+Send UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="7179">
+<summary>
+Do not audit attempts to send UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amqp_port" lineno="7198">
+<summary>
+Receive UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="7217">
+<summary>
+Do not audit attempts to receive UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_amqp_port" lineno="7236">
+<summary>
+Send and receive UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="7253">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_amqp_port" lineno="7269">
+<summary>
+Bind TCP sockets to the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_amqp_port" lineno="7289">
+<summary>
+Bind UDP sockets to the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_amqp_port" lineno="7308">
+<summary>
+Make a TCP connection to the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amqp_client_packets" lineno="7328">
+<summary>
+Send amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="7347">
+<summary>
+Do not audit attempts to send amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amqp_client_packets" lineno="7366">
+<summary>
+Receive amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="7385">
+<summary>
+Do not audit attempts to receive amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amqp_client_packets" lineno="7404">
+<summary>
+Send and receive amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="7420">
+<summary>
+Do not audit attempts to send and receive amqp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amqp_client_packets" lineno="7435">
+<summary>
+Relabel packets to amqp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_amqp_server_packets" lineno="7455">
+<summary>
+Send amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="7474">
+<summary>
+Do not audit attempts to send amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amqp_server_packets" lineno="7493">
+<summary>
+Receive amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="7512">
+<summary>
+Do not audit attempts to receive amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_amqp_server_packets" lineno="7531">
+<summary>
+Send and receive amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="7547">
+<summary>
+Do not audit attempts to send and receive amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amqp_server_packets" lineno="7562">
+<summary>
+Relabel packets to amqp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_aol_port" lineno="7584">
+<summary>
+Send and receive TCP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_aol_port" lineno="7603">
+<summary>
+Send UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_aol_port" lineno="7622">
+<summary>
+Do not audit attempts to send UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_aol_port" lineno="7641">
+<summary>
+Receive UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="7660">
+<summary>
+Do not audit attempts to receive UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_aol_port" lineno="7679">
+<summary>
+Send and receive UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="7696">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_aol_port" lineno="7712">
+<summary>
+Bind TCP sockets to the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_aol_port" lineno="7732">
+<summary>
+Bind UDP sockets to the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_aol_port" lineno="7751">
+<summary>
+Make a TCP connection to the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_aol_client_packets" lineno="7771">
+<summary>
+Send aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_aol_client_packets" lineno="7790">
+<summary>
+Do not audit attempts to send aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_aol_client_packets" lineno="7809">
+<summary>
+Receive aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="7828">
+<summary>
+Do not audit attempts to receive aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_aol_client_packets" lineno="7847">
+<summary>
+Send and receive aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="7863">
+<summary>
+Do not audit attempts to send and receive aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_aol_client_packets" lineno="7878">
+<summary>
+Relabel packets to aol_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_aol_server_packets" lineno="7898">
+<summary>
+Send aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_aol_server_packets" lineno="7917">
+<summary>
+Do not audit attempts to send aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_aol_server_packets" lineno="7936">
+<summary>
+Receive aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="7955">
+<summary>
+Do not audit attempts to receive aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_aol_server_packets" lineno="7974">
+<summary>
+Send and receive aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="7990">
+<summary>
+Do not audit attempts to send and receive aol_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_aol_server_packets" lineno="8005">
+<summary>
+Relabel packets to aol_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="8027">
+<summary>
+Send and receive TCP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_apcupsd_port" lineno="8046">
+<summary>
+Send UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="8065">
+<summary>
+Do not audit attempts to send UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_apcupsd_port" lineno="8084">
+<summary>
+Receive UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="8103">
+<summary>
+Do not audit attempts to receive UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="8122">
+<summary>
+Send and receive UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="8139">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_apcupsd_port" lineno="8155">
+<summary>
+Bind TCP sockets to the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_apcupsd_port" lineno="8175">
+<summary>
+Bind UDP sockets to the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_apcupsd_port" lineno="8194">
+<summary>
+Make a TCP connection to the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_apcupsd_client_packets" lineno="8214">
+<summary>
+Send apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="8233">
+<summary>
+Do not audit attempts to send apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_apcupsd_client_packets" lineno="8252">
+<summary>
+Receive apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="8271">
+<summary>
+Do not audit attempts to receive apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="8290">
+<summary>
+Send and receive apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="8306">
+<summary>
+Do not audit attempts to send and receive apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_apcupsd_client_packets" lineno="8321">
+<summary>
+Relabel packets to apcupsd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_apcupsd_server_packets" lineno="8341">
+<summary>
+Send apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="8360">
+<summary>
+Do not audit attempts to send apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_apcupsd_server_packets" lineno="8379">
+<summary>
+Receive apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="8398">
+<summary>
+Do not audit attempts to receive apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="8417">
+<summary>
+Send and receive apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="8433">
+<summary>
+Do not audit attempts to send and receive apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_apcupsd_server_packets" lineno="8448">
+<summary>
+Relabel packets to apcupsd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="8470">
+<summary>
+Send and receive TCP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_asterisk_port" lineno="8489">
+<summary>
+Send UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="8508">
+<summary>
+Do not audit attempts to send UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_asterisk_port" lineno="8527">
+<summary>
+Receive UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="8546">
+<summary>
+Do not audit attempts to receive UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_asterisk_port" lineno="8565">
+<summary>
+Send and receive UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="8582">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_asterisk_port" lineno="8598">
+<summary>
+Bind TCP sockets to the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_asterisk_port" lineno="8618">
+<summary>
+Bind UDP sockets to the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_asterisk_port" lineno="8637">
+<summary>
+Make a TCP connection to the asterisk port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_asterisk_client_packets" lineno="8657">
+<summary>
+Send asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="8676">
+<summary>
+Do not audit attempts to send asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_asterisk_client_packets" lineno="8695">
+<summary>
+Receive asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="8714">
+<summary>
+Do not audit attempts to receive asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_asterisk_client_packets" lineno="8733">
+<summary>
+Send and receive asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="8749">
+<summary>
+Do not audit attempts to send and receive asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_asterisk_client_packets" lineno="8764">
+<summary>
+Relabel packets to asterisk_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_asterisk_server_packets" lineno="8784">
+<summary>
+Send asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="8803">
+<summary>
+Do not audit attempts to send asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_asterisk_server_packets" lineno="8822">
+<summary>
+Receive asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="8841">
+<summary>
+Do not audit attempts to receive asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_asterisk_server_packets" lineno="8860">
+<summary>
+Send and receive asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="8876">
+<summary>
+Do not audit attempts to send and receive asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_asterisk_server_packets" lineno="8891">
+<summary>
+Relabel packets to asterisk_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_audit_port" lineno="8913">
+<summary>
+Send and receive TCP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_audit_port" lineno="8932">
+<summary>
+Send UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_audit_port" lineno="8951">
+<summary>
+Do not audit attempts to send UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_audit_port" lineno="8970">
+<summary>
+Receive UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="8989">
+<summary>
+Do not audit attempts to receive UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_audit_port" lineno="9008">
+<summary>
+Send and receive UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="9025">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_audit_port" lineno="9041">
+<summary>
+Bind TCP sockets to the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_audit_port" lineno="9061">
+<summary>
+Bind UDP sockets to the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_audit_port" lineno="9080">
+<summary>
+Make a TCP connection to the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_audit_client_packets" lineno="9100">
+<summary>
+Send audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_audit_client_packets" lineno="9119">
+<summary>
+Do not audit attempts to send audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_audit_client_packets" lineno="9138">
+<summary>
+Receive audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="9157">
+<summary>
+Do not audit attempts to receive audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_audit_client_packets" lineno="9176">
+<summary>
+Send and receive audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="9192">
+<summary>
+Do not audit attempts to send and receive audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_audit_client_packets" lineno="9207">
+<summary>
+Relabel packets to audit_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_audit_server_packets" lineno="9227">
+<summary>
+Send audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_audit_server_packets" lineno="9246">
+<summary>
+Do not audit attempts to send audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_audit_server_packets" lineno="9265">
+<summary>
+Receive audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="9284">
+<summary>
+Do not audit attempts to receive audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_audit_server_packets" lineno="9303">
+<summary>
+Send and receive audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="9319">
+<summary>
+Do not audit attempts to send and receive audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_audit_server_packets" lineno="9334">
+<summary>
+Relabel packets to audit_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_auth_port" lineno="9356">
+<summary>
+Send and receive TCP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_auth_port" lineno="9375">
+<summary>
+Send UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_auth_port" lineno="9394">
+<summary>
+Do not audit attempts to send UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_auth_port" lineno="9413">
+<summary>
+Receive UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="9432">
+<summary>
+Do not audit attempts to receive UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_auth_port" lineno="9451">
+<summary>
+Send and receive UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="9468">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_auth_port" lineno="9484">
+<summary>
+Bind TCP sockets to the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_auth_port" lineno="9504">
+<summary>
+Bind UDP sockets to the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_auth_port" lineno="9523">
+<summary>
+Make a TCP connection to the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_auth_client_packets" lineno="9543">
+<summary>
+Send auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_auth_client_packets" lineno="9562">
+<summary>
+Do not audit attempts to send auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_auth_client_packets" lineno="9581">
+<summary>
+Receive auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="9600">
+<summary>
+Do not audit attempts to receive auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_auth_client_packets" lineno="9619">
+<summary>
+Send and receive auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="9635">
+<summary>
+Do not audit attempts to send and receive auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_auth_client_packets" lineno="9650">
+<summary>
+Relabel packets to auth_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_auth_server_packets" lineno="9670">
+<summary>
+Send auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_auth_server_packets" lineno="9689">
+<summary>
+Do not audit attempts to send auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_auth_server_packets" lineno="9708">
+<summary>
+Receive auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="9727">
+<summary>
+Do not audit attempts to receive auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_auth_server_packets" lineno="9746">
+<summary>
+Send and receive auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="9762">
+<summary>
+Do not audit attempts to send and receive auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_auth_server_packets" lineno="9777">
+<summary>
+Relabel packets to auth_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_bgp_port" lineno="9799">
+<summary>
+Send and receive TCP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_bgp_port" lineno="9818">
+<summary>
+Send UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="9837">
+<summary>
+Do not audit attempts to send UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_bgp_port" lineno="9856">
+<summary>
+Receive UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="9875">
+<summary>
+Do not audit attempts to receive UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_bgp_port" lineno="9894">
+<summary>
+Send and receive UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="9911">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_bgp_port" lineno="9927">
+<summary>
+Bind TCP sockets to the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_bgp_port" lineno="9947">
+<summary>
+Bind UDP sockets to the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_bgp_port" lineno="9966">
+<summary>
+Make a TCP connection to the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_bgp_client_packets" lineno="9986">
+<summary>
+Send bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="10005">
+<summary>
+Do not audit attempts to send bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_bgp_client_packets" lineno="10024">
+<summary>
+Receive bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="10043">
+<summary>
+Do not audit attempts to receive bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_bgp_client_packets" lineno="10062">
+<summary>
+Send and receive bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="10078">
+<summary>
+Do not audit attempts to send and receive bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_bgp_client_packets" lineno="10093">
+<summary>
+Relabel packets to bgp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_bgp_server_packets" lineno="10113">
+<summary>
+Send bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="10132">
+<summary>
+Do not audit attempts to send bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_bgp_server_packets" lineno="10151">
+<summary>
+Receive bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="10170">
+<summary>
+Do not audit attempts to receive bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_bgp_server_packets" lineno="10189">
+<summary>
+Send and receive bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="10205">
+<summary>
+Do not audit attempts to send and receive bgp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_bgp_server_packets" lineno="10220">
+<summary>
+Relabel packets to bgp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_boinc_port" lineno="10242">
+<summary>
+Send and receive TCP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_boinc_port" lineno="10261">
+<summary>
+Send UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="10280">
+<summary>
+Do not audit attempts to send UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_boinc_port" lineno="10299">
+<summary>
+Receive UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="10318">
+<summary>
+Do not audit attempts to receive UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_boinc_port" lineno="10337">
+<summary>
+Send and receive UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="10354">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_boinc_port" lineno="10370">
+<summary>
+Bind TCP sockets to the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_boinc_port" lineno="10390">
+<summary>
+Bind UDP sockets to the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_boinc_port" lineno="10409">
+<summary>
+Make a TCP connection to the boinc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_boinc_client_packets" lineno="10429">
+<summary>
+Send boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="10448">
+<summary>
+Do not audit attempts to send boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_boinc_client_packets" lineno="10467">
+<summary>
+Receive boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="10486">
+<summary>
+Do not audit attempts to receive boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_boinc_client_packets" lineno="10505">
+<summary>
+Send and receive boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="10521">
+<summary>
+Do not audit attempts to send and receive boinc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_boinc_client_packets" lineno="10536">
+<summary>
+Relabel packets to boinc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_boinc_server_packets" lineno="10556">
+<summary>
+Send boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="10575">
+<summary>
+Do not audit attempts to send boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_boinc_server_packets" lineno="10594">
+<summary>
+Receive boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="10613">
+<summary>
+Do not audit attempts to receive boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_boinc_server_packets" lineno="10632">
+<summary>
+Send and receive boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="10648">
+<summary>
+Do not audit attempts to send and receive boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_boinc_server_packets" lineno="10663">
+<summary>
+Relabel packets to boinc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_biff_port" lineno="10685">
+<summary>
+Send and receive TCP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_biff_port" lineno="10704">
+<summary>
+Send UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_biff_port" lineno="10723">
+<summary>
+Do not audit attempts to send UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_biff_port" lineno="10742">
+<summary>
+Receive UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_biff_port" lineno="10761">
+<summary>
+Do not audit attempts to receive UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_biff_port" lineno="10780">
+<summary>
+Send and receive UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_biff_port" lineno="10797">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_biff_port" lineno="10813">
+<summary>
+Bind TCP sockets to the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_biff_port" lineno="10833">
+<summary>
+Bind UDP sockets to the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_biff_port" lineno="10852">
+<summary>
+Make a TCP connection to the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_biff_client_packets" lineno="10872">
+<summary>
+Send biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_biff_client_packets" lineno="10891">
+<summary>
+Do not audit attempts to send biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_biff_client_packets" lineno="10910">
+<summary>
+Receive biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_biff_client_packets" lineno="10929">
+<summary>
+Do not audit attempts to receive biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_biff_client_packets" lineno="10948">
+<summary>
+Send and receive biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_biff_client_packets" lineno="10964">
+<summary>
+Do not audit attempts to send and receive biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_biff_client_packets" lineno="10979">
+<summary>
+Relabel packets to biff_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_biff_server_packets" lineno="10999">
+<summary>
+Send biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_biff_server_packets" lineno="11018">
+<summary>
+Do not audit attempts to send biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_biff_server_packets" lineno="11037">
+<summary>
+Receive biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_biff_server_packets" lineno="11056">
+<summary>
+Do not audit attempts to receive biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_biff_server_packets" lineno="11075">
+<summary>
+Send and receive biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_biff_server_packets" lineno="11091">
+<summary>
+Do not audit attempts to send and receive biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_biff_server_packets" lineno="11106">
+<summary>
+Relabel packets to biff_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="11128">
+<summary>
+Send and receive TCP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_certmaster_port" lineno="11147">
+<summary>
+Send UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="11166">
+<summary>
+Do not audit attempts to send UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_certmaster_port" lineno="11185">
+<summary>
+Receive UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="11204">
+<summary>
+Do not audit attempts to receive UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_certmaster_port" lineno="11223">
+<summary>
+Send and receive UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="11240">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_certmaster_port" lineno="11256">
+<summary>
+Bind TCP sockets to the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_certmaster_port" lineno="11276">
+<summary>
+Bind UDP sockets to the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_certmaster_port" lineno="11295">
+<summary>
+Make a TCP connection to the certmaster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_certmaster_client_packets" lineno="11315">
+<summary>
+Send certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="11334">
+<summary>
+Do not audit attempts to send certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_certmaster_client_packets" lineno="11353">
+<summary>
+Receive certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="11372">
+<summary>
+Do not audit attempts to receive certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_certmaster_client_packets" lineno="11391">
+<summary>
+Send and receive certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="11407">
+<summary>
+Do not audit attempts to send and receive certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_certmaster_client_packets" lineno="11422">
+<summary>
+Relabel packets to certmaster_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_certmaster_server_packets" lineno="11442">
+<summary>
+Send certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="11461">
+<summary>
+Do not audit attempts to send certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_certmaster_server_packets" lineno="11480">
+<summary>
+Receive certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="11499">
+<summary>
+Do not audit attempts to receive certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_certmaster_server_packets" lineno="11518">
+<summary>
+Send and receive certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="11534">
+<summary>
+Do not audit attempts to send and receive certmaster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_certmaster_server_packets" lineno="11549">
+<summary>
+Relabel packets to certmaster_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="11571">
+<summary>
+Send and receive TCP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_chronyd_port" lineno="11590">
+<summary>
+Send UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="11609">
+<summary>
+Do not audit attempts to send UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_chronyd_port" lineno="11628">
+<summary>
+Receive UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="11647">
+<summary>
+Do not audit attempts to receive UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_chronyd_port" lineno="11666">
+<summary>
+Send and receive UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="11683">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_chronyd_port" lineno="11699">
+<summary>
+Bind TCP sockets to the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_chronyd_port" lineno="11719">
+<summary>
+Bind UDP sockets to the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_chronyd_port" lineno="11738">
+<summary>
+Make a TCP connection to the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_chronyd_client_packets" lineno="11758">
+<summary>
+Send chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="11777">
+<summary>
+Do not audit attempts to send chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_chronyd_client_packets" lineno="11796">
+<summary>
+Receive chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="11815">
+<summary>
+Do not audit attempts to receive chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_chronyd_client_packets" lineno="11834">
+<summary>
+Send and receive chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="11850">
+<summary>
+Do not audit attempts to send and receive chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_chronyd_client_packets" lineno="11865">
+<summary>
+Relabel packets to chronyd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_chronyd_server_packets" lineno="11885">
+<summary>
+Send chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="11904">
+<summary>
+Do not audit attempts to send chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_chronyd_server_packets" lineno="11923">
+<summary>
+Receive chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="11942">
+<summary>
+Do not audit attempts to receive chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_chronyd_server_packets" lineno="11961">
+<summary>
+Send and receive chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="11977">
+<summary>
+Do not audit attempts to send and receive chronyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_chronyd_server_packets" lineno="11992">
+<summary>
+Relabel packets to chronyd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_clamd_port" lineno="12014">
+<summary>
+Send and receive TCP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_clamd_port" lineno="12033">
+<summary>
+Send UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="12052">
+<summary>
+Do not audit attempts to send UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_clamd_port" lineno="12071">
+<summary>
+Receive UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="12090">
+<summary>
+Do not audit attempts to receive UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_clamd_port" lineno="12109">
+<summary>
+Send and receive UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="12126">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_clamd_port" lineno="12142">
+<summary>
+Bind TCP sockets to the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_clamd_port" lineno="12162">
+<summary>
+Bind UDP sockets to the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_clamd_port" lineno="12181">
+<summary>
+Make a TCP connection to the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_clamd_client_packets" lineno="12201">
+<summary>
+Send clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="12220">
+<summary>
+Do not audit attempts to send clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_clamd_client_packets" lineno="12239">
+<summary>
+Receive clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="12258">
+<summary>
+Do not audit attempts to receive clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_clamd_client_packets" lineno="12277">
+<summary>
+Send and receive clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="12293">
+<summary>
+Do not audit attempts to send and receive clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_clamd_client_packets" lineno="12308">
+<summary>
+Relabel packets to clamd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_clamd_server_packets" lineno="12328">
+<summary>
+Send clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="12347">
+<summary>
+Do not audit attempts to send clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_clamd_server_packets" lineno="12366">
+<summary>
+Receive clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="12385">
+<summary>
+Do not audit attempts to receive clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_clamd_server_packets" lineno="12404">
+<summary>
+Send and receive clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="12420">
+<summary>
+Do not audit attempts to send and receive clamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_clamd_server_packets" lineno="12435">
+<summary>
+Relabel packets to clamd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="12457">
+<summary>
+Send and receive TCP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_clockspeed_port" lineno="12476">
+<summary>
+Send UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="12495">
+<summary>
+Do not audit attempts to send UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_clockspeed_port" lineno="12514">
+<summary>
+Receive UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="12533">
+<summary>
+Do not audit attempts to receive UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="12552">
+<summary>
+Send and receive UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="12569">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_clockspeed_port" lineno="12585">
+<summary>
+Bind TCP sockets to the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_clockspeed_port" lineno="12605">
+<summary>
+Bind UDP sockets to the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_clockspeed_port" lineno="12624">
+<summary>
+Make a TCP connection to the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_clockspeed_client_packets" lineno="12644">
+<summary>
+Send clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="12663">
+<summary>
+Do not audit attempts to send clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_clockspeed_client_packets" lineno="12682">
+<summary>
+Receive clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="12701">
+<summary>
+Do not audit attempts to receive clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="12720">
+<summary>
+Send and receive clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="12736">
+<summary>
+Do not audit attempts to send and receive clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_clockspeed_client_packets" lineno="12751">
+<summary>
+Relabel packets to clockspeed_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_clockspeed_server_packets" lineno="12771">
+<summary>
+Send clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="12790">
+<summary>
+Do not audit attempts to send clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_clockspeed_server_packets" lineno="12809">
+<summary>
+Receive clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="12828">
+<summary>
+Do not audit attempts to receive clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="12847">
+<summary>
+Send and receive clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="12863">
+<summary>
+Do not audit attempts to send and receive clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_clockspeed_server_packets" lineno="12878">
+<summary>
+Relabel packets to clockspeed_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_cluster_port" lineno="12900">
+<summary>
+Send and receive TCP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_cluster_port" lineno="12919">
+<summary>
+Send UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="12938">
+<summary>
+Do not audit attempts to send UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cluster_port" lineno="12957">
+<summary>
+Receive UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="12976">
+<summary>
+Do not audit attempts to receive UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_cluster_port" lineno="12995">
+<summary>
+Send and receive UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="13012">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_cluster_port" lineno="13028">
+<summary>
+Bind TCP sockets to the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_cluster_port" lineno="13048">
+<summary>
+Bind UDP sockets to the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_cluster_port" lineno="13067">
+<summary>
+Make a TCP connection to the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cluster_client_packets" lineno="13087">
+<summary>
+Send cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="13106">
+<summary>
+Do not audit attempts to send cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cluster_client_packets" lineno="13125">
+<summary>
+Receive cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="13144">
+<summary>
+Do not audit attempts to receive cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cluster_client_packets" lineno="13163">
+<summary>
+Send and receive cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="13179">
+<summary>
+Do not audit attempts to send and receive cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cluster_client_packets" lineno="13194">
+<summary>
+Relabel packets to cluster_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cluster_server_packets" lineno="13214">
+<summary>
+Send cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="13233">
+<summary>
+Do not audit attempts to send cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cluster_server_packets" lineno="13252">
+<summary>
+Receive cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="13271">
+<summary>
+Do not audit attempts to receive cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cluster_server_packets" lineno="13290">
+<summary>
+Send and receive cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="13306">
+<summary>
+Do not audit attempts to send and receive cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cluster_server_packets" lineno="13321">
+<summary>
+Relabel packets to cluster_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="13343">
+<summary>
+Send and receive TCP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_cobbler_port" lineno="13362">
+<summary>
+Send UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="13381">
+<summary>
+Do not audit attempts to send UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cobbler_port" lineno="13400">
+<summary>
+Receive UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="13419">
+<summary>
+Do not audit attempts to receive UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_cobbler_port" lineno="13438">
+<summary>
+Send and receive UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="13455">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_cobbler_port" lineno="13471">
+<summary>
+Bind TCP sockets to the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_cobbler_port" lineno="13491">
+<summary>
+Bind UDP sockets to the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_cobbler_port" lineno="13510">
+<summary>
+Make a TCP connection to the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cobbler_client_packets" lineno="13530">
+<summary>
+Send cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="13549">
+<summary>
+Do not audit attempts to send cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cobbler_client_packets" lineno="13568">
+<summary>
+Receive cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="13587">
+<summary>
+Do not audit attempts to receive cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cobbler_client_packets" lineno="13606">
+<summary>
+Send and receive cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="13622">
+<summary>
+Do not audit attempts to send and receive cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cobbler_client_packets" lineno="13637">
+<summary>
+Relabel packets to cobbler_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cobbler_server_packets" lineno="13657">
+<summary>
+Send cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="13676">
+<summary>
+Do not audit attempts to send cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cobbler_server_packets" lineno="13695">
+<summary>
+Receive cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="13714">
+<summary>
+Do not audit attempts to receive cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cobbler_server_packets" lineno="13733">
+<summary>
+Send and receive cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="13749">
+<summary>
+Do not audit attempts to send and receive cobbler_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cobbler_server_packets" lineno="13764">
+<summary>
+Relabel packets to cobbler_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_comsat_port" lineno="13786">
+<summary>
+Send and receive TCP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_comsat_port" lineno="13805">
+<summary>
+Send UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="13824">
+<summary>
+Do not audit attempts to send UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_comsat_port" lineno="13843">
+<summary>
+Receive UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="13862">
+<summary>
+Do not audit attempts to receive UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_comsat_port" lineno="13881">
+<summary>
+Send and receive UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="13898">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_comsat_port" lineno="13914">
+<summary>
+Bind TCP sockets to the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_comsat_port" lineno="13934">
+<summary>
+Bind UDP sockets to the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_comsat_port" lineno="13953">
+<summary>
+Make a TCP connection to the comsat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_comsat_client_packets" lineno="13973">
+<summary>
+Send comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="13992">
+<summary>
+Do not audit attempts to send comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_comsat_client_packets" lineno="14011">
+<summary>
+Receive comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="14030">
+<summary>
+Do not audit attempts to receive comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_comsat_client_packets" lineno="14049">
+<summary>
+Send and receive comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="14065">
+<summary>
+Do not audit attempts to send and receive comsat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_comsat_client_packets" lineno="14080">
+<summary>
+Relabel packets to comsat_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_comsat_server_packets" lineno="14100">
+<summary>
+Send comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="14119">
+<summary>
+Do not audit attempts to send comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_comsat_server_packets" lineno="14138">
+<summary>
+Receive comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="14157">
+<summary>
+Do not audit attempts to receive comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_comsat_server_packets" lineno="14176">
+<summary>
+Send and receive comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="14192">
+<summary>
+Do not audit attempts to send and receive comsat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_comsat_server_packets" lineno="14207">
+<summary>
+Relabel packets to comsat_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_cvs_port" lineno="14229">
+<summary>
+Send and receive TCP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_cvs_port" lineno="14248">
+<summary>
+Send UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="14267">
+<summary>
+Do not audit attempts to send UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cvs_port" lineno="14286">
+<summary>
+Receive UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="14305">
+<summary>
+Do not audit attempts to receive UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_cvs_port" lineno="14324">
+<summary>
+Send and receive UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="14341">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_cvs_port" lineno="14357">
+<summary>
+Bind TCP sockets to the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_cvs_port" lineno="14377">
+<summary>
+Bind UDP sockets to the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_cvs_port" lineno="14396">
+<summary>
+Make a TCP connection to the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cvs_client_packets" lineno="14416">
+<summary>
+Send cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="14435">
+<summary>
+Do not audit attempts to send cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cvs_client_packets" lineno="14454">
+<summary>
+Receive cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="14473">
+<summary>
+Do not audit attempts to receive cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cvs_client_packets" lineno="14492">
+<summary>
+Send and receive cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="14508">
+<summary>
+Do not audit attempts to send and receive cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cvs_client_packets" lineno="14523">
+<summary>
+Relabel packets to cvs_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cvs_server_packets" lineno="14543">
+<summary>
+Send cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="14562">
+<summary>
+Do not audit attempts to send cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cvs_server_packets" lineno="14581">
+<summary>
+Receive cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="14600">
+<summary>
+Do not audit attempts to receive cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cvs_server_packets" lineno="14619">
+<summary>
+Send and receive cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="14635">
+<summary>
+Do not audit attempts to send and receive cvs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cvs_server_packets" lineno="14650">
+<summary>
+Relabel packets to cvs_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="14672">
+<summary>
+Send and receive TCP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_cyphesis_port" lineno="14691">
+<summary>
+Send UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="14710">
+<summary>
+Do not audit attempts to send UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cyphesis_port" lineno="14729">
+<summary>
+Receive UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="14748">
+<summary>
+Do not audit attempts to receive UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="14767">
+<summary>
+Send and receive UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="14784">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_cyphesis_port" lineno="14800">
+<summary>
+Bind TCP sockets to the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_cyphesis_port" lineno="14820">
+<summary>
+Bind UDP sockets to the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_cyphesis_port" lineno="14839">
+<summary>
+Make a TCP connection to the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cyphesis_client_packets" lineno="14859">
+<summary>
+Send cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="14878">
+<summary>
+Do not audit attempts to send cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cyphesis_client_packets" lineno="14897">
+<summary>
+Receive cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="14916">
+<summary>
+Do not audit attempts to receive cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="14935">
+<summary>
+Send and receive cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="14951">
+<summary>
+Do not audit attempts to send and receive cyphesis_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cyphesis_client_packets" lineno="14966">
+<summary>
+Relabel packets to cyphesis_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_cyphesis_server_packets" lineno="14986">
+<summary>
+Send cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="15005">
+<summary>
+Do not audit attempts to send cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cyphesis_server_packets" lineno="15024">
+<summary>
+Receive cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="15043">
+<summary>
+Do not audit attempts to receive cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="15062">
+<summary>
+Send and receive cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="15078">
+<summary>
+Do not audit attempts to send and receive cyphesis_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cyphesis_server_packets" lineno="15093">
+<summary>
+Relabel packets to cyphesis_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_daap_port" lineno="15115">
+<summary>
+Send and receive TCP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_daap_port" lineno="15134">
+<summary>
+Send UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_daap_port" lineno="15153">
+<summary>
+Do not audit attempts to send UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_daap_port" lineno="15172">
+<summary>
+Receive UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_daap_port" lineno="15191">
+<summary>
+Do not audit attempts to receive UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_daap_port" lineno="15210">
+<summary>
+Send and receive UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_daap_port" lineno="15227">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_daap_port" lineno="15243">
+<summary>
+Bind TCP sockets to the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_daap_port" lineno="15263">
+<summary>
+Bind UDP sockets to the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_daap_port" lineno="15282">
+<summary>
+Make a TCP connection to the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_daap_client_packets" lineno="15302">
+<summary>
+Send daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_daap_client_packets" lineno="15321">
+<summary>
+Do not audit attempts to send daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_daap_client_packets" lineno="15340">
+<summary>
+Receive daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_daap_client_packets" lineno="15359">
+<summary>
+Do not audit attempts to receive daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_daap_client_packets" lineno="15378">
+<summary>
+Send and receive daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_daap_client_packets" lineno="15394">
+<summary>
+Do not audit attempts to send and receive daap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_daap_client_packets" lineno="15409">
+<summary>
+Relabel packets to daap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_daap_server_packets" lineno="15429">
+<summary>
+Send daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_daap_server_packets" lineno="15448">
+<summary>
+Do not audit attempts to send daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_daap_server_packets" lineno="15467">
+<summary>
+Receive daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_daap_server_packets" lineno="15486">
+<summary>
+Do not audit attempts to receive daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_daap_server_packets" lineno="15505">
+<summary>
+Send and receive daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_daap_server_packets" lineno="15521">
+<summary>
+Do not audit attempts to send and receive daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_daap_server_packets" lineno="15536">
+<summary>
+Relabel packets to daap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="15558">
+<summary>
+Send and receive TCP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dbskkd_port" lineno="15577">
+<summary>
+Send UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="15596">
+<summary>
+Do not audit attempts to send UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dbskkd_port" lineno="15615">
+<summary>
+Receive UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="15634">
+<summary>
+Do not audit attempts to receive UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="15653">
+<summary>
+Send and receive UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="15670">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dbskkd_port" lineno="15686">
+<summary>
+Bind TCP sockets to the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dbskkd_port" lineno="15706">
+<summary>
+Bind UDP sockets to the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dbskkd_port" lineno="15725">
+<summary>
+Make a TCP connection to the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dbskkd_client_packets" lineno="15745">
+<summary>
+Send dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="15764">
+<summary>
+Do not audit attempts to send dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dbskkd_client_packets" lineno="15783">
+<summary>
+Receive dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="15802">
+<summary>
+Do not audit attempts to receive dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="15821">
+<summary>
+Send and receive dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="15837">
+<summary>
+Do not audit attempts to send and receive dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dbskkd_client_packets" lineno="15852">
+<summary>
+Relabel packets to dbskkd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dbskkd_server_packets" lineno="15872">
+<summary>
+Send dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="15891">
+<summary>
+Do not audit attempts to send dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dbskkd_server_packets" lineno="15910">
+<summary>
+Receive dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="15929">
+<summary>
+Do not audit attempts to receive dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="15948">
+<summary>
+Send and receive dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="15964">
+<summary>
+Do not audit attempts to send and receive dbskkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dbskkd_server_packets" lineno="15979">
+<summary>
+Relabel packets to dbskkd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dcc_port" lineno="16001">
+<summary>
+Send and receive TCP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dcc_port" lineno="16020">
+<summary>
+Send UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="16039">
+<summary>
+Do not audit attempts to send UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dcc_port" lineno="16058">
+<summary>
+Receive UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="16077">
+<summary>
+Do not audit attempts to receive UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dcc_port" lineno="16096">
+<summary>
+Send and receive UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="16113">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dcc_port" lineno="16129">
+<summary>
+Bind TCP sockets to the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dcc_port" lineno="16149">
+<summary>
+Bind UDP sockets to the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dcc_port" lineno="16168">
+<summary>
+Make a TCP connection to the dcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dcc_client_packets" lineno="16188">
+<summary>
+Send dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="16207">
+<summary>
+Do not audit attempts to send dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dcc_client_packets" lineno="16226">
+<summary>
+Receive dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="16245">
+<summary>
+Do not audit attempts to receive dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dcc_client_packets" lineno="16264">
+<summary>
+Send and receive dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="16280">
+<summary>
+Do not audit attempts to send and receive dcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dcc_client_packets" lineno="16295">
+<summary>
+Relabel packets to dcc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dcc_server_packets" lineno="16315">
+<summary>
+Send dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="16334">
+<summary>
+Do not audit attempts to send dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dcc_server_packets" lineno="16353">
+<summary>
+Receive dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="16372">
+<summary>
+Do not audit attempts to receive dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dcc_server_packets" lineno="16391">
+<summary>
+Send and receive dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="16407">
+<summary>
+Do not audit attempts to send and receive dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dcc_server_packets" lineno="16422">
+<summary>
+Relabel packets to dcc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dccm_port" lineno="16444">
+<summary>
+Send and receive TCP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dccm_port" lineno="16463">
+<summary>
+Send UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="16482">
+<summary>
+Do not audit attempts to send UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dccm_port" lineno="16501">
+<summary>
+Receive UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="16520">
+<summary>
+Do not audit attempts to receive UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dccm_port" lineno="16539">
+<summary>
+Send and receive UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="16556">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dccm_port" lineno="16572">
+<summary>
+Bind TCP sockets to the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dccm_port" lineno="16592">
+<summary>
+Bind UDP sockets to the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dccm_port" lineno="16611">
+<summary>
+Make a TCP connection to the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dccm_client_packets" lineno="16631">
+<summary>
+Send dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="16650">
+<summary>
+Do not audit attempts to send dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dccm_client_packets" lineno="16669">
+<summary>
+Receive dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="16688">
+<summary>
+Do not audit attempts to receive dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dccm_client_packets" lineno="16707">
+<summary>
+Send and receive dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="16723">
+<summary>
+Do not audit attempts to send and receive dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dccm_client_packets" lineno="16738">
+<summary>
+Relabel packets to dccm_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dccm_server_packets" lineno="16758">
+<summary>
+Send dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="16777">
+<summary>
+Do not audit attempts to send dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dccm_server_packets" lineno="16796">
+<summary>
+Receive dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="16815">
+<summary>
+Do not audit attempts to receive dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dccm_server_packets" lineno="16834">
+<summary>
+Send and receive dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="16850">
+<summary>
+Do not audit attempts to send and receive dccm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dccm_server_packets" lineno="16865">
+<summary>
+Relabel packets to dccm_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="16887">
+<summary>
+Send and receive TCP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dhcpc_port" lineno="16906">
+<summary>
+Send UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="16925">
+<summary>
+Do not audit attempts to send UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dhcpc_port" lineno="16944">
+<summary>
+Receive UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="16963">
+<summary>
+Do not audit attempts to receive UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="16982">
+<summary>
+Send and receive UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="16999">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dhcpc_port" lineno="17015">
+<summary>
+Bind TCP sockets to the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dhcpc_port" lineno="17035">
+<summary>
+Bind UDP sockets to the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dhcpc_port" lineno="17054">
+<summary>
+Make a TCP connection to the dhcpc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dhcpc_client_packets" lineno="17074">
+<summary>
+Send dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="17093">
+<summary>
+Do not audit attempts to send dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dhcpc_client_packets" lineno="17112">
+<summary>
+Receive dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="17131">
+<summary>
+Do not audit attempts to receive dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="17150">
+<summary>
+Send and receive dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="17166">
+<summary>
+Do not audit attempts to send and receive dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dhcpc_client_packets" lineno="17181">
+<summary>
+Relabel packets to dhcpc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dhcpc_server_packets" lineno="17201">
+<summary>
+Send dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="17220">
+<summary>
+Do not audit attempts to send dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dhcpc_server_packets" lineno="17239">
+<summary>
+Receive dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="17258">
+<summary>
+Do not audit attempts to receive dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="17277">
+<summary>
+Send and receive dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="17293">
+<summary>
+Do not audit attempts to send and receive dhcpc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dhcpc_server_packets" lineno="17308">
+<summary>
+Relabel packets to dhcpc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="17330">
+<summary>
+Send and receive TCP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dhcpd_port" lineno="17349">
+<summary>
+Send UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="17368">
+<summary>
+Do not audit attempts to send UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dhcpd_port" lineno="17387">
+<summary>
+Receive UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="17406">
+<summary>
+Do not audit attempts to receive UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="17425">
+<summary>
+Send and receive UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="17442">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dhcpd_port" lineno="17458">
+<summary>
+Bind TCP sockets to the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dhcpd_port" lineno="17478">
+<summary>
+Bind UDP sockets to the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dhcpd_port" lineno="17497">
+<summary>
+Make a TCP connection to the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dhcpd_client_packets" lineno="17517">
+<summary>
+Send dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="17536">
+<summary>
+Do not audit attempts to send dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dhcpd_client_packets" lineno="17555">
+<summary>
+Receive dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="17574">
+<summary>
+Do not audit attempts to receive dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="17593">
+<summary>
+Send and receive dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="17609">
+<summary>
+Do not audit attempts to send and receive dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dhcpd_client_packets" lineno="17624">
+<summary>
+Relabel packets to dhcpd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dhcpd_server_packets" lineno="17644">
+<summary>
+Send dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="17663">
+<summary>
+Do not audit attempts to send dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dhcpd_server_packets" lineno="17682">
+<summary>
+Receive dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="17701">
+<summary>
+Do not audit attempts to receive dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="17720">
+<summary>
+Send and receive dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="17736">
+<summary>
+Do not audit attempts to send and receive dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dhcpd_server_packets" lineno="17751">
+<summary>
+Relabel packets to dhcpd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dict_port" lineno="17773">
+<summary>
+Send and receive TCP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dict_port" lineno="17792">
+<summary>
+Send UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dict_port" lineno="17811">
+<summary>
+Do not audit attempts to send UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dict_port" lineno="17830">
+<summary>
+Receive UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="17849">
+<summary>
+Do not audit attempts to receive UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dict_port" lineno="17868">
+<summary>
+Send and receive UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="17885">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dict_port" lineno="17901">
+<summary>
+Bind TCP sockets to the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dict_port" lineno="17921">
+<summary>
+Bind UDP sockets to the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dict_port" lineno="17940">
+<summary>
+Make a TCP connection to the dict port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dict_client_packets" lineno="17960">
+<summary>
+Send dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dict_client_packets" lineno="17979">
+<summary>
+Do not audit attempts to send dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dict_client_packets" lineno="17998">
+<summary>
+Receive dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="18017">
+<summary>
+Do not audit attempts to receive dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dict_client_packets" lineno="18036">
+<summary>
+Send and receive dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="18052">
+<summary>
+Do not audit attempts to send and receive dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dict_client_packets" lineno="18067">
+<summary>
+Relabel packets to dict_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dict_server_packets" lineno="18087">
+<summary>
+Send dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dict_server_packets" lineno="18106">
+<summary>
+Do not audit attempts to send dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dict_server_packets" lineno="18125">
+<summary>
+Receive dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="18144">
+<summary>
+Do not audit attempts to receive dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dict_server_packets" lineno="18163">
+<summary>
+Send and receive dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="18179">
+<summary>
+Do not audit attempts to send and receive dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dict_server_packets" lineno="18194">
+<summary>
+Relabel packets to dict_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_distccd_port" lineno="18216">
+<summary>
+Send and receive TCP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_distccd_port" lineno="18235">
+<summary>
+Send UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="18254">
+<summary>
+Do not audit attempts to send UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_distccd_port" lineno="18273">
+<summary>
+Receive UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="18292">
+<summary>
+Do not audit attempts to receive UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_distccd_port" lineno="18311">
+<summary>
+Send and receive UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="18328">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_distccd_port" lineno="18344">
+<summary>
+Bind TCP sockets to the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_distccd_port" lineno="18364">
+<summary>
+Bind UDP sockets to the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_distccd_port" lineno="18383">
+<summary>
+Make a TCP connection to the distccd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_distccd_client_packets" lineno="18403">
+<summary>
+Send distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="18422">
+<summary>
+Do not audit attempts to send distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_distccd_client_packets" lineno="18441">
+<summary>
+Receive distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="18460">
+<summary>
+Do not audit attempts to receive distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_distccd_client_packets" lineno="18479">
+<summary>
+Send and receive distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="18495">
+<summary>
+Do not audit attempts to send and receive distccd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_distccd_client_packets" lineno="18510">
+<summary>
+Relabel packets to distccd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_distccd_server_packets" lineno="18530">
+<summary>
+Send distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="18549">
+<summary>
+Do not audit attempts to send distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_distccd_server_packets" lineno="18568">
+<summary>
+Receive distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="18587">
+<summary>
+Do not audit attempts to receive distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_distccd_server_packets" lineno="18606">
+<summary>
+Send and receive distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="18622">
+<summary>
+Do not audit attempts to send and receive distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_distccd_server_packets" lineno="18637">
+<summary>
+Relabel packets to distccd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_dns_port" lineno="18659">
+<summary>
+Send and receive TCP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_dns_port" lineno="18678">
+<summary>
+Send UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dns_port" lineno="18697">
+<summary>
+Do not audit attempts to send UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_dns_port" lineno="18716">
+<summary>
+Receive UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="18735">
+<summary>
+Do not audit attempts to receive UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dns_port" lineno="18754">
+<summary>
+Send and receive UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="18771">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dns_port" lineno="18787">
+<summary>
+Bind TCP sockets to the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dns_port" lineno="18807">
+<summary>
+Bind UDP sockets to the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dns_port" lineno="18826">
+<summary>
+Make a TCP connection to the dns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dns_client_packets" lineno="18846">
+<summary>
+Send dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dns_client_packets" lineno="18865">
+<summary>
+Do not audit attempts to send dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dns_client_packets" lineno="18884">
+<summary>
+Receive dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="18903">
+<summary>
+Do not audit attempts to receive dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dns_client_packets" lineno="18922">
+<summary>
+Send and receive dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="18938">
+<summary>
+Do not audit attempts to send and receive dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dns_client_packets" lineno="18953">
+<summary>
+Relabel packets to dns_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_dns_server_packets" lineno="18973">
+<summary>
+Send dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dns_server_packets" lineno="18992">
+<summary>
+Do not audit attempts to send dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dns_server_packets" lineno="19011">
+<summary>
+Receive dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="19030">
+<summary>
+Do not audit attempts to receive dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dns_server_packets" lineno="19049">
+<summary>
+Send and receive dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="19065">
+<summary>
+Do not audit attempts to send and receive dns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dns_server_packets" lineno="19080">
+<summary>
+Relabel packets to dns_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_epmap_port" lineno="19102">
+<summary>
+Send and receive TCP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_epmap_port" lineno="19121">
+<summary>
+Send UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="19140">
+<summary>
+Do not audit attempts to send UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_epmap_port" lineno="19159">
+<summary>
+Receive UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="19178">
+<summary>
+Do not audit attempts to receive UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_epmap_port" lineno="19197">
+<summary>
+Send and receive UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="19214">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_epmap_port" lineno="19230">
+<summary>
+Bind TCP sockets to the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_epmap_port" lineno="19250">
+<summary>
+Bind UDP sockets to the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_epmap_port" lineno="19269">
+<summary>
+Make a TCP connection to the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_epmap_client_packets" lineno="19289">
+<summary>
+Send epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="19308">
+<summary>
+Do not audit attempts to send epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_epmap_client_packets" lineno="19327">
+<summary>
+Receive epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="19346">
+<summary>
+Do not audit attempts to receive epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_epmap_client_packets" lineno="19365">
+<summary>
+Send and receive epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="19381">
+<summary>
+Do not audit attempts to send and receive epmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_epmap_client_packets" lineno="19396">
+<summary>
+Relabel packets to epmap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_epmap_server_packets" lineno="19416">
+<summary>
+Send epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="19435">
+<summary>
+Do not audit attempts to send epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_epmap_server_packets" lineno="19454">
+<summary>
+Receive epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="19473">
+<summary>
+Do not audit attempts to receive epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_epmap_server_packets" lineno="19492">
+<summary>
+Send and receive epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="19508">
+<summary>
+Do not audit attempts to send and receive epmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_epmap_server_packets" lineno="19523">
+<summary>
+Relabel packets to epmap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="19545">
+<summary>
+Send and receive TCP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_fingerd_port" lineno="19564">
+<summary>
+Send UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="19583">
+<summary>
+Do not audit attempts to send UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_fingerd_port" lineno="19602">
+<summary>
+Receive UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="19621">
+<summary>
+Do not audit attempts to receive UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_fingerd_port" lineno="19640">
+<summary>
+Send and receive UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="19657">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_fingerd_port" lineno="19673">
+<summary>
+Bind TCP sockets to the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_fingerd_port" lineno="19693">
+<summary>
+Bind UDP sockets to the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_fingerd_port" lineno="19712">
+<summary>
+Make a TCP connection to the fingerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_fingerd_client_packets" lineno="19732">
+<summary>
+Send fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="19751">
+<summary>
+Do not audit attempts to send fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_fingerd_client_packets" lineno="19770">
+<summary>
+Receive fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="19789">
+<summary>
+Do not audit attempts to receive fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_fingerd_client_packets" lineno="19808">
+<summary>
+Send and receive fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="19824">
+<summary>
+Do not audit attempts to send and receive fingerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_fingerd_client_packets" lineno="19839">
+<summary>
+Relabel packets to fingerd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_fingerd_server_packets" lineno="19859">
+<summary>
+Send fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="19878">
+<summary>
+Do not audit attempts to send fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_fingerd_server_packets" lineno="19897">
+<summary>
+Receive fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="19916">
+<summary>
+Do not audit attempts to receive fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_fingerd_server_packets" lineno="19935">
+<summary>
+Send and receive fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="19951">
+<summary>
+Do not audit attempts to send and receive fingerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_fingerd_server_packets" lineno="19966">
+<summary>
+Relabel packets to fingerd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ftp_port" lineno="19988">
+<summary>
+Send and receive TCP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ftp_port" lineno="20007">
+<summary>
+Send UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="20026">
+<summary>
+Do not audit attempts to send UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ftp_port" lineno="20045">
+<summary>
+Receive UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="20064">
+<summary>
+Do not audit attempts to receive UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ftp_port" lineno="20083">
+<summary>
+Send and receive UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="20100">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ftp_port" lineno="20116">
+<summary>
+Bind TCP sockets to the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ftp_port" lineno="20136">
+<summary>
+Bind UDP sockets to the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ftp_port" lineno="20155">
+<summary>
+Make a TCP connection to the ftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ftp_client_packets" lineno="20175">
+<summary>
+Send ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="20194">
+<summary>
+Do not audit attempts to send ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ftp_client_packets" lineno="20213">
+<summary>
+Receive ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="20232">
+<summary>
+Do not audit attempts to receive ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ftp_client_packets" lineno="20251">
+<summary>
+Send and receive ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="20267">
+<summary>
+Do not audit attempts to send and receive ftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ftp_client_packets" lineno="20282">
+<summary>
+Relabel packets to ftp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ftp_server_packets" lineno="20302">
+<summary>
+Send ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="20321">
+<summary>
+Do not audit attempts to send ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ftp_server_packets" lineno="20340">
+<summary>
+Receive ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="20359">
+<summary>
+Do not audit attempts to receive ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ftp_server_packets" lineno="20378">
+<summary>
+Send and receive ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="20394">
+<summary>
+Do not audit attempts to send and receive ftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ftp_server_packets" lineno="20409">
+<summary>
+Relabel packets to ftp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="20431">
+<summary>
+Send and receive TCP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ftp_data_port" lineno="20450">
+<summary>
+Send UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="20469">
+<summary>
+Do not audit attempts to send UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ftp_data_port" lineno="20488">
+<summary>
+Receive UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="20507">
+<summary>
+Do not audit attempts to receive UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="20526">
+<summary>
+Send and receive UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="20543">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ftp_data_port" lineno="20559">
+<summary>
+Bind TCP sockets to the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ftp_data_port" lineno="20579">
+<summary>
+Bind UDP sockets to the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ftp_data_port" lineno="20598">
+<summary>
+Make a TCP connection to the ftp_data port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ftp_data_client_packets" lineno="20618">
+<summary>
+Send ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="20637">
+<summary>
+Do not audit attempts to send ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ftp_data_client_packets" lineno="20656">
+<summary>
+Receive ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="20675">
+<summary>
+Do not audit attempts to receive ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="20694">
+<summary>
+Send and receive ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="20710">
+<summary>
+Do not audit attempts to send and receive ftp_data_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ftp_data_client_packets" lineno="20725">
+<summary>
+Relabel packets to ftp_data_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ftp_data_server_packets" lineno="20745">
+<summary>
+Send ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="20764">
+<summary>
+Do not audit attempts to send ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ftp_data_server_packets" lineno="20783">
+<summary>
+Receive ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="20802">
+<summary>
+Do not audit attempts to receive ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="20821">
+<summary>
+Send and receive ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="20837">
+<summary>
+Do not audit attempts to send and receive ftp_data_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ftp_data_server_packets" lineno="20852">
+<summary>
+Relabel packets to ftp_data_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="20874">
+<summary>
+Send and receive TCP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_gatekeeper_port" lineno="20893">
+<summary>
+Send UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="20912">
+<summary>
+Do not audit attempts to send UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_gatekeeper_port" lineno="20931">
+<summary>
+Receive UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="20950">
+<summary>
+Do not audit attempts to receive UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="20969">
+<summary>
+Send and receive UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="20986">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_gatekeeper_port" lineno="21002">
+<summary>
+Bind TCP sockets to the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_gatekeeper_port" lineno="21022">
+<summary>
+Bind UDP sockets to the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_gatekeeper_port" lineno="21041">
+<summary>
+Make a TCP connection to the gatekeeper port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gatekeeper_client_packets" lineno="21061">
+<summary>
+Send gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="21080">
+<summary>
+Do not audit attempts to send gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gatekeeper_client_packets" lineno="21099">
+<summary>
+Receive gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="21118">
+<summary>
+Do not audit attempts to receive gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="21137">
+<summary>
+Send and receive gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="21153">
+<summary>
+Do not audit attempts to send and receive gatekeeper_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="21168">
+<summary>
+Relabel packets to gatekeeper_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gatekeeper_server_packets" lineno="21188">
+<summary>
+Send gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="21207">
+<summary>
+Do not audit attempts to send gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gatekeeper_server_packets" lineno="21226">
+<summary>
+Receive gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="21245">
+<summary>
+Do not audit attempts to receive gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="21264">
+<summary>
+Send and receive gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="21280">
+<summary>
+Do not audit attempts to send and receive gatekeeper_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="21295">
+<summary>
+Relabel packets to gatekeeper_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_giftd_port" lineno="21317">
+<summary>
+Send and receive TCP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_giftd_port" lineno="21336">
+<summary>
+Send UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_giftd_port" lineno="21355">
+<summary>
+Do not audit attempts to send UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_giftd_port" lineno="21374">
+<summary>
+Receive UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_giftd_port" lineno="21393">
+<summary>
+Do not audit attempts to receive UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_giftd_port" lineno="21412">
+<summary>
+Send and receive UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_giftd_port" lineno="21429">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_giftd_port" lineno="21445">
+<summary>
+Bind TCP sockets to the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_giftd_port" lineno="21465">
+<summary>
+Bind UDP sockets to the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_giftd_port" lineno="21484">
+<summary>
+Make a TCP connection to the giftd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_giftd_client_packets" lineno="21504">
+<summary>
+Send giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_giftd_client_packets" lineno="21523">
+<summary>
+Do not audit attempts to send giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_giftd_client_packets" lineno="21542">
+<summary>
+Receive giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_giftd_client_packets" lineno="21561">
+<summary>
+Do not audit attempts to receive giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_giftd_client_packets" lineno="21580">
+<summary>
+Send and receive giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_giftd_client_packets" lineno="21596">
+<summary>
+Do not audit attempts to send and receive giftd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_giftd_client_packets" lineno="21611">
+<summary>
+Relabel packets to giftd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_giftd_server_packets" lineno="21631">
+<summary>
+Send giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_giftd_server_packets" lineno="21650">
+<summary>
+Do not audit attempts to send giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_giftd_server_packets" lineno="21669">
+<summary>
+Receive giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_giftd_server_packets" lineno="21688">
+<summary>
+Do not audit attempts to receive giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_giftd_server_packets" lineno="21707">
+<summary>
+Send and receive giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_giftd_server_packets" lineno="21723">
+<summary>
+Do not audit attempts to send and receive giftd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_giftd_server_packets" lineno="21738">
+<summary>
+Relabel packets to giftd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_git_port" lineno="21760">
+<summary>
+Send and receive TCP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_git_port" lineno="21779">
+<summary>
+Send UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_git_port" lineno="21798">
+<summary>
+Do not audit attempts to send UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_git_port" lineno="21817">
+<summary>
+Receive UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_git_port" lineno="21836">
+<summary>
+Do not audit attempts to receive UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_git_port" lineno="21855">
+<summary>
+Send and receive UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="21872">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_git_port" lineno="21888">
+<summary>
+Bind TCP sockets to the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_git_port" lineno="21908">
+<summary>
+Bind UDP sockets to the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_git_port" lineno="21927">
+<summary>
+Make a TCP connection to the git port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_git_client_packets" lineno="21947">
+<summary>
+Send git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_git_client_packets" lineno="21966">
+<summary>
+Do not audit attempts to send git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_git_client_packets" lineno="21985">
+<summary>
+Receive git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_git_client_packets" lineno="22004">
+<summary>
+Do not audit attempts to receive git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_git_client_packets" lineno="22023">
+<summary>
+Send and receive git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="22039">
+<summary>
+Do not audit attempts to send and receive git_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_git_client_packets" lineno="22054">
+<summary>
+Relabel packets to git_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_git_server_packets" lineno="22074">
+<summary>
+Send git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_git_server_packets" lineno="22093">
+<summary>
+Do not audit attempts to send git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_git_server_packets" lineno="22112">
+<summary>
+Receive git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_git_server_packets" lineno="22131">
+<summary>
+Do not audit attempts to receive git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_git_server_packets" lineno="22150">
+<summary>
+Send and receive git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="22166">
+<summary>
+Do not audit attempts to send and receive git_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_git_server_packets" lineno="22181">
+<summary>
+Relabel packets to git_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="22203">
+<summary>
+Send and receive TCP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_glance_registry_port" lineno="22222">
+<summary>
+Send UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="22241">
+<summary>
+Do not audit attempts to send UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_glance_registry_port" lineno="22260">
+<summary>
+Receive UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="22279">
+<summary>
+Do not audit attempts to receive UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="22298">
+<summary>
+Send and receive UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="22315">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_glance_registry_port" lineno="22331">
+<summary>
+Bind TCP sockets to the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_glance_registry_port" lineno="22351">
+<summary>
+Bind UDP sockets to the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_glance_registry_port" lineno="22370">
+<summary>
+Make a TCP connection to the glance_registry port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_glance_registry_client_packets" lineno="22390">
+<summary>
+Send glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="22409">
+<summary>
+Do not audit attempts to send glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_glance_registry_client_packets" lineno="22428">
+<summary>
+Receive glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="22447">
+<summary>
+Do not audit attempts to receive glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="22466">
+<summary>
+Send and receive glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="22482">
+<summary>
+Do not audit attempts to send and receive glance_registry_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_glance_registry_client_packets" lineno="22497">
+<summary>
+Relabel packets to glance_registry_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_glance_registry_server_packets" lineno="22517">
+<summary>
+Send glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="22536">
+<summary>
+Do not audit attempts to send glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_glance_registry_server_packets" lineno="22555">
+<summary>
+Receive glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="22574">
+<summary>
+Do not audit attempts to receive glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="22593">
+<summary>
+Send and receive glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="22609">
+<summary>
+Do not audit attempts to send and receive glance_registry_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_glance_registry_server_packets" lineno="22624">
+<summary>
+Relabel packets to glance_registry_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_gopher_port" lineno="22646">
+<summary>
+Send and receive TCP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_gopher_port" lineno="22665">
+<summary>
+Send UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="22684">
+<summary>
+Do not audit attempts to send UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_gopher_port" lineno="22703">
+<summary>
+Receive UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="22722">
+<summary>
+Do not audit attempts to receive UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_gopher_port" lineno="22741">
+<summary>
+Send and receive UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="22758">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_gopher_port" lineno="22774">
+<summary>
+Bind TCP sockets to the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_gopher_port" lineno="22794">
+<summary>
+Bind UDP sockets to the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_gopher_port" lineno="22813">
+<summary>
+Make a TCP connection to the gopher port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gopher_client_packets" lineno="22833">
+<summary>
+Send gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="22852">
+<summary>
+Do not audit attempts to send gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gopher_client_packets" lineno="22871">
+<summary>
+Receive gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="22890">
+<summary>
+Do not audit attempts to receive gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gopher_client_packets" lineno="22909">
+<summary>
+Send and receive gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="22925">
+<summary>
+Do not audit attempts to send and receive gopher_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gopher_client_packets" lineno="22940">
+<summary>
+Relabel packets to gopher_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gopher_server_packets" lineno="22960">
+<summary>
+Send gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="22979">
+<summary>
+Do not audit attempts to send gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gopher_server_packets" lineno="22998">
+<summary>
+Receive gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="23017">
+<summary>
+Do not audit attempts to receive gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gopher_server_packets" lineno="23036">
+<summary>
+Send and receive gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="23052">
+<summary>
+Do not audit attempts to send and receive gopher_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gopher_server_packets" lineno="23067">
+<summary>
+Relabel packets to gopher_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="23089">
+<summary>
+Send and receive TCP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_gpsd_port" lineno="23108">
+<summary>
+Send UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="23127">
+<summary>
+Do not audit attempts to send UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_gpsd_port" lineno="23146">
+<summary>
+Receive UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="23165">
+<summary>
+Do not audit attempts to receive UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_gpsd_port" lineno="23184">
+<summary>
+Send and receive UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="23201">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_gpsd_port" lineno="23217">
+<summary>
+Bind TCP sockets to the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_gpsd_port" lineno="23237">
+<summary>
+Bind UDP sockets to the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_gpsd_port" lineno="23256">
+<summary>
+Make a TCP connection to the gpsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gpsd_client_packets" lineno="23276">
+<summary>
+Send gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="23295">
+<summary>
+Do not audit attempts to send gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gpsd_client_packets" lineno="23314">
+<summary>
+Receive gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="23333">
+<summary>
+Do not audit attempts to receive gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gpsd_client_packets" lineno="23352">
+<summary>
+Send and receive gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="23368">
+<summary>
+Do not audit attempts to send and receive gpsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gpsd_client_packets" lineno="23383">
+<summary>
+Relabel packets to gpsd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_gpsd_server_packets" lineno="23403">
+<summary>
+Send gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="23422">
+<summary>
+Do not audit attempts to send gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_gpsd_server_packets" lineno="23441">
+<summary>
+Receive gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="23460">
+<summary>
+Do not audit attempts to receive gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_gpsd_server_packets" lineno="23479">
+<summary>
+Send and receive gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="23495">
+<summary>
+Do not audit attempts to send and receive gpsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_gpsd_server_packets" lineno="23510">
+<summary>
+Relabel packets to gpsd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_hadoop_datanode_port" lineno="23532">
+<summary>
+Send and receive TCP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_hadoop_datanode_port" lineno="23551">
+<summary>
+Send UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_hadoop_datanode_port" lineno="23570">
+<summary>
+Do not audit attempts to send UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_hadoop_datanode_port" lineno="23589">
+<summary>
+Receive UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_hadoop_datanode_port" lineno="23608">
+<summary>
+Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_hadoop_datanode_port" lineno="23627">
+<summary>
+Send and receive UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_hadoop_datanode_port" lineno="23644">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_hadoop_datanode_port" lineno="23660">
+<summary>
+Bind TCP sockets to the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_hadoop_datanode_port" lineno="23680">
+<summary>
+Bind UDP sockets to the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_hadoop_datanode_port" lineno="23699">
+<summary>
+Make a TCP connection to the hadoop_datanode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hadoop_datanode_client_packets" lineno="23719">
+<summary>
+Send hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hadoop_datanode_client_packets" lineno="23738">
+<summary>
+Do not audit attempts to send hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hadoop_datanode_client_packets" lineno="23757">
+<summary>
+Receive hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hadoop_datanode_client_packets" lineno="23776">
+<summary>
+Do not audit attempts to receive hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hadoop_datanode_client_packets" lineno="23795">
+<summary>
+Send and receive hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_client_packets" lineno="23811">
+<summary>
+Do not audit attempts to send and receive hadoop_datanode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hadoop_datanode_client_packets" lineno="23826">
+<summary>
+Relabel packets to hadoop_datanode_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hadoop_datanode_server_packets" lineno="23846">
+<summary>
+Send hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hadoop_datanode_server_packets" lineno="23865">
+<summary>
+Do not audit attempts to send hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hadoop_datanode_server_packets" lineno="23884">
+<summary>
+Receive hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hadoop_datanode_server_packets" lineno="23903">
+<summary>
+Do not audit attempts to receive hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hadoop_datanode_server_packets" lineno="23922">
+<summary>
+Send and receive hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_server_packets" lineno="23938">
+<summary>
+Do not audit attempts to send and receive hadoop_datanode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hadoop_datanode_server_packets" lineno="23953">
+<summary>
+Relabel packets to hadoop_datanode_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_hadoop_namenode_port" lineno="23975">
+<summary>
+Send and receive TCP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_hadoop_namenode_port" lineno="23994">
+<summary>
+Send UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_hadoop_namenode_port" lineno="24013">
+<summary>
+Do not audit attempts to send UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_hadoop_namenode_port" lineno="24032">
+<summary>
+Receive UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_hadoop_namenode_port" lineno="24051">
+<summary>
+Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_hadoop_namenode_port" lineno="24070">
+<summary>
+Send and receive UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_hadoop_namenode_port" lineno="24087">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_hadoop_namenode_port" lineno="24103">
+<summary>
+Bind TCP sockets to the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_hadoop_namenode_port" lineno="24123">
+<summary>
+Bind UDP sockets to the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_hadoop_namenode_port" lineno="24142">
+<summary>
+Make a TCP connection to the hadoop_namenode port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hadoop_namenode_client_packets" lineno="24162">
+<summary>
+Send hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hadoop_namenode_client_packets" lineno="24181">
+<summary>
+Do not audit attempts to send hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hadoop_namenode_client_packets" lineno="24200">
+<summary>
+Receive hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hadoop_namenode_client_packets" lineno="24219">
+<summary>
+Do not audit attempts to receive hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hadoop_namenode_client_packets" lineno="24238">
+<summary>
+Send and receive hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_client_packets" lineno="24254">
+<summary>
+Do not audit attempts to send and receive hadoop_namenode_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hadoop_namenode_client_packets" lineno="24269">
+<summary>
+Relabel packets to hadoop_namenode_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hadoop_namenode_server_packets" lineno="24289">
+<summary>
+Send hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hadoop_namenode_server_packets" lineno="24308">
+<summary>
+Do not audit attempts to send hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hadoop_namenode_server_packets" lineno="24327">
+<summary>
+Receive hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hadoop_namenode_server_packets" lineno="24346">
+<summary>
+Do not audit attempts to receive hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hadoop_namenode_server_packets" lineno="24365">
+<summary>
+Send and receive hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_server_packets" lineno="24381">
+<summary>
+Do not audit attempts to send and receive hadoop_namenode_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hadoop_namenode_server_packets" lineno="24396">
+<summary>
+Relabel packets to hadoop_namenode_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="24418">
+<summary>
+Send and receive TCP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_hddtemp_port" lineno="24437">
+<summary>
+Send UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="24456">
+<summary>
+Do not audit attempts to send UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_hddtemp_port" lineno="24475">
+<summary>
+Receive UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="24494">
+<summary>
+Do not audit attempts to receive UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="24513">
+<summary>
+Send and receive UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="24530">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_hddtemp_port" lineno="24546">
+<summary>
+Bind TCP sockets to the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_hddtemp_port" lineno="24566">
+<summary>
+Bind UDP sockets to the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_hddtemp_port" lineno="24585">
+<summary>
+Make a TCP connection to the hddtemp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hddtemp_client_packets" lineno="24605">
+<summary>
+Send hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="24624">
+<summary>
+Do not audit attempts to send hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hddtemp_client_packets" lineno="24643">
+<summary>
+Receive hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="24662">
+<summary>
+Do not audit attempts to receive hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="24681">
+<summary>
+Send and receive hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="24697">
+<summary>
+Do not audit attempts to send and receive hddtemp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hddtemp_client_packets" lineno="24712">
+<summary>
+Relabel packets to hddtemp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hddtemp_server_packets" lineno="24732">
+<summary>
+Send hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="24751">
+<summary>
+Do not audit attempts to send hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hddtemp_server_packets" lineno="24770">
+<summary>
+Receive hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="24789">
+<summary>
+Do not audit attempts to receive hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="24808">
+<summary>
+Send and receive hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="24824">
+<summary>
+Do not audit attempts to send and receive hddtemp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hddtemp_server_packets" lineno="24839">
+<summary>
+Relabel packets to hddtemp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_howl_port" lineno="24861">
+<summary>
+Send and receive TCP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_howl_port" lineno="24880">
+<summary>
+Send UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_howl_port" lineno="24899">
+<summary>
+Do not audit attempts to send UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_howl_port" lineno="24918">
+<summary>
+Receive UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="24937">
+<summary>
+Do not audit attempts to receive UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_howl_port" lineno="24956">
+<summary>
+Send and receive UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="24973">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_howl_port" lineno="24989">
+<summary>
+Bind TCP sockets to the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_howl_port" lineno="25009">
+<summary>
+Bind UDP sockets to the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_howl_port" lineno="25028">
+<summary>
+Make a TCP connection to the howl port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_howl_client_packets" lineno="25048">
+<summary>
+Send howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_howl_client_packets" lineno="25067">
+<summary>
+Do not audit attempts to send howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_howl_client_packets" lineno="25086">
+<summary>
+Receive howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="25105">
+<summary>
+Do not audit attempts to receive howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_howl_client_packets" lineno="25124">
+<summary>
+Send and receive howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="25140">
+<summary>
+Do not audit attempts to send and receive howl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_howl_client_packets" lineno="25155">
+<summary>
+Relabel packets to howl_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_howl_server_packets" lineno="25175">
+<summary>
+Send howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_howl_server_packets" lineno="25194">
+<summary>
+Do not audit attempts to send howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_howl_server_packets" lineno="25213">
+<summary>
+Receive howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="25232">
+<summary>
+Do not audit attempts to receive howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_howl_server_packets" lineno="25251">
+<summary>
+Send and receive howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="25267">
+<summary>
+Do not audit attempts to send and receive howl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_howl_server_packets" lineno="25282">
+<summary>
+Relabel packets to howl_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_hplip_port" lineno="25304">
+<summary>
+Send and receive TCP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_hplip_port" lineno="25323">
+<summary>
+Send UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="25342">
+<summary>
+Do not audit attempts to send UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_hplip_port" lineno="25361">
+<summary>
+Receive UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="25380">
+<summary>
+Do not audit attempts to receive UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_hplip_port" lineno="25399">
+<summary>
+Send and receive UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="25416">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_hplip_port" lineno="25432">
+<summary>
+Bind TCP sockets to the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_hplip_port" lineno="25452">
+<summary>
+Bind UDP sockets to the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_hplip_port" lineno="25471">
+<summary>
+Make a TCP connection to the hplip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hplip_client_packets" lineno="25491">
+<summary>
+Send hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="25510">
+<summary>
+Do not audit attempts to send hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hplip_client_packets" lineno="25529">
+<summary>
+Receive hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="25548">
+<summary>
+Do not audit attempts to receive hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hplip_client_packets" lineno="25567">
+<summary>
+Send and receive hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="25583">
+<summary>
+Do not audit attempts to send and receive hplip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hplip_client_packets" lineno="25598">
+<summary>
+Relabel packets to hplip_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_hplip_server_packets" lineno="25618">
+<summary>
+Send hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="25637">
+<summary>
+Do not audit attempts to send hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_hplip_server_packets" lineno="25656">
+<summary>
+Receive hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="25675">
+<summary>
+Do not audit attempts to receive hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_hplip_server_packets" lineno="25694">
+<summary>
+Send and receive hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="25710">
+<summary>
+Do not audit attempts to send and receive hplip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_hplip_server_packets" lineno="25725">
+<summary>
+Relabel packets to hplip_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_http_port" lineno="25747">
+<summary>
+Send and receive TCP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_http_port" lineno="25766">
+<summary>
+Send UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_http_port" lineno="25785">
+<summary>
+Do not audit attempts to send UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_http_port" lineno="25804">
+<summary>
+Receive UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_http_port" lineno="25823">
+<summary>
+Do not audit attempts to receive UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_http_port" lineno="25842">
+<summary>
+Send and receive UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="25859">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_http_port" lineno="25875">
+<summary>
+Bind TCP sockets to the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_http_port" lineno="25895">
+<summary>
+Bind UDP sockets to the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_http_port" lineno="25914">
+<summary>
+Make a TCP connection to the http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_http_client_packets" lineno="25934">
+<summary>
+Send http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_http_client_packets" lineno="25953">
+<summary>
+Do not audit attempts to send http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_http_client_packets" lineno="25972">
+<summary>
+Receive http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_http_client_packets" lineno="25991">
+<summary>
+Do not audit attempts to receive http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_http_client_packets" lineno="26010">
+<summary>
+Send and receive http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="26026">
+<summary>
+Do not audit attempts to send and receive http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_http_client_packets" lineno="26041">
+<summary>
+Relabel packets to http_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_http_server_packets" lineno="26061">
+<summary>
+Send http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_http_server_packets" lineno="26080">
+<summary>
+Do not audit attempts to send http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_http_server_packets" lineno="26099">
+<summary>
+Receive http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_http_server_packets" lineno="26118">
+<summary>
+Do not audit attempts to receive http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_http_server_packets" lineno="26137">
+<summary>
+Send and receive http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="26153">
+<summary>
+Do not audit attempts to send and receive http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_http_server_packets" lineno="26168">
+<summary>
+Relabel packets to http_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="26190">
+<summary>
+Send and receive TCP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_http_cache_port" lineno="26209">
+<summary>
+Send UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="26228">
+<summary>
+Do not audit attempts to send UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_http_cache_port" lineno="26247">
+<summary>
+Receive UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="26266">
+<summary>
+Do not audit attempts to receive UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_http_cache_port" lineno="26285">
+<summary>
+Send and receive UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="26302">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_http_cache_port" lineno="26318">
+<summary>
+Bind TCP sockets to the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_http_cache_port" lineno="26338">
+<summary>
+Bind UDP sockets to the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_http_cache_port" lineno="26357">
+<summary>
+Make a TCP connection to the http_cache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_http_cache_client_packets" lineno="26377">
+<summary>
+Send http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="26396">
+<summary>
+Do not audit attempts to send http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_http_cache_client_packets" lineno="26415">
+<summary>
+Receive http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="26434">
+<summary>
+Do not audit attempts to receive http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_http_cache_client_packets" lineno="26453">
+<summary>
+Send and receive http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="26469">
+<summary>
+Do not audit attempts to send and receive http_cache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_http_cache_client_packets" lineno="26484">
+<summary>
+Relabel packets to http_cache_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_http_cache_server_packets" lineno="26504">
+<summary>
+Send http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="26523">
+<summary>
+Do not audit attempts to send http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_http_cache_server_packets" lineno="26542">
+<summary>
+Receive http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="26561">
+<summary>
+Do not audit attempts to receive http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_http_cache_server_packets" lineno="26580">
+<summary>
+Send and receive http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="26596">
+<summary>
+Do not audit attempts to send and receive http_cache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_http_cache_server_packets" lineno="26611">
+<summary>
+Relabel packets to http_cache_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="26633">
+<summary>
+Send and receive TCP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_i18n_input_port" lineno="26652">
+<summary>
+Send UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="26671">
+<summary>
+Do not audit attempts to send UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_i18n_input_port" lineno="26690">
+<summary>
+Receive UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="26709">
+<summary>
+Do not audit attempts to receive UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="26728">
+<summary>
+Send and receive UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="26745">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_i18n_input_port" lineno="26761">
+<summary>
+Bind TCP sockets to the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_i18n_input_port" lineno="26781">
+<summary>
+Bind UDP sockets to the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_i18n_input_port" lineno="26800">
+<summary>
+Make a TCP connection to the i18n_input port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_i18n_input_client_packets" lineno="26820">
+<summary>
+Send i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="26839">
+<summary>
+Do not audit attempts to send i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_i18n_input_client_packets" lineno="26858">
+<summary>
+Receive i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="26877">
+<summary>
+Do not audit attempts to receive i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="26896">
+<summary>
+Send and receive i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="26912">
+<summary>
+Do not audit attempts to send and receive i18n_input_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_i18n_input_client_packets" lineno="26927">
+<summary>
+Relabel packets to i18n_input_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_i18n_input_server_packets" lineno="26947">
+<summary>
+Send i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="26966">
+<summary>
+Do not audit attempts to send i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_i18n_input_server_packets" lineno="26985">
+<summary>
+Receive i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="27004">
+<summary>
+Do not audit attempts to receive i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="27023">
+<summary>
+Send and receive i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="27039">
+<summary>
+Do not audit attempts to send and receive i18n_input_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_i18n_input_server_packets" lineno="27054">
+<summary>
+Relabel packets to i18n_input_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_imaze_port" lineno="27076">
+<summary>
+Send and receive TCP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_imaze_port" lineno="27095">
+<summary>
+Send UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="27114">
+<summary>
+Do not audit attempts to send UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_imaze_port" lineno="27133">
+<summary>
+Receive UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="27152">
+<summary>
+Do not audit attempts to receive UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_imaze_port" lineno="27171">
+<summary>
+Send and receive UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="27188">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_imaze_port" lineno="27204">
+<summary>
+Bind TCP sockets to the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_imaze_port" lineno="27224">
+<summary>
+Bind UDP sockets to the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_imaze_port" lineno="27243">
+<summary>
+Make a TCP connection to the imaze port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_imaze_client_packets" lineno="27263">
+<summary>
+Send imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="27282">
+<summary>
+Do not audit attempts to send imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_imaze_client_packets" lineno="27301">
+<summary>
+Receive imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="27320">
+<summary>
+Do not audit attempts to receive imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_imaze_client_packets" lineno="27339">
+<summary>
+Send and receive imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="27355">
+<summary>
+Do not audit attempts to send and receive imaze_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_imaze_client_packets" lineno="27370">
+<summary>
+Relabel packets to imaze_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_imaze_server_packets" lineno="27390">
+<summary>
+Send imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="27409">
+<summary>
+Do not audit attempts to send imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_imaze_server_packets" lineno="27428">
+<summary>
+Receive imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="27447">
+<summary>
+Do not audit attempts to receive imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_imaze_server_packets" lineno="27466">
+<summary>
+Send and receive imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="27482">
+<summary>
+Do not audit attempts to send and receive imaze_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_imaze_server_packets" lineno="27497">
+<summary>
+Relabel packets to imaze_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="27519">
+<summary>
+Send and receive TCP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_inetd_child_port" lineno="27538">
+<summary>
+Send UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="27557">
+<summary>
+Do not audit attempts to send UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_inetd_child_port" lineno="27576">
+<summary>
+Receive UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="27595">
+<summary>
+Do not audit attempts to receive UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="27614">
+<summary>
+Send and receive UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="27631">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_inetd_child_port" lineno="27647">
+<summary>
+Bind TCP sockets to the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_inetd_child_port" lineno="27667">
+<summary>
+Bind UDP sockets to the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_inetd_child_port" lineno="27686">
+<summary>
+Make a TCP connection to the inetd_child port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_inetd_child_client_packets" lineno="27706">
+<summary>
+Send inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="27725">
+<summary>
+Do not audit attempts to send inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_inetd_child_client_packets" lineno="27744">
+<summary>
+Receive inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="27763">
+<summary>
+Do not audit attempts to receive inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="27782">
+<summary>
+Send and receive inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="27798">
+<summary>
+Do not audit attempts to send and receive inetd_child_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_inetd_child_client_packets" lineno="27813">
+<summary>
+Relabel packets to inetd_child_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_inetd_child_server_packets" lineno="27833">
+<summary>
+Send inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="27852">
+<summary>
+Do not audit attempts to send inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_inetd_child_server_packets" lineno="27871">
+<summary>
+Receive inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="27890">
+<summary>
+Do not audit attempts to receive inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="27909">
+<summary>
+Send and receive inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="27925">
+<summary>
+Do not audit attempts to send and receive inetd_child_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_inetd_child_server_packets" lineno="27940">
+<summary>
+Relabel packets to inetd_child_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_innd_port" lineno="27962">
+<summary>
+Send and receive TCP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_innd_port" lineno="27981">
+<summary>
+Send UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_innd_port" lineno="28000">
+<summary>
+Do not audit attempts to send UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_innd_port" lineno="28019">
+<summary>
+Receive UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="28038">
+<summary>
+Do not audit attempts to receive UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_innd_port" lineno="28057">
+<summary>
+Send and receive UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="28074">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_innd_port" lineno="28090">
+<summary>
+Bind TCP sockets to the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_innd_port" lineno="28110">
+<summary>
+Bind UDP sockets to the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_innd_port" lineno="28129">
+<summary>
+Make a TCP connection to the innd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_innd_client_packets" lineno="28149">
+<summary>
+Send innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_innd_client_packets" lineno="28168">
+<summary>
+Do not audit attempts to send innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_innd_client_packets" lineno="28187">
+<summary>
+Receive innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="28206">
+<summary>
+Do not audit attempts to receive innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_innd_client_packets" lineno="28225">
+<summary>
+Send and receive innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="28241">
+<summary>
+Do not audit attempts to send and receive innd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_innd_client_packets" lineno="28256">
+<summary>
+Relabel packets to innd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_innd_server_packets" lineno="28276">
+<summary>
+Send innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_innd_server_packets" lineno="28295">
+<summary>
+Do not audit attempts to send innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_innd_server_packets" lineno="28314">
+<summary>
+Receive innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="28333">
+<summary>
+Do not audit attempts to receive innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_innd_server_packets" lineno="28352">
+<summary>
+Send and receive innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="28368">
+<summary>
+Do not audit attempts to send and receive innd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_innd_server_packets" lineno="28383">
+<summary>
+Relabel packets to innd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="28405">
+<summary>
+Send and receive TCP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ipmi_port" lineno="28424">
+<summary>
+Send UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="28443">
+<summary>
+Do not audit attempts to send UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ipmi_port" lineno="28462">
+<summary>
+Receive UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="28481">
+<summary>
+Do not audit attempts to receive UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ipmi_port" lineno="28500">
+<summary>
+Send and receive UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="28517">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ipmi_port" lineno="28533">
+<summary>
+Bind TCP sockets to the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ipmi_port" lineno="28553">
+<summary>
+Bind UDP sockets to the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ipmi_port" lineno="28572">
+<summary>
+Make a TCP connection to the ipmi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipmi_client_packets" lineno="28592">
+<summary>
+Send ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="28611">
+<summary>
+Do not audit attempts to send ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipmi_client_packets" lineno="28630">
+<summary>
+Receive ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="28649">
+<summary>
+Do not audit attempts to receive ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipmi_client_packets" lineno="28668">
+<summary>
+Send and receive ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="28684">
+<summary>
+Do not audit attempts to send and receive ipmi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipmi_client_packets" lineno="28699">
+<summary>
+Relabel packets to ipmi_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipmi_server_packets" lineno="28719">
+<summary>
+Send ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="28738">
+<summary>
+Do not audit attempts to send ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipmi_server_packets" lineno="28757">
+<summary>
+Receive ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="28776">
+<summary>
+Do not audit attempts to receive ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipmi_server_packets" lineno="28795">
+<summary>
+Send and receive ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="28811">
+<summary>
+Do not audit attempts to send and receive ipmi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipmi_server_packets" lineno="28826">
+<summary>
+Relabel packets to ipmi_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ipp_port" lineno="28848">
+<summary>
+Send and receive TCP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ipp_port" lineno="28867">
+<summary>
+Send UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="28886">
+<summary>
+Do not audit attempts to send UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ipp_port" lineno="28905">
+<summary>
+Receive UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="28924">
+<summary>
+Do not audit attempts to receive UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ipp_port" lineno="28943">
+<summary>
+Send and receive UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="28960">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ipp_port" lineno="28976">
+<summary>
+Bind TCP sockets to the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ipp_port" lineno="28996">
+<summary>
+Bind UDP sockets to the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ipp_port" lineno="29015">
+<summary>
+Make a TCP connection to the ipp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipp_client_packets" lineno="29035">
+<summary>
+Send ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="29054">
+<summary>
+Do not audit attempts to send ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipp_client_packets" lineno="29073">
+<summary>
+Receive ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="29092">
+<summary>
+Do not audit attempts to receive ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipp_client_packets" lineno="29111">
+<summary>
+Send and receive ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="29127">
+<summary>
+Do not audit attempts to send and receive ipp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipp_client_packets" lineno="29142">
+<summary>
+Relabel packets to ipp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipp_server_packets" lineno="29162">
+<summary>
+Send ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="29181">
+<summary>
+Do not audit attempts to send ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipp_server_packets" lineno="29200">
+<summary>
+Receive ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="29219">
+<summary>
+Do not audit attempts to receive ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipp_server_packets" lineno="29238">
+<summary>
+Send and receive ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="29254">
+<summary>
+Do not audit attempts to send and receive ipp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipp_server_packets" lineno="29269">
+<summary>
+Relabel packets to ipp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="29291">
+<summary>
+Send and receive TCP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ipsecnat_port" lineno="29310">
+<summary>
+Send UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="29329">
+<summary>
+Do not audit attempts to send UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ipsecnat_port" lineno="29348">
+<summary>
+Receive UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="29367">
+<summary>
+Do not audit attempts to receive UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="29386">
+<summary>
+Send and receive UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="29403">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ipsecnat_port" lineno="29419">
+<summary>
+Bind TCP sockets to the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ipsecnat_port" lineno="29439">
+<summary>
+Bind UDP sockets to the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ipsecnat_port" lineno="29458">
+<summary>
+Make a TCP connection to the ipsecnat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipsecnat_client_packets" lineno="29478">
+<summary>
+Send ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="29497">
+<summary>
+Do not audit attempts to send ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipsecnat_client_packets" lineno="29516">
+<summary>
+Receive ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="29535">
+<summary>
+Do not audit attempts to receive ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="29554">
+<summary>
+Send and receive ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="29570">
+<summary>
+Do not audit attempts to send and receive ipsecnat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="29585">
+<summary>
+Relabel packets to ipsecnat_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ipsecnat_server_packets" lineno="29605">
+<summary>
+Send ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="29624">
+<summary>
+Do not audit attempts to send ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ipsecnat_server_packets" lineno="29643">
+<summary>
+Receive ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="29662">
+<summary>
+Do not audit attempts to receive ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="29681">
+<summary>
+Send and receive ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="29697">
+<summary>
+Do not audit attempts to send and receive ipsecnat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="29712">
+<summary>
+Relabel packets to ipsecnat_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ircd_port" lineno="29734">
+<summary>
+Send and receive TCP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ircd_port" lineno="29753">
+<summary>
+Send UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="29772">
+<summary>
+Do not audit attempts to send UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ircd_port" lineno="29791">
+<summary>
+Receive UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="29810">
+<summary>
+Do not audit attempts to receive UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ircd_port" lineno="29829">
+<summary>
+Send and receive UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="29846">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ircd_port" lineno="29862">
+<summary>
+Bind TCP sockets to the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ircd_port" lineno="29882">
+<summary>
+Bind UDP sockets to the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ircd_port" lineno="29901">
+<summary>
+Make a TCP connection to the ircd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ircd_client_packets" lineno="29921">
+<summary>
+Send ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="29940">
+<summary>
+Do not audit attempts to send ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ircd_client_packets" lineno="29959">
+<summary>
+Receive ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="29978">
+<summary>
+Do not audit attempts to receive ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ircd_client_packets" lineno="29997">
+<summary>
+Send and receive ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="30013">
+<summary>
+Do not audit attempts to send and receive ircd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ircd_client_packets" lineno="30028">
+<summary>
+Relabel packets to ircd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ircd_server_packets" lineno="30048">
+<summary>
+Send ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="30067">
+<summary>
+Do not audit attempts to send ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ircd_server_packets" lineno="30086">
+<summary>
+Receive ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="30105">
+<summary>
+Do not audit attempts to receive ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ircd_server_packets" lineno="30124">
+<summary>
+Send and receive ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="30140">
+<summary>
+Do not audit attempts to send and receive ircd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ircd_server_packets" lineno="30155">
+<summary>
+Relabel packets to ircd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="30177">
+<summary>
+Send and receive TCP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_isakmp_port" lineno="30196">
+<summary>
+Send UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="30215">
+<summary>
+Do not audit attempts to send UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_isakmp_port" lineno="30234">
+<summary>
+Receive UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="30253">
+<summary>
+Do not audit attempts to receive UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_isakmp_port" lineno="30272">
+<summary>
+Send and receive UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="30289">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_isakmp_port" lineno="30305">
+<summary>
+Bind TCP sockets to the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_isakmp_port" lineno="30325">
+<summary>
+Bind UDP sockets to the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_isakmp_port" lineno="30344">
+<summary>
+Make a TCP connection to the isakmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_isakmp_client_packets" lineno="30364">
+<summary>
+Send isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="30383">
+<summary>
+Do not audit attempts to send isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_isakmp_client_packets" lineno="30402">
+<summary>
+Receive isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="30421">
+<summary>
+Do not audit attempts to receive isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_isakmp_client_packets" lineno="30440">
+<summary>
+Send and receive isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="30456">
+<summary>
+Do not audit attempts to send and receive isakmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_isakmp_client_packets" lineno="30471">
+<summary>
+Relabel packets to isakmp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_isakmp_server_packets" lineno="30491">
+<summary>
+Send isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="30510">
+<summary>
+Do not audit attempts to send isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_isakmp_server_packets" lineno="30529">
+<summary>
+Receive isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="30548">
+<summary>
+Do not audit attempts to receive isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_isakmp_server_packets" lineno="30567">
+<summary>
+Send and receive isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="30583">
+<summary>
+Do not audit attempts to send and receive isakmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_isakmp_server_packets" lineno="30598">
+<summary>
+Relabel packets to isakmp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="30620">
+<summary>
+Send and receive TCP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_iscsi_port" lineno="30639">
+<summary>
+Send UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="30658">
+<summary>
+Do not audit attempts to send UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_iscsi_port" lineno="30677">
+<summary>
+Receive UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="30696">
+<summary>
+Do not audit attempts to receive UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_iscsi_port" lineno="30715">
+<summary>
+Send and receive UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="30732">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_iscsi_port" lineno="30748">
+<summary>
+Bind TCP sockets to the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_iscsi_port" lineno="30768">
+<summary>
+Bind UDP sockets to the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_iscsi_port" lineno="30787">
+<summary>
+Make a TCP connection to the iscsi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_iscsi_client_packets" lineno="30807">
+<summary>
+Send iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="30826">
+<summary>
+Do not audit attempts to send iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_iscsi_client_packets" lineno="30845">
+<summary>
+Receive iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="30864">
+<summary>
+Do not audit attempts to receive iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_iscsi_client_packets" lineno="30883">
+<summary>
+Send and receive iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="30899">
+<summary>
+Do not audit attempts to send and receive iscsi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_iscsi_client_packets" lineno="30914">
+<summary>
+Relabel packets to iscsi_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_iscsi_server_packets" lineno="30934">
+<summary>
+Send iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="30953">
+<summary>
+Do not audit attempts to send iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_iscsi_server_packets" lineno="30972">
+<summary>
+Receive iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="30991">
+<summary>
+Do not audit attempts to receive iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_iscsi_server_packets" lineno="31010">
+<summary>
+Send and receive iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="31026">
+<summary>
+Do not audit attempts to send and receive iscsi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_iscsi_server_packets" lineno="31041">
+<summary>
+Relabel packets to iscsi_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_isns_port" lineno="31063">
+<summary>
+Send and receive TCP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_isns_port" lineno="31082">
+<summary>
+Send UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_isns_port" lineno="31101">
+<summary>
+Do not audit attempts to send UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_isns_port" lineno="31120">
+<summary>
+Receive UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="31139">
+<summary>
+Do not audit attempts to receive UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_isns_port" lineno="31158">
+<summary>
+Send and receive UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="31175">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_isns_port" lineno="31191">
+<summary>
+Bind TCP sockets to the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_isns_port" lineno="31211">
+<summary>
+Bind UDP sockets to the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_isns_port" lineno="31230">
+<summary>
+Make a TCP connection to the isns port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_isns_client_packets" lineno="31250">
+<summary>
+Send isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_isns_client_packets" lineno="31269">
+<summary>
+Do not audit attempts to send isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_isns_client_packets" lineno="31288">
+<summary>
+Receive isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="31307">
+<summary>
+Do not audit attempts to receive isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_isns_client_packets" lineno="31326">
+<summary>
+Send and receive isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="31342">
+<summary>
+Do not audit attempts to send and receive isns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_isns_client_packets" lineno="31357">
+<summary>
+Relabel packets to isns_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_isns_server_packets" lineno="31377">
+<summary>
+Send isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_isns_server_packets" lineno="31396">
+<summary>
+Do not audit attempts to send isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_isns_server_packets" lineno="31415">
+<summary>
+Receive isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="31434">
+<summary>
+Do not audit attempts to receive isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_isns_server_packets" lineno="31453">
+<summary>
+Send and receive isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="31469">
+<summary>
+Do not audit attempts to send and receive isns_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_isns_server_packets" lineno="31484">
+<summary>
+Relabel packets to isns_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="31506">
+<summary>
+Send and receive TCP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_jabber_client_port" lineno="31525">
+<summary>
+Send UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="31544">
+<summary>
+Do not audit attempts to send UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_jabber_client_port" lineno="31563">
+<summary>
+Receive UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="31582">
+<summary>
+Do not audit attempts to receive UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="31601">
+<summary>
+Send and receive UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="31618">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_jabber_client_port" lineno="31634">
+<summary>
+Bind TCP sockets to the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_jabber_client_port" lineno="31654">
+<summary>
+Bind UDP sockets to the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_jabber_client_port" lineno="31673">
+<summary>
+Make a TCP connection to the jabber_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_jabber_client_client_packets" lineno="31693">
+<summary>
+Send jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="31712">
+<summary>
+Do not audit attempts to send jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_jabber_client_client_packets" lineno="31731">
+<summary>
+Receive jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="31750">
+<summary>
+Do not audit attempts to receive jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="31769">
+<summary>
+Send and receive jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="31785">
+<summary>
+Do not audit attempts to send and receive jabber_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_jabber_client_client_packets" lineno="31800">
+<summary>
+Relabel packets to jabber_client_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_jabber_client_server_packets" lineno="31820">
+<summary>
+Send jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="31839">
+<summary>
+Do not audit attempts to send jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_jabber_client_server_packets" lineno="31858">
+<summary>
+Receive jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="31877">
+<summary>
+Do not audit attempts to receive jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="31896">
+<summary>
+Send and receive jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="31912">
+<summary>
+Do not audit attempts to send and receive jabber_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_jabber_client_server_packets" lineno="31927">
+<summary>
+Relabel packets to jabber_client_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="31949">
+<summary>
+Send and receive TCP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_jabber_interserver_port" lineno="31968">
+<summary>
+Send UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="31987">
+<summary>
+Do not audit attempts to send UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_jabber_interserver_port" lineno="32006">
+<summary>
+Receive UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="32025">
+<summary>
+Do not audit attempts to receive UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="32044">
+<summary>
+Send and receive UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="32061">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="32077">
+<summary>
+Bind TCP sockets to the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_jabber_interserver_port" lineno="32097">
+<summary>
+Bind UDP sockets to the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="32116">
+<summary>
+Make a TCP connection to the jabber_interserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_jabber_interserver_client_packets" lineno="32136">
+<summary>
+Send jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="32155">
+<summary>
+Do not audit attempts to send jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_jabber_interserver_client_packets" lineno="32174">
+<summary>
+Receive jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="32193">
+<summary>
+Do not audit attempts to receive jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="32212">
+<summary>
+Send and receive jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="32228">
+<summary>
+Do not audit attempts to send and receive jabber_interserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="32243">
+<summary>
+Relabel packets to jabber_interserver_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_jabber_interserver_server_packets" lineno="32263">
+<summary>
+Send jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="32282">
+<summary>
+Do not audit attempts to send jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_jabber_interserver_server_packets" lineno="32301">
+<summary>
+Receive jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="32320">
+<summary>
+Do not audit attempts to receive jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="32339">
+<summary>
+Send and receive jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="32355">
+<summary>
+Do not audit attempts to send and receive jabber_interserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="32370">
+<summary>
+Relabel packets to jabber_interserver_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="32392">
+<summary>
+Send and receive TCP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_kerberos_port" lineno="32411">
+<summary>
+Send UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="32430">
+<summary>
+Do not audit attempts to send UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_kerberos_port" lineno="32449">
+<summary>
+Receive UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="32468">
+<summary>
+Do not audit attempts to receive UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_kerberos_port" lineno="32487">
+<summary>
+Send and receive UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="32504">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_kerberos_port" lineno="32520">
+<summary>
+Bind TCP sockets to the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_kerberos_port" lineno="32540">
+<summary>
+Bind UDP sockets to the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_kerberos_port" lineno="32559">
+<summary>
+Make a TCP connection to the kerberos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_client_packets" lineno="32579">
+<summary>
+Send kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="32598">
+<summary>
+Do not audit attempts to send kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_client_packets" lineno="32617">
+<summary>
+Receive kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="32636">
+<summary>
+Do not audit attempts to receive kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_client_packets" lineno="32655">
+<summary>
+Send and receive kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="32671">
+<summary>
+Do not audit attempts to send and receive kerberos_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_client_packets" lineno="32686">
+<summary>
+Relabel packets to kerberos_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_server_packets" lineno="32706">
+<summary>
+Send kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="32725">
+<summary>
+Do not audit attempts to send kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_server_packets" lineno="32744">
+<summary>
+Receive kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="32763">
+<summary>
+Do not audit attempts to receive kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_server_packets" lineno="32782">
+<summary>
+Send and receive kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="32798">
+<summary>
+Do not audit attempts to send and receive kerberos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_server_packets" lineno="32813">
+<summary>
+Relabel packets to kerberos_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="32835">
+<summary>
+Send and receive TCP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_kerberos_admin_port" lineno="32854">
+<summary>
+Send UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="32873">
+<summary>
+Do not audit attempts to send UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_kerberos_admin_port" lineno="32892">
+<summary>
+Receive UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="32911">
+<summary>
+Do not audit attempts to receive UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="32930">
+<summary>
+Send and receive UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="32947">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="32963">
+<summary>
+Bind TCP sockets to the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_kerberos_admin_port" lineno="32983">
+<summary>
+Bind UDP sockets to the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="33002">
+<summary>
+Make a TCP connection to the kerberos_admin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_admin_client_packets" lineno="33022">
+<summary>
+Send kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="33041">
+<summary>
+Do not audit attempts to send kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_admin_client_packets" lineno="33060">
+<summary>
+Receive kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="33079">
+<summary>
+Do not audit attempts to receive kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="33098">
+<summary>
+Send and receive kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="33114">
+<summary>
+Do not audit attempts to send and receive kerberos_admin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="33129">
+<summary>
+Relabel packets to kerberos_admin_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_admin_server_packets" lineno="33149">
+<summary>
+Send kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="33168">
+<summary>
+Do not audit attempts to send kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_admin_server_packets" lineno="33187">
+<summary>
+Receive kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="33206">
+<summary>
+Do not audit attempts to receive kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="33225">
+<summary>
+Send and receive kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="33241">
+<summary>
+Do not audit attempts to send and receive kerberos_admin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="33256">
+<summary>
+Relabel packets to kerberos_admin_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_kerberos_master_port" lineno="33278">
+<summary>
+Send and receive TCP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_kerberos_master_port" lineno="33297">
+<summary>
+Send UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_kerberos_master_port" lineno="33316">
+<summary>
+Do not audit attempts to send UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_kerberos_master_port" lineno="33335">
+<summary>
+Receive UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_kerberos_master_port" lineno="33354">
+<summary>
+Do not audit attempts to receive UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_kerberos_master_port" lineno="33373">
+<summary>
+Send and receive UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_master_port" lineno="33390">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_kerberos_master_port" lineno="33406">
+<summary>
+Bind TCP sockets to the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_kerberos_master_port" lineno="33426">
+<summary>
+Bind UDP sockets to the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_kerberos_master_port" lineno="33445">
+<summary>
+Make a TCP connection to the kerberos_master port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_master_client_packets" lineno="33465">
+<summary>
+Send kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_master_client_packets" lineno="33484">
+<summary>
+Do not audit attempts to send kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_master_client_packets" lineno="33503">
+<summary>
+Receive kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_master_client_packets" lineno="33522">
+<summary>
+Do not audit attempts to receive kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_master_client_packets" lineno="33541">
+<summary>
+Send and receive kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_master_client_packets" lineno="33557">
+<summary>
+Do not audit attempts to send and receive kerberos_master_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_master_client_packets" lineno="33572">
+<summary>
+Relabel packets to kerberos_master_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kerberos_master_server_packets" lineno="33592">
+<summary>
+Send kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kerberos_master_server_packets" lineno="33611">
+<summary>
+Do not audit attempts to send kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kerberos_master_server_packets" lineno="33630">
+<summary>
+Receive kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kerberos_master_server_packets" lineno="33649">
+<summary>
+Do not audit attempts to receive kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kerberos_master_server_packets" lineno="33668">
+<summary>
+Send and receive kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kerberos_master_server_packets" lineno="33684">
+<summary>
+Do not audit attempts to send and receive kerberos_master_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kerberos_master_server_packets" lineno="33699">
+<summary>
+Relabel packets to kerberos_master_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_kismet_port" lineno="33721">
+<summary>
+Send and receive TCP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_kismet_port" lineno="33740">
+<summary>
+Send UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_kismet_port" lineno="33759">
+<summary>
+Do not audit attempts to send UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_kismet_port" lineno="33778">
+<summary>
+Receive UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_kismet_port" lineno="33797">
+<summary>
+Do not audit attempts to receive UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_kismet_port" lineno="33816">
+<summary>
+Send and receive UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_kismet_port" lineno="33833">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_kismet_port" lineno="33849">
+<summary>
+Bind TCP sockets to the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_kismet_port" lineno="33869">
+<summary>
+Bind UDP sockets to the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_kismet_port" lineno="33888">
+<summary>
+Make a TCP connection to the kismet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kismet_client_packets" lineno="33908">
+<summary>
+Send kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kismet_client_packets" lineno="33927">
+<summary>
+Do not audit attempts to send kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kismet_client_packets" lineno="33946">
+<summary>
+Receive kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kismet_client_packets" lineno="33965">
+<summary>
+Do not audit attempts to receive kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kismet_client_packets" lineno="33984">
+<summary>
+Send and receive kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kismet_client_packets" lineno="34000">
+<summary>
+Do not audit attempts to send and receive kismet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kismet_client_packets" lineno="34015">
+<summary>
+Relabel packets to kismet_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kismet_server_packets" lineno="34035">
+<summary>
+Send kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kismet_server_packets" lineno="34054">
+<summary>
+Do not audit attempts to send kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kismet_server_packets" lineno="34073">
+<summary>
+Receive kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kismet_server_packets" lineno="34092">
+<summary>
+Do not audit attempts to receive kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kismet_server_packets" lineno="34111">
+<summary>
+Send and receive kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kismet_server_packets" lineno="34127">
+<summary>
+Do not audit attempts to send and receive kismet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kismet_server_packets" lineno="34142">
+<summary>
+Relabel packets to kismet_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_kprop_port" lineno="34164">
+<summary>
+Send and receive TCP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_kprop_port" lineno="34183">
+<summary>
+Send UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="34202">
+<summary>
+Do not audit attempts to send UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_kprop_port" lineno="34221">
+<summary>
+Receive UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="34240">
+<summary>
+Do not audit attempts to receive UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_kprop_port" lineno="34259">
+<summary>
+Send and receive UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="34276">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_kprop_port" lineno="34292">
+<summary>
+Bind TCP sockets to the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_kprop_port" lineno="34312">
+<summary>
+Bind UDP sockets to the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_kprop_port" lineno="34331">
+<summary>
+Make a TCP connection to the kprop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kprop_client_packets" lineno="34351">
+<summary>
+Send kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="34370">
+<summary>
+Do not audit attempts to send kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kprop_client_packets" lineno="34389">
+<summary>
+Receive kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="34408">
+<summary>
+Do not audit attempts to receive kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kprop_client_packets" lineno="34427">
+<summary>
+Send and receive kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="34443">
+<summary>
+Do not audit attempts to send and receive kprop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kprop_client_packets" lineno="34458">
+<summary>
+Relabel packets to kprop_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_kprop_server_packets" lineno="34478">
+<summary>
+Send kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="34497">
+<summary>
+Do not audit attempts to send kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_kprop_server_packets" lineno="34516">
+<summary>
+Receive kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="34535">
+<summary>
+Do not audit attempts to receive kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_kprop_server_packets" lineno="34554">
+<summary>
+Send and receive kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="34570">
+<summary>
+Do not audit attempts to send and receive kprop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_kprop_server_packets" lineno="34585">
+<summary>
+Relabel packets to kprop_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="34607">
+<summary>
+Send and receive TCP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ktalkd_port" lineno="34626">
+<summary>
+Send UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="34645">
+<summary>
+Do not audit attempts to send UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ktalkd_port" lineno="34664">
+<summary>
+Receive UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="34683">
+<summary>
+Do not audit attempts to receive UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="34702">
+<summary>
+Send and receive UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="34719">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ktalkd_port" lineno="34735">
+<summary>
+Bind TCP sockets to the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ktalkd_port" lineno="34755">
+<summary>
+Bind UDP sockets to the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ktalkd_port" lineno="34774">
+<summary>
+Make a TCP connection to the ktalkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ktalkd_client_packets" lineno="34794">
+<summary>
+Send ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="34813">
+<summary>
+Do not audit attempts to send ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ktalkd_client_packets" lineno="34832">
+<summary>
+Receive ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="34851">
+<summary>
+Do not audit attempts to receive ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="34870">
+<summary>
+Send and receive ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="34886">
+<summary>
+Do not audit attempts to send and receive ktalkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ktalkd_client_packets" lineno="34901">
+<summary>
+Relabel packets to ktalkd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ktalkd_server_packets" lineno="34921">
+<summary>
+Send ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="34940">
+<summary>
+Do not audit attempts to send ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ktalkd_server_packets" lineno="34959">
+<summary>
+Receive ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="34978">
+<summary>
+Do not audit attempts to receive ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="34997">
+<summary>
+Send and receive ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="35013">
+<summary>
+Do not audit attempts to send and receive ktalkd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ktalkd_server_packets" lineno="35028">
+<summary>
+Relabel packets to ktalkd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ldap_port" lineno="35050">
+<summary>
+Send and receive TCP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ldap_port" lineno="35069">
+<summary>
+Send UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="35088">
+<summary>
+Do not audit attempts to send UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ldap_port" lineno="35107">
+<summary>
+Receive UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="35126">
+<summary>
+Do not audit attempts to receive UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ldap_port" lineno="35145">
+<summary>
+Send and receive UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="35162">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ldap_port" lineno="35178">
+<summary>
+Bind TCP sockets to the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ldap_port" lineno="35198">
+<summary>
+Bind UDP sockets to the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ldap_port" lineno="35217">
+<summary>
+Make a TCP connection to the ldap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ldap_client_packets" lineno="35237">
+<summary>
+Send ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="35256">
+<summary>
+Do not audit attempts to send ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ldap_client_packets" lineno="35275">
+<summary>
+Receive ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="35294">
+<summary>
+Do not audit attempts to receive ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ldap_client_packets" lineno="35313">
+<summary>
+Send and receive ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="35329">
+<summary>
+Do not audit attempts to send and receive ldap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ldap_client_packets" lineno="35344">
+<summary>
+Relabel packets to ldap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ldap_server_packets" lineno="35364">
+<summary>
+Send ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="35383">
+<summary>
+Do not audit attempts to send ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ldap_server_packets" lineno="35402">
+<summary>
+Receive ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="35421">
+<summary>
+Do not audit attempts to receive ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ldap_server_packets" lineno="35440">
+<summary>
+Send and receive ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="35456">
+<summary>
+Do not audit attempts to send and receive ldap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ldap_server_packets" lineno="35471">
+<summary>
+Relabel packets to ldap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_lirc_port" lineno="35493">
+<summary>
+Send and receive TCP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_lirc_port" lineno="35512">
+<summary>
+Send UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="35531">
+<summary>
+Do not audit attempts to send UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_lirc_port" lineno="35550">
+<summary>
+Receive UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="35569">
+<summary>
+Do not audit attempts to receive UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_lirc_port" lineno="35588">
+<summary>
+Send and receive UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="35605">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_lirc_port" lineno="35621">
+<summary>
+Bind TCP sockets to the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_lirc_port" lineno="35641">
+<summary>
+Bind UDP sockets to the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_lirc_port" lineno="35660">
+<summary>
+Make a TCP connection to the lirc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lirc_client_packets" lineno="35680">
+<summary>
+Send lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="35699">
+<summary>
+Do not audit attempts to send lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lirc_client_packets" lineno="35718">
+<summary>
+Receive lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="35737">
+<summary>
+Do not audit attempts to receive lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lirc_client_packets" lineno="35756">
+<summary>
+Send and receive lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="35772">
+<summary>
+Do not audit attempts to send and receive lirc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lirc_client_packets" lineno="35787">
+<summary>
+Relabel packets to lirc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lirc_server_packets" lineno="35807">
+<summary>
+Send lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="35826">
+<summary>
+Do not audit attempts to send lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lirc_server_packets" lineno="35845">
+<summary>
+Receive lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="35864">
+<summary>
+Do not audit attempts to receive lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lirc_server_packets" lineno="35883">
+<summary>
+Send and receive lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="35899">
+<summary>
+Do not audit attempts to send and receive lirc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lirc_server_packets" lineno="35914">
+<summary>
+Relabel packets to lirc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="35936">
+<summary>
+Send and receive TCP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_lmtp_port" lineno="35955">
+<summary>
+Send UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="35974">
+<summary>
+Do not audit attempts to send UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_lmtp_port" lineno="35993">
+<summary>
+Receive UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="36012">
+<summary>
+Do not audit attempts to receive UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_lmtp_port" lineno="36031">
+<summary>
+Send and receive UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="36048">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_lmtp_port" lineno="36064">
+<summary>
+Bind TCP sockets to the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_lmtp_port" lineno="36084">
+<summary>
+Bind UDP sockets to the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_lmtp_port" lineno="36103">
+<summary>
+Make a TCP connection to the lmtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lmtp_client_packets" lineno="36123">
+<summary>
+Send lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="36142">
+<summary>
+Do not audit attempts to send lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lmtp_client_packets" lineno="36161">
+<summary>
+Receive lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="36180">
+<summary>
+Do not audit attempts to receive lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lmtp_client_packets" lineno="36199">
+<summary>
+Send and receive lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="36215">
+<summary>
+Do not audit attempts to send and receive lmtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lmtp_client_packets" lineno="36230">
+<summary>
+Relabel packets to lmtp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lmtp_server_packets" lineno="36250">
+<summary>
+Send lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="36269">
+<summary>
+Do not audit attempts to send lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lmtp_server_packets" lineno="36288">
+<summary>
+Receive lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="36307">
+<summary>
+Do not audit attempts to receive lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lmtp_server_packets" lineno="36326">
+<summary>
+Send and receive lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="36342">
+<summary>
+Do not audit attempts to send and receive lmtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lmtp_server_packets" lineno="36357">
+<summary>
+Relabel packets to lmtp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_lrrd_port" lineno="36379">
+<summary>
+Send and receive TCP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_lrrd_port" lineno="36398">
+<summary>
+Send UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_lrrd_port" lineno="36417">
+<summary>
+Do not audit attempts to send UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_lrrd_port" lineno="36436">
+<summary>
+Receive UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_lrrd_port" lineno="36455">
+<summary>
+Do not audit attempts to receive UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_lrrd_port" lineno="36474">
+<summary>
+Send and receive UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_lrrd_port" lineno="36491">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_lrrd_port" lineno="36507">
+<summary>
+Bind TCP sockets to the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_lrrd_port" lineno="36527">
+<summary>
+Bind UDP sockets to the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_lrrd_port" lineno="36546">
+<summary>
+Make a TCP connection to the lrrd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lrrd_client_packets" lineno="36566">
+<summary>
+Send lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lrrd_client_packets" lineno="36585">
+<summary>
+Do not audit attempts to send lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lrrd_client_packets" lineno="36604">
+<summary>
+Receive lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lrrd_client_packets" lineno="36623">
+<summary>
+Do not audit attempts to receive lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lrrd_client_packets" lineno="36642">
+<summary>
+Send and receive lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lrrd_client_packets" lineno="36658">
+<summary>
+Do not audit attempts to send and receive lrrd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lrrd_client_packets" lineno="36673">
+<summary>
+Relabel packets to lrrd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_lrrd_server_packets" lineno="36693">
+<summary>
+Send lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_lrrd_server_packets" lineno="36712">
+<summary>
+Do not audit attempts to send lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_lrrd_server_packets" lineno="36731">
+<summary>
+Receive lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_lrrd_server_packets" lineno="36750">
+<summary>
+Do not audit attempts to receive lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_lrrd_server_packets" lineno="36769">
+<summary>
+Send and receive lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_lrrd_server_packets" lineno="36785">
+<summary>
+Do not audit attempts to send and receive lrrd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_lrrd_server_packets" lineno="36800">
+<summary>
+Relabel packets to lrrd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mail_port" lineno="36822">
+<summary>
+Send and receive TCP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mail_port" lineno="36841">
+<summary>
+Send UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mail_port" lineno="36860">
+<summary>
+Do not audit attempts to send UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mail_port" lineno="36879">
+<summary>
+Receive UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="36898">
+<summary>
+Do not audit attempts to receive UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mail_port" lineno="36917">
+<summary>
+Send and receive UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="36934">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mail_port" lineno="36950">
+<summary>
+Bind TCP sockets to the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mail_port" lineno="36970">
+<summary>
+Bind UDP sockets to the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mail_port" lineno="36989">
+<summary>
+Make a TCP connection to the mail port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mail_client_packets" lineno="37009">
+<summary>
+Send mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mail_client_packets" lineno="37028">
+<summary>
+Do not audit attempts to send mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mail_client_packets" lineno="37047">
+<summary>
+Receive mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="37066">
+<summary>
+Do not audit attempts to receive mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mail_client_packets" lineno="37085">
+<summary>
+Send and receive mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="37101">
+<summary>
+Do not audit attempts to send and receive mail_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mail_client_packets" lineno="37116">
+<summary>
+Relabel packets to mail_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mail_server_packets" lineno="37136">
+<summary>
+Send mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mail_server_packets" lineno="37155">
+<summary>
+Do not audit attempts to send mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mail_server_packets" lineno="37174">
+<summary>
+Receive mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="37193">
+<summary>
+Do not audit attempts to receive mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mail_server_packets" lineno="37212">
+<summary>
+Send and receive mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="37228">
+<summary>
+Do not audit attempts to send and receive mail_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mail_server_packets" lineno="37243">
+<summary>
+Relabel packets to mail_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_matahari_port" lineno="37265">
+<summary>
+Send and receive TCP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_matahari_port" lineno="37284">
+<summary>
+Send UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="37303">
+<summary>
+Do not audit attempts to send UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_matahari_port" lineno="37322">
+<summary>
+Receive UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="37341">
+<summary>
+Do not audit attempts to receive UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_matahari_port" lineno="37360">
+<summary>
+Send and receive UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="37377">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_matahari_port" lineno="37393">
+<summary>
+Bind TCP sockets to the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_matahari_port" lineno="37413">
+<summary>
+Bind UDP sockets to the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_matahari_port" lineno="37432">
+<summary>
+Make a TCP connection to the matahari port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_matahari_client_packets" lineno="37452">
+<summary>
+Send matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="37471">
+<summary>
+Do not audit attempts to send matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_matahari_client_packets" lineno="37490">
+<summary>
+Receive matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="37509">
+<summary>
+Do not audit attempts to receive matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_matahari_client_packets" lineno="37528">
+<summary>
+Send and receive matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="37544">
+<summary>
+Do not audit attempts to send and receive matahari_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_matahari_client_packets" lineno="37559">
+<summary>
+Relabel packets to matahari_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_matahari_server_packets" lineno="37579">
+<summary>
+Send matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="37598">
+<summary>
+Do not audit attempts to send matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_matahari_server_packets" lineno="37617">
+<summary>
+Receive matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="37636">
+<summary>
+Do not audit attempts to receive matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_matahari_server_packets" lineno="37655">
+<summary>
+Send and receive matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="37671">
+<summary>
+Do not audit attempts to send and receive matahari_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_matahari_server_packets" lineno="37686">
+<summary>
+Relabel packets to matahari_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_memcache_port" lineno="37708">
+<summary>
+Send and receive TCP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_memcache_port" lineno="37727">
+<summary>
+Send UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="37746">
+<summary>
+Do not audit attempts to send UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_memcache_port" lineno="37765">
+<summary>
+Receive UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="37784">
+<summary>
+Do not audit attempts to receive UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_memcache_port" lineno="37803">
+<summary>
+Send and receive UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="37820">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_memcache_port" lineno="37836">
+<summary>
+Bind TCP sockets to the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_memcache_port" lineno="37856">
+<summary>
+Bind UDP sockets to the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_memcache_port" lineno="37875">
+<summary>
+Make a TCP connection to the memcache port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_memcache_client_packets" lineno="37895">
+<summary>
+Send memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="37914">
+<summary>
+Do not audit attempts to send memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_memcache_client_packets" lineno="37933">
+<summary>
+Receive memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="37952">
+<summary>
+Do not audit attempts to receive memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_memcache_client_packets" lineno="37971">
+<summary>
+Send and receive memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="37987">
+<summary>
+Do not audit attempts to send and receive memcache_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_memcache_client_packets" lineno="38002">
+<summary>
+Relabel packets to memcache_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_memcache_server_packets" lineno="38022">
+<summary>
+Send memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="38041">
+<summary>
+Do not audit attempts to send memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_memcache_server_packets" lineno="38060">
+<summary>
+Receive memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="38079">
+<summary>
+Do not audit attempts to receive memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_memcache_server_packets" lineno="38098">
+<summary>
+Send and receive memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="38114">
+<summary>
+Do not audit attempts to send and receive memcache_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_memcache_server_packets" lineno="38129">
+<summary>
+Relabel packets to memcache_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_milter_port" lineno="38151">
+<summary>
+Send and receive TCP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_milter_port" lineno="38170">
+<summary>
+Send UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_milter_port" lineno="38189">
+<summary>
+Do not audit attempts to send UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_milter_port" lineno="38208">
+<summary>
+Receive UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="38227">
+<summary>
+Do not audit attempts to receive UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_milter_port" lineno="38246">
+<summary>
+Send and receive UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="38263">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_milter_port" lineno="38279">
+<summary>
+Bind TCP sockets to the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_milter_port" lineno="38299">
+<summary>
+Bind UDP sockets to the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_milter_port" lineno="38318">
+<summary>
+Make a TCP connection to the milter port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_milter_client_packets" lineno="38338">
+<summary>
+Send milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_milter_client_packets" lineno="38357">
+<summary>
+Do not audit attempts to send milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_milter_client_packets" lineno="38376">
+<summary>
+Receive milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="38395">
+<summary>
+Do not audit attempts to receive milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_milter_client_packets" lineno="38414">
+<summary>
+Send and receive milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="38430">
+<summary>
+Do not audit attempts to send and receive milter_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_milter_client_packets" lineno="38445">
+<summary>
+Relabel packets to milter_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_milter_server_packets" lineno="38465">
+<summary>
+Send milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_milter_server_packets" lineno="38484">
+<summary>
+Do not audit attempts to send milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_milter_server_packets" lineno="38503">
+<summary>
+Receive milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="38522">
+<summary>
+Do not audit attempts to receive milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_milter_server_packets" lineno="38541">
+<summary>
+Send and receive milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="38557">
+<summary>
+Do not audit attempts to send and receive milter_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_milter_server_packets" lineno="38572">
+<summary>
+Relabel packets to milter_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="38594">
+<summary>
+Send and receive TCP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mmcc_port" lineno="38613">
+<summary>
+Send UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="38632">
+<summary>
+Do not audit attempts to send UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mmcc_port" lineno="38651">
+<summary>
+Receive UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="38670">
+<summary>
+Do not audit attempts to receive UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mmcc_port" lineno="38689">
+<summary>
+Send and receive UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="38706">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mmcc_port" lineno="38722">
+<summary>
+Bind TCP sockets to the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mmcc_port" lineno="38742">
+<summary>
+Bind UDP sockets to the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mmcc_port" lineno="38761">
+<summary>
+Make a TCP connection to the mmcc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mmcc_client_packets" lineno="38781">
+<summary>
+Send mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="38800">
+<summary>
+Do not audit attempts to send mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mmcc_client_packets" lineno="38819">
+<summary>
+Receive mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="38838">
+<summary>
+Do not audit attempts to receive mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mmcc_client_packets" lineno="38857">
+<summary>
+Send and receive mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="38873">
+<summary>
+Do not audit attempts to send and receive mmcc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mmcc_client_packets" lineno="38888">
+<summary>
+Relabel packets to mmcc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mmcc_server_packets" lineno="38908">
+<summary>
+Send mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="38927">
+<summary>
+Do not audit attempts to send mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mmcc_server_packets" lineno="38946">
+<summary>
+Receive mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="38965">
+<summary>
+Do not audit attempts to receive mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mmcc_server_packets" lineno="38984">
+<summary>
+Send and receive mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="39000">
+<summary>
+Do not audit attempts to send and receive mmcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mmcc_server_packets" lineno="39015">
+<summary>
+Relabel packets to mmcc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_monopd_port" lineno="39037">
+<summary>
+Send and receive TCP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_monopd_port" lineno="39056">
+<summary>
+Send UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="39075">
+<summary>
+Do not audit attempts to send UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_monopd_port" lineno="39094">
+<summary>
+Receive UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="39113">
+<summary>
+Do not audit attempts to receive UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_monopd_port" lineno="39132">
+<summary>
+Send and receive UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="39149">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_monopd_port" lineno="39165">
+<summary>
+Bind TCP sockets to the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_monopd_port" lineno="39185">
+<summary>
+Bind UDP sockets to the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_monopd_port" lineno="39204">
+<summary>
+Make a TCP connection to the monopd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_monopd_client_packets" lineno="39224">
+<summary>
+Send monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="39243">
+<summary>
+Do not audit attempts to send monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_monopd_client_packets" lineno="39262">
+<summary>
+Receive monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="39281">
+<summary>
+Do not audit attempts to receive monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_monopd_client_packets" lineno="39300">
+<summary>
+Send and receive monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="39316">
+<summary>
+Do not audit attempts to send and receive monopd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_monopd_client_packets" lineno="39331">
+<summary>
+Relabel packets to monopd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_monopd_server_packets" lineno="39351">
+<summary>
+Send monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="39370">
+<summary>
+Do not audit attempts to send monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_monopd_server_packets" lineno="39389">
+<summary>
+Receive monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="39408">
+<summary>
+Do not audit attempts to receive monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_monopd_server_packets" lineno="39427">
+<summary>
+Send and receive monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="39443">
+<summary>
+Do not audit attempts to send and receive monopd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_monopd_server_packets" lineno="39458">
+<summary>
+Relabel packets to monopd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mpd_port" lineno="39480">
+<summary>
+Send and receive TCP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mpd_port" lineno="39499">
+<summary>
+Send UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="39518">
+<summary>
+Do not audit attempts to send UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mpd_port" lineno="39537">
+<summary>
+Receive UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="39556">
+<summary>
+Do not audit attempts to receive UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mpd_port" lineno="39575">
+<summary>
+Send and receive UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="39592">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mpd_port" lineno="39608">
+<summary>
+Bind TCP sockets to the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mpd_port" lineno="39628">
+<summary>
+Bind UDP sockets to the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mpd_port" lineno="39647">
+<summary>
+Make a TCP connection to the mpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mpd_client_packets" lineno="39667">
+<summary>
+Send mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="39686">
+<summary>
+Do not audit attempts to send mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mpd_client_packets" lineno="39705">
+<summary>
+Receive mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="39724">
+<summary>
+Do not audit attempts to receive mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mpd_client_packets" lineno="39743">
+<summary>
+Send and receive mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="39759">
+<summary>
+Do not audit attempts to send and receive mpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mpd_client_packets" lineno="39774">
+<summary>
+Relabel packets to mpd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mpd_server_packets" lineno="39794">
+<summary>
+Send mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="39813">
+<summary>
+Do not audit attempts to send mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mpd_server_packets" lineno="39832">
+<summary>
+Receive mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="39851">
+<summary>
+Do not audit attempts to receive mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mpd_server_packets" lineno="39870">
+<summary>
+Send and receive mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="39886">
+<summary>
+Do not audit attempts to send and receive mpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mpd_server_packets" lineno="39901">
+<summary>
+Relabel packets to mpd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_msnp_port" lineno="39923">
+<summary>
+Send and receive TCP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_msnp_port" lineno="39942">
+<summary>
+Send UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="39961">
+<summary>
+Do not audit attempts to send UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_msnp_port" lineno="39980">
+<summary>
+Receive UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="39999">
+<summary>
+Do not audit attempts to receive UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_msnp_port" lineno="40018">
+<summary>
+Send and receive UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="40035">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_msnp_port" lineno="40051">
+<summary>
+Bind TCP sockets to the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_msnp_port" lineno="40071">
+<summary>
+Bind UDP sockets to the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_msnp_port" lineno="40090">
+<summary>
+Make a TCP connection to the msnp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_msnp_client_packets" lineno="40110">
+<summary>
+Send msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="40129">
+<summary>
+Do not audit attempts to send msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_msnp_client_packets" lineno="40148">
+<summary>
+Receive msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="40167">
+<summary>
+Do not audit attempts to receive msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_msnp_client_packets" lineno="40186">
+<summary>
+Send and receive msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="40202">
+<summary>
+Do not audit attempts to send and receive msnp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_msnp_client_packets" lineno="40217">
+<summary>
+Relabel packets to msnp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_msnp_server_packets" lineno="40237">
+<summary>
+Send msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="40256">
+<summary>
+Do not audit attempts to send msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_msnp_server_packets" lineno="40275">
+<summary>
+Receive msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="40294">
+<summary>
+Do not audit attempts to receive msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_msnp_server_packets" lineno="40313">
+<summary>
+Send and receive msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="40329">
+<summary>
+Do not audit attempts to send and receive msnp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_msnp_server_packets" lineno="40344">
+<summary>
+Relabel packets to msnp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mssql_port" lineno="40366">
+<summary>
+Send and receive TCP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mssql_port" lineno="40385">
+<summary>
+Send UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="40404">
+<summary>
+Do not audit attempts to send UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mssql_port" lineno="40423">
+<summary>
+Receive UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="40442">
+<summary>
+Do not audit attempts to receive UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mssql_port" lineno="40461">
+<summary>
+Send and receive UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="40478">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mssql_port" lineno="40494">
+<summary>
+Bind TCP sockets to the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mssql_port" lineno="40514">
+<summary>
+Bind UDP sockets to the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mssql_port" lineno="40533">
+<summary>
+Make a TCP connection to the mssql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mssql_client_packets" lineno="40553">
+<summary>
+Send mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="40572">
+<summary>
+Do not audit attempts to send mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mssql_client_packets" lineno="40591">
+<summary>
+Receive mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="40610">
+<summary>
+Do not audit attempts to receive mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mssql_client_packets" lineno="40629">
+<summary>
+Send and receive mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="40645">
+<summary>
+Do not audit attempts to send and receive mssql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mssql_client_packets" lineno="40660">
+<summary>
+Relabel packets to mssql_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mssql_server_packets" lineno="40680">
+<summary>
+Send mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="40699">
+<summary>
+Do not audit attempts to send mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mssql_server_packets" lineno="40718">
+<summary>
+Receive mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="40737">
+<summary>
+Do not audit attempts to receive mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mssql_server_packets" lineno="40756">
+<summary>
+Send and receive mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="40772">
+<summary>
+Do not audit attempts to send and receive mssql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mssql_server_packets" lineno="40787">
+<summary>
+Relabel packets to mssql_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_munin_port" lineno="40809">
+<summary>
+Send and receive TCP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_munin_port" lineno="40828">
+<summary>
+Send UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_munin_port" lineno="40847">
+<summary>
+Do not audit attempts to send UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_munin_port" lineno="40866">
+<summary>
+Receive UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="40885">
+<summary>
+Do not audit attempts to receive UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_munin_port" lineno="40904">
+<summary>
+Send and receive UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="40921">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_munin_port" lineno="40937">
+<summary>
+Bind TCP sockets to the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_munin_port" lineno="40957">
+<summary>
+Bind UDP sockets to the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_munin_port" lineno="40976">
+<summary>
+Make a TCP connection to the munin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_munin_client_packets" lineno="40996">
+<summary>
+Send munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_munin_client_packets" lineno="41015">
+<summary>
+Do not audit attempts to send munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_munin_client_packets" lineno="41034">
+<summary>
+Receive munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="41053">
+<summary>
+Do not audit attempts to receive munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_munin_client_packets" lineno="41072">
+<summary>
+Send and receive munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="41088">
+<summary>
+Do not audit attempts to send and receive munin_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_munin_client_packets" lineno="41103">
+<summary>
+Relabel packets to munin_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_munin_server_packets" lineno="41123">
+<summary>
+Send munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_munin_server_packets" lineno="41142">
+<summary>
+Do not audit attempts to send munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_munin_server_packets" lineno="41161">
+<summary>
+Receive munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="41180">
+<summary>
+Do not audit attempts to receive munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_munin_server_packets" lineno="41199">
+<summary>
+Send and receive munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="41215">
+<summary>
+Do not audit attempts to send and receive munin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_munin_server_packets" lineno="41230">
+<summary>
+Relabel packets to munin_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="41252">
+<summary>
+Send and receive TCP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mysqld_port" lineno="41271">
+<summary>
+Send UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="41290">
+<summary>
+Do not audit attempts to send UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mysqld_port" lineno="41309">
+<summary>
+Receive UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="41328">
+<summary>
+Do not audit attempts to receive UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mysqld_port" lineno="41347">
+<summary>
+Send and receive UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="41364">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mysqld_port" lineno="41380">
+<summary>
+Bind TCP sockets to the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mysqld_port" lineno="41400">
+<summary>
+Bind UDP sockets to the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mysqld_port" lineno="41419">
+<summary>
+Make a TCP connection to the mysqld port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mysqld_client_packets" lineno="41439">
+<summary>
+Send mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="41458">
+<summary>
+Do not audit attempts to send mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mysqld_client_packets" lineno="41477">
+<summary>
+Receive mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="41496">
+<summary>
+Do not audit attempts to receive mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mysqld_client_packets" lineno="41515">
+<summary>
+Send and receive mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="41531">
+<summary>
+Do not audit attempts to send and receive mysqld_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mysqld_client_packets" lineno="41546">
+<summary>
+Relabel packets to mysqld_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mysqld_server_packets" lineno="41566">
+<summary>
+Send mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="41585">
+<summary>
+Do not audit attempts to send mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mysqld_server_packets" lineno="41604">
+<summary>
+Receive mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="41623">
+<summary>
+Do not audit attempts to receive mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mysqld_server_packets" lineno="41642">
+<summary>
+Send and receive mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="41658">
+<summary>
+Do not audit attempts to send and receive mysqld_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mysqld_server_packets" lineno="41673">
+<summary>
+Relabel packets to mysqld_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="41695">
+<summary>
+Send and receive TCP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="41714">
+<summary>
+Send UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="41733">
+<summary>
+Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="41752">
+<summary>
+Receive UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="41771">
+<summary>
+Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="41790">
+<summary>
+Send and receive UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="41807">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="41823">
+<summary>
+Bind TCP sockets to the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="41843">
+<summary>
+Bind UDP sockets to the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="41862">
+<summary>
+Make a TCP connection to the mysqlmanagerd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="41882">
+<summary>
+Send mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="41901">
+<summary>
+Do not audit attempts to send mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="41920">
+<summary>
+Receive mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="41939">
+<summary>
+Do not audit attempts to receive mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="41958">
+<summary>
+Send and receive mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="41974">
+<summary>
+Do not audit attempts to send and receive mysqlmanagerd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="41989">
+<summary>
+Relabel packets to mysqlmanagerd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="42009">
+<summary>
+Send mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="42028">
+<summary>
+Do not audit attempts to send mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="42047">
+<summary>
+Receive mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="42066">
+<summary>
+Do not audit attempts to receive mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="42085">
+<summary>
+Send and receive mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="42101">
+<summary>
+Do not audit attempts to send and receive mysqlmanagerd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="42116">
+<summary>
+Relabel packets to mysqlmanagerd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_nessus_port" lineno="42138">
+<summary>
+Send and receive TCP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_nessus_port" lineno="42157">
+<summary>
+Send UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="42176">
+<summary>
+Do not audit attempts to send UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_nessus_port" lineno="42195">
+<summary>
+Receive UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="42214">
+<summary>
+Do not audit attempts to receive UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_nessus_port" lineno="42233">
+<summary>
+Send and receive UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="42250">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_nessus_port" lineno="42266">
+<summary>
+Bind TCP sockets to the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_nessus_port" lineno="42286">
+<summary>
+Bind UDP sockets to the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_nessus_port" lineno="42305">
+<summary>
+Make a TCP connection to the nessus port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_nessus_client_packets" lineno="42325">
+<summary>
+Send nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="42344">
+<summary>
+Do not audit attempts to send nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_nessus_client_packets" lineno="42363">
+<summary>
+Receive nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="42382">
+<summary>
+Do not audit attempts to receive nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_nessus_client_packets" lineno="42401">
+<summary>
+Send and receive nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="42417">
+<summary>
+Do not audit attempts to send and receive nessus_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_nessus_client_packets" lineno="42432">
+<summary>
+Relabel packets to nessus_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_nessus_server_packets" lineno="42452">
+<summary>
+Send nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="42471">
+<summary>
+Do not audit attempts to send nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_nessus_server_packets" lineno="42490">
+<summary>
+Receive nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="42509">
+<summary>
+Do not audit attempts to receive nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_nessus_server_packets" lineno="42528">
+<summary>
+Send and receive nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="42544">
+<summary>
+Do not audit attempts to send and receive nessus_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_nessus_server_packets" lineno="42559">
+<summary>
+Relabel packets to nessus_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_netport_port" lineno="42581">
+<summary>
+Send and receive TCP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_netport_port" lineno="42600">
+<summary>
+Send UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_netport_port" lineno="42619">
+<summary>
+Do not audit attempts to send UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_netport_port" lineno="42638">
+<summary>
+Receive UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="42657">
+<summary>
+Do not audit attempts to receive UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_netport_port" lineno="42676">
+<summary>
+Send and receive UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="42693">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_netport_port" lineno="42709">
+<summary>
+Bind TCP sockets to the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_netport_port" lineno="42729">
+<summary>
+Bind UDP sockets to the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_netport_port" lineno="42748">
+<summary>
+Make a TCP connection to the netport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_netport_client_packets" lineno="42768">
+<summary>
+Send netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_netport_client_packets" lineno="42787">
+<summary>
+Do not audit attempts to send netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_netport_client_packets" lineno="42806">
+<summary>
+Receive netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="42825">
+<summary>
+Do not audit attempts to receive netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_netport_client_packets" lineno="42844">
+<summary>
+Send and receive netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="42860">
+<summary>
+Do not audit attempts to send and receive netport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_netport_client_packets" lineno="42875">
+<summary>
+Relabel packets to netport_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_netport_server_packets" lineno="42895">
+<summary>
+Send netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_netport_server_packets" lineno="42914">
+<summary>
+Do not audit attempts to send netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_netport_server_packets" lineno="42933">
+<summary>
+Receive netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="42952">
+<summary>
+Do not audit attempts to receive netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_netport_server_packets" lineno="42971">
+<summary>
+Send and receive netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="42987">
+<summary>
+Do not audit attempts to send and receive netport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_netport_server_packets" lineno="43002">
+<summary>
+Relabel packets to netport_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="43024">
+<summary>
+Send and receive TCP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_netsupport_port" lineno="43043">
+<summary>
+Send UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="43062">
+<summary>
+Do not audit attempts to send UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_netsupport_port" lineno="43081">
+<summary>
+Receive UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="43100">
+<summary>
+Do not audit attempts to receive UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_netsupport_port" lineno="43119">
+<summary>
+Send and receive UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="43136">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_netsupport_port" lineno="43152">
+<summary>
+Bind TCP sockets to the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_netsupport_port" lineno="43172">
+<summary>
+Bind UDP sockets to the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_netsupport_port" lineno="43191">
+<summary>
+Make a TCP connection to the netsupport port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_netsupport_client_packets" lineno="43211">
+<summary>
+Send netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="43230">
+<summary>
+Do not audit attempts to send netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_netsupport_client_packets" lineno="43249">
+<summary>
+Receive netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="43268">
+<summary>
+Do not audit attempts to receive netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_netsupport_client_packets" lineno="43287">
+<summary>
+Send and receive netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="43303">
+<summary>
+Do not audit attempts to send and receive netsupport_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_netsupport_client_packets" lineno="43318">
+<summary>
+Relabel packets to netsupport_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_netsupport_server_packets" lineno="43338">
+<summary>
+Send netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="43357">
+<summary>
+Do not audit attempts to send netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_netsupport_server_packets" lineno="43376">
+<summary>
+Receive netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="43395">
+<summary>
+Do not audit attempts to receive netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_netsupport_server_packets" lineno="43414">
+<summary>
+Send and receive netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="43430">
+<summary>
+Do not audit attempts to send and receive netsupport_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_netsupport_server_packets" lineno="43445">
+<summary>
+Relabel packets to netsupport_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="43467">
+<summary>
+Send and receive TCP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_nmbd_port" lineno="43486">
+<summary>
+Send UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="43505">
+<summary>
+Do not audit attempts to send UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_nmbd_port" lineno="43524">
+<summary>
+Receive UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="43543">
+<summary>
+Do not audit attempts to receive UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_nmbd_port" lineno="43562">
+<summary>
+Send and receive UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="43579">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_nmbd_port" lineno="43595">
+<summary>
+Bind TCP sockets to the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_nmbd_port" lineno="43615">
+<summary>
+Bind UDP sockets to the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_nmbd_port" lineno="43634">
+<summary>
+Make a TCP connection to the nmbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_nmbd_client_packets" lineno="43654">
+<summary>
+Send nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="43673">
+<summary>
+Do not audit attempts to send nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_nmbd_client_packets" lineno="43692">
+<summary>
+Receive nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="43711">
+<summary>
+Do not audit attempts to receive nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_nmbd_client_packets" lineno="43730">
+<summary>
+Send and receive nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="43746">
+<summary>
+Do not audit attempts to send and receive nmbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_nmbd_client_packets" lineno="43761">
+<summary>
+Relabel packets to nmbd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_nmbd_server_packets" lineno="43781">
+<summary>
+Send nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="43800">
+<summary>
+Do not audit attempts to send nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_nmbd_server_packets" lineno="43819">
+<summary>
+Receive nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="43838">
+<summary>
+Do not audit attempts to receive nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_nmbd_server_packets" lineno="43857">
+<summary>
+Send and receive nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="43873">
+<summary>
+Do not audit attempts to send and receive nmbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_nmbd_server_packets" lineno="43888">
+<summary>
+Relabel packets to nmbd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ntop_port" lineno="43910">
+<summary>
+Send and receive TCP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ntop_port" lineno="43929">
+<summary>
+Send UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="43948">
+<summary>
+Do not audit attempts to send UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ntop_port" lineno="43967">
+<summary>
+Receive UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="43986">
+<summary>
+Do not audit attempts to receive UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ntop_port" lineno="44005">
+<summary>
+Send and receive UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="44022">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ntop_port" lineno="44038">
+<summary>
+Bind TCP sockets to the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ntop_port" lineno="44058">
+<summary>
+Bind UDP sockets to the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ntop_port" lineno="44077">
+<summary>
+Make a TCP connection to the ntop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ntop_client_packets" lineno="44097">
+<summary>
+Send ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="44116">
+<summary>
+Do not audit attempts to send ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ntop_client_packets" lineno="44135">
+<summary>
+Receive ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="44154">
+<summary>
+Do not audit attempts to receive ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ntop_client_packets" lineno="44173">
+<summary>
+Send and receive ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="44189">
+<summary>
+Do not audit attempts to send and receive ntop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ntop_client_packets" lineno="44204">
+<summary>
+Relabel packets to ntop_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ntop_server_packets" lineno="44224">
+<summary>
+Send ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="44243">
+<summary>
+Do not audit attempts to send ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ntop_server_packets" lineno="44262">
+<summary>
+Receive ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="44281">
+<summary>
+Do not audit attempts to receive ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ntop_server_packets" lineno="44300">
+<summary>
+Send and receive ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="44316">
+<summary>
+Do not audit attempts to send and receive ntop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ntop_server_packets" lineno="44331">
+<summary>
+Relabel packets to ntop_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ntp_port" lineno="44353">
+<summary>
+Send and receive TCP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ntp_port" lineno="44372">
+<summary>
+Send UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="44391">
+<summary>
+Do not audit attempts to send UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ntp_port" lineno="44410">
+<summary>
+Receive UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="44429">
+<summary>
+Do not audit attempts to receive UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ntp_port" lineno="44448">
+<summary>
+Send and receive UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="44465">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ntp_port" lineno="44481">
+<summary>
+Bind TCP sockets to the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ntp_port" lineno="44501">
+<summary>
+Bind UDP sockets to the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ntp_port" lineno="44520">
+<summary>
+Make a TCP connection to the ntp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ntp_client_packets" lineno="44540">
+<summary>
+Send ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="44559">
+<summary>
+Do not audit attempts to send ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ntp_client_packets" lineno="44578">
+<summary>
+Receive ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="44597">
+<summary>
+Do not audit attempts to receive ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ntp_client_packets" lineno="44616">
+<summary>
+Send and receive ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="44632">
+<summary>
+Do not audit attempts to send and receive ntp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ntp_client_packets" lineno="44647">
+<summary>
+Relabel packets to ntp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ntp_server_packets" lineno="44667">
+<summary>
+Send ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="44686">
+<summary>
+Do not audit attempts to send ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ntp_server_packets" lineno="44705">
+<summary>
+Receive ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="44724">
+<summary>
+Do not audit attempts to receive ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ntp_server_packets" lineno="44743">
+<summary>
+Send and receive ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="44759">
+<summary>
+Do not audit attempts to send and receive ntp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ntp_server_packets" lineno="44774">
+<summary>
+Relabel packets to ntp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_oracledb_port" lineno="44796">
+<summary>
+Send and receive TCP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_oracledb_port" lineno="44815">
+<summary>
+Send UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_oracledb_port" lineno="44834">
+<summary>
+Do not audit attempts to send UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_oracledb_port" lineno="44853">
+<summary>
+Receive UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_oracledb_port" lineno="44872">
+<summary>
+Do not audit attempts to receive UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_oracledb_port" lineno="44891">
+<summary>
+Send and receive UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_oracledb_port" lineno="44908">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_oracledb_port" lineno="44924">
+<summary>
+Bind TCP sockets to the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_oracledb_port" lineno="44944">
+<summary>
+Bind UDP sockets to the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_oracledb_port" lineno="44963">
+<summary>
+Make a TCP connection to the oracledb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_oracledb_client_packets" lineno="44983">
+<summary>
+Send oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_oracledb_client_packets" lineno="45002">
+<summary>
+Do not audit attempts to send oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_oracledb_client_packets" lineno="45021">
+<summary>
+Receive oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_oracledb_client_packets" lineno="45040">
+<summary>
+Do not audit attempts to receive oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_oracledb_client_packets" lineno="45059">
+<summary>
+Send and receive oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_oracledb_client_packets" lineno="45075">
+<summary>
+Do not audit attempts to send and receive oracledb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_oracledb_client_packets" lineno="45090">
+<summary>
+Relabel packets to oracledb_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_oracledb_server_packets" lineno="45110">
+<summary>
+Send oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_oracledb_server_packets" lineno="45129">
+<summary>
+Do not audit attempts to send oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_oracledb_server_packets" lineno="45148">
+<summary>
+Receive oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_oracledb_server_packets" lineno="45167">
+<summary>
+Do not audit attempts to receive oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_oracledb_server_packets" lineno="45186">
+<summary>
+Send and receive oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_oracledb_server_packets" lineno="45202">
+<summary>
+Do not audit attempts to send and receive oracledb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_oracledb_server_packets" lineno="45217">
+<summary>
+Relabel packets to oracledb_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="45239">
+<summary>
+Send and receive TCP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ocsp_port" lineno="45258">
+<summary>
+Send UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="45277">
+<summary>
+Do not audit attempts to send UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ocsp_port" lineno="45296">
+<summary>
+Receive UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="45315">
+<summary>
+Do not audit attempts to receive UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ocsp_port" lineno="45334">
+<summary>
+Send and receive UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="45351">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ocsp_port" lineno="45367">
+<summary>
+Bind TCP sockets to the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ocsp_port" lineno="45387">
+<summary>
+Bind UDP sockets to the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ocsp_port" lineno="45406">
+<summary>
+Make a TCP connection to the ocsp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ocsp_client_packets" lineno="45426">
+<summary>
+Send ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="45445">
+<summary>
+Do not audit attempts to send ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ocsp_client_packets" lineno="45464">
+<summary>
+Receive ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="45483">
+<summary>
+Do not audit attempts to receive ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ocsp_client_packets" lineno="45502">
+<summary>
+Send and receive ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="45518">
+<summary>
+Do not audit attempts to send and receive ocsp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ocsp_client_packets" lineno="45533">
+<summary>
+Relabel packets to ocsp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ocsp_server_packets" lineno="45553">
+<summary>
+Send ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="45572">
+<summary>
+Do not audit attempts to send ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ocsp_server_packets" lineno="45591">
+<summary>
+Receive ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="45610">
+<summary>
+Do not audit attempts to receive ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ocsp_server_packets" lineno="45629">
+<summary>
+Send and receive ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="45645">
+<summary>
+Do not audit attempts to send and receive ocsp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ocsp_server_packets" lineno="45660">
+<summary>
+Relabel packets to ocsp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="45682">
+<summary>
+Send and receive TCP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_openvpn_port" lineno="45701">
+<summary>
+Send UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="45720">
+<summary>
+Do not audit attempts to send UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_openvpn_port" lineno="45739">
+<summary>
+Receive UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="45758">
+<summary>
+Do not audit attempts to receive UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_openvpn_port" lineno="45777">
+<summary>
+Send and receive UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="45794">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_openvpn_port" lineno="45810">
+<summary>
+Bind TCP sockets to the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_openvpn_port" lineno="45830">
+<summary>
+Bind UDP sockets to the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_openvpn_port" lineno="45849">
+<summary>
+Make a TCP connection to the openvpn port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_openvpn_client_packets" lineno="45869">
+<summary>
+Send openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="45888">
+<summary>
+Do not audit attempts to send openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_openvpn_client_packets" lineno="45907">
+<summary>
+Receive openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="45926">
+<summary>
+Do not audit attempts to receive openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_openvpn_client_packets" lineno="45945">
+<summary>
+Send and receive openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="45961">
+<summary>
+Do not audit attempts to send and receive openvpn_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_openvpn_client_packets" lineno="45976">
+<summary>
+Relabel packets to openvpn_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_openvpn_server_packets" lineno="45996">
+<summary>
+Send openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="46015">
+<summary>
+Do not audit attempts to send openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_openvpn_server_packets" lineno="46034">
+<summary>
+Receive openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="46053">
+<summary>
+Do not audit attempts to receive openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_openvpn_server_packets" lineno="46072">
+<summary>
+Send and receive openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="46088">
+<summary>
+Do not audit attempts to send and receive openvpn_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_openvpn_server_packets" lineno="46103">
+<summary>
+Relabel packets to openvpn_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="46125">
+<summary>
+Send and receive TCP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pegasus_http_port" lineno="46144">
+<summary>
+Send UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="46163">
+<summary>
+Do not audit attempts to send UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pegasus_http_port" lineno="46182">
+<summary>
+Receive UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="46201">
+<summary>
+Do not audit attempts to receive UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="46220">
+<summary>
+Send and receive UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="46237">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pegasus_http_port" lineno="46253">
+<summary>
+Bind TCP sockets to the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pegasus_http_port" lineno="46273">
+<summary>
+Bind UDP sockets to the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pegasus_http_port" lineno="46292">
+<summary>
+Make a TCP connection to the pegasus_http port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pegasus_http_client_packets" lineno="46312">
+<summary>
+Send pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="46331">
+<summary>
+Do not audit attempts to send pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pegasus_http_client_packets" lineno="46350">
+<summary>
+Receive pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="46369">
+<summary>
+Do not audit attempts to receive pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="46388">
+<summary>
+Send and receive pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="46404">
+<summary>
+Do not audit attempts to send and receive pegasus_http_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="46419">
+<summary>
+Relabel packets to pegasus_http_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pegasus_http_server_packets" lineno="46439">
+<summary>
+Send pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="46458">
+<summary>
+Do not audit attempts to send pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pegasus_http_server_packets" lineno="46477">
+<summary>
+Receive pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="46496">
+<summary>
+Do not audit attempts to receive pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="46515">
+<summary>
+Send and receive pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="46531">
+<summary>
+Do not audit attempts to send and receive pegasus_http_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="46546">
+<summary>
+Relabel packets to pegasus_http_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="46568">
+<summary>
+Send and receive TCP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pegasus_https_port" lineno="46587">
+<summary>
+Send UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="46606">
+<summary>
+Do not audit attempts to send UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pegasus_https_port" lineno="46625">
+<summary>
+Receive UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="46644">
+<summary>
+Do not audit attempts to receive UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="46663">
+<summary>
+Send and receive UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="46680">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pegasus_https_port" lineno="46696">
+<summary>
+Bind TCP sockets to the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pegasus_https_port" lineno="46716">
+<summary>
+Bind UDP sockets to the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pegasus_https_port" lineno="46735">
+<summary>
+Make a TCP connection to the pegasus_https port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pegasus_https_client_packets" lineno="46755">
+<summary>
+Send pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="46774">
+<summary>
+Do not audit attempts to send pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pegasus_https_client_packets" lineno="46793">
+<summary>
+Receive pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="46812">
+<summary>
+Do not audit attempts to receive pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="46831">
+<summary>
+Send and receive pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="46847">
+<summary>
+Do not audit attempts to send and receive pegasus_https_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="46862">
+<summary>
+Relabel packets to pegasus_https_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pegasus_https_server_packets" lineno="46882">
+<summary>
+Send pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="46901">
+<summary>
+Do not audit attempts to send pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pegasus_https_server_packets" lineno="46920">
+<summary>
+Receive pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="46939">
+<summary>
+Do not audit attempts to receive pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="46958">
+<summary>
+Send and receive pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="46974">
+<summary>
+Do not audit attempts to send and receive pegasus_https_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="46989">
+<summary>
+Relabel packets to pegasus_https_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="47011">
+<summary>
+Send and receive TCP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pgpkeyserver_port" lineno="47030">
+<summary>
+Send UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="47049">
+<summary>
+Do not audit attempts to send UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="47068">
+<summary>
+Receive UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="47087">
+<summary>
+Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="47106">
+<summary>
+Send and receive UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="47123">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="47139">
+<summary>
+Bind TCP sockets to the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="47159">
+<summary>
+Bind UDP sockets to the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="47178">
+<summary>
+Make a TCP connection to the pgpkeyserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pgpkeyserver_client_packets" lineno="47198">
+<summary>
+Send pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="47217">
+<summary>
+Do not audit attempts to send pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="47236">
+<summary>
+Receive pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="47255">
+<summary>
+Do not audit attempts to receive pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="47274">
+<summary>
+Send and receive pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="47290">
+<summary>
+Do not audit attempts to send and receive pgpkeyserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="47305">
+<summary>
+Relabel packets to pgpkeyserver_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pgpkeyserver_server_packets" lineno="47325">
+<summary>
+Send pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="47344">
+<summary>
+Do not audit attempts to send pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="47363">
+<summary>
+Receive pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="47382">
+<summary>
+Do not audit attempts to receive pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="47401">
+<summary>
+Send and receive pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="47417">
+<summary>
+Do not audit attempts to send and receive pgpkeyserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="47432">
+<summary>
+Relabel packets to pgpkeyserver_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pingd_port" lineno="47454">
+<summary>
+Send and receive TCP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pingd_port" lineno="47473">
+<summary>
+Send UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="47492">
+<summary>
+Do not audit attempts to send UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pingd_port" lineno="47511">
+<summary>
+Receive UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="47530">
+<summary>
+Do not audit attempts to receive UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pingd_port" lineno="47549">
+<summary>
+Send and receive UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="47566">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pingd_port" lineno="47582">
+<summary>
+Bind TCP sockets to the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pingd_port" lineno="47602">
+<summary>
+Bind UDP sockets to the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pingd_port" lineno="47621">
+<summary>
+Make a TCP connection to the pingd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pingd_client_packets" lineno="47641">
+<summary>
+Send pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="47660">
+<summary>
+Do not audit attempts to send pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pingd_client_packets" lineno="47679">
+<summary>
+Receive pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="47698">
+<summary>
+Do not audit attempts to receive pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pingd_client_packets" lineno="47717">
+<summary>
+Send and receive pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="47733">
+<summary>
+Do not audit attempts to send and receive pingd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pingd_client_packets" lineno="47748">
+<summary>
+Relabel packets to pingd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pingd_server_packets" lineno="47768">
+<summary>
+Send pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="47787">
+<summary>
+Do not audit attempts to send pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pingd_server_packets" lineno="47806">
+<summary>
+Receive pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="47825">
+<summary>
+Do not audit attempts to receive pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pingd_server_packets" lineno="47844">
+<summary>
+Send and receive pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="47860">
+<summary>
+Do not audit attempts to send and receive pingd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pingd_server_packets" lineno="47875">
+<summary>
+Relabel packets to pingd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pop_port" lineno="47897">
+<summary>
+Send and receive TCP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pop_port" lineno="47916">
+<summary>
+Send UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pop_port" lineno="47935">
+<summary>
+Do not audit attempts to send UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pop_port" lineno="47954">
+<summary>
+Receive UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="47973">
+<summary>
+Do not audit attempts to receive UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pop_port" lineno="47992">
+<summary>
+Send and receive UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="48009">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pop_port" lineno="48025">
+<summary>
+Bind TCP sockets to the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pop_port" lineno="48045">
+<summary>
+Bind UDP sockets to the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pop_port" lineno="48064">
+<summary>
+Make a TCP connection to the pop port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pop_client_packets" lineno="48084">
+<summary>
+Send pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pop_client_packets" lineno="48103">
+<summary>
+Do not audit attempts to send pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pop_client_packets" lineno="48122">
+<summary>
+Receive pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="48141">
+<summary>
+Do not audit attempts to receive pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pop_client_packets" lineno="48160">
+<summary>
+Send and receive pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="48176">
+<summary>
+Do not audit attempts to send and receive pop_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pop_client_packets" lineno="48191">
+<summary>
+Relabel packets to pop_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pop_server_packets" lineno="48211">
+<summary>
+Send pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pop_server_packets" lineno="48230">
+<summary>
+Do not audit attempts to send pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pop_server_packets" lineno="48249">
+<summary>
+Receive pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="48268">
+<summary>
+Do not audit attempts to receive pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pop_server_packets" lineno="48287">
+<summary>
+Send and receive pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="48303">
+<summary>
+Do not audit attempts to send and receive pop_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pop_server_packets" lineno="48318">
+<summary>
+Relabel packets to pop_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_portmap_port" lineno="48340">
+<summary>
+Send and receive TCP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_portmap_port" lineno="48359">
+<summary>
+Send UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="48378">
+<summary>
+Do not audit attempts to send UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_portmap_port" lineno="48397">
+<summary>
+Receive UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="48416">
+<summary>
+Do not audit attempts to receive UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_portmap_port" lineno="48435">
+<summary>
+Send and receive UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="48452">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_portmap_port" lineno="48468">
+<summary>
+Bind TCP sockets to the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_portmap_port" lineno="48488">
+<summary>
+Bind UDP sockets to the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_portmap_port" lineno="48507">
+<summary>
+Make a TCP connection to the portmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_portmap_client_packets" lineno="48527">
+<summary>
+Send portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="48546">
+<summary>
+Do not audit attempts to send portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_portmap_client_packets" lineno="48565">
+<summary>
+Receive portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="48584">
+<summary>
+Do not audit attempts to receive portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_portmap_client_packets" lineno="48603">
+<summary>
+Send and receive portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="48619">
+<summary>
+Do not audit attempts to send and receive portmap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_portmap_client_packets" lineno="48634">
+<summary>
+Relabel packets to portmap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_portmap_server_packets" lineno="48654">
+<summary>
+Send portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="48673">
+<summary>
+Do not audit attempts to send portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_portmap_server_packets" lineno="48692">
+<summary>
+Receive portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="48711">
+<summary>
+Do not audit attempts to receive portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_portmap_server_packets" lineno="48730">
+<summary>
+Send and receive portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="48746">
+<summary>
+Do not audit attempts to send and receive portmap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_portmap_server_packets" lineno="48761">
+<summary>
+Relabel packets to portmap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="48783">
+<summary>
+Send and receive TCP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_postfix_policyd_port" lineno="48802">
+<summary>
+Send UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="48821">
+<summary>
+Do not audit attempts to send UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_postfix_policyd_port" lineno="48840">
+<summary>
+Receive UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="48859">
+<summary>
+Do not audit attempts to receive UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="48878">
+<summary>
+Send and receive UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="48895">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="48911">
+<summary>
+Bind TCP sockets to the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_postfix_policyd_port" lineno="48931">
+<summary>
+Bind UDP sockets to the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="48950">
+<summary>
+Make a TCP connection to the postfix_policyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postfix_policyd_client_packets" lineno="48970">
+<summary>
+Send postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="48989">
+<summary>
+Do not audit attempts to send postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postfix_policyd_client_packets" lineno="49008">
+<summary>
+Receive postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="49027">
+<summary>
+Do not audit attempts to receive postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="49046">
+<summary>
+Send and receive postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="49062">
+<summary>
+Do not audit attempts to send and receive postfix_policyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="49077">
+<summary>
+Relabel packets to postfix_policyd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postfix_policyd_server_packets" lineno="49097">
+<summary>
+Send postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="49116">
+<summary>
+Do not audit attempts to send postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postfix_policyd_server_packets" lineno="49135">
+<summary>
+Receive postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="49154">
+<summary>
+Do not audit attempts to receive postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="49173">
+<summary>
+Send and receive postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="49189">
+<summary>
+Do not audit attempts to send and receive postfix_policyd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="49204">
+<summary>
+Relabel packets to postfix_policyd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="49226">
+<summary>
+Send and receive TCP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_postgresql_port" lineno="49245">
+<summary>
+Send UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="49264">
+<summary>
+Do not audit attempts to send UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_postgresql_port" lineno="49283">
+<summary>
+Receive UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="49302">
+<summary>
+Do not audit attempts to receive UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_postgresql_port" lineno="49321">
+<summary>
+Send and receive UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="49338">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_postgresql_port" lineno="49354">
+<summary>
+Bind TCP sockets to the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_postgresql_port" lineno="49374">
+<summary>
+Bind UDP sockets to the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_postgresql_port" lineno="49393">
+<summary>
+Make a TCP connection to the postgresql port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postgresql_client_packets" lineno="49413">
+<summary>
+Send postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="49432">
+<summary>
+Do not audit attempts to send postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postgresql_client_packets" lineno="49451">
+<summary>
+Receive postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="49470">
+<summary>
+Do not audit attempts to receive postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postgresql_client_packets" lineno="49489">
+<summary>
+Send and receive postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="49505">
+<summary>
+Do not audit attempts to send and receive postgresql_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postgresql_client_packets" lineno="49520">
+<summary>
+Relabel packets to postgresql_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postgresql_server_packets" lineno="49540">
+<summary>
+Send postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="49559">
+<summary>
+Do not audit attempts to send postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postgresql_server_packets" lineno="49578">
+<summary>
+Receive postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="49597">
+<summary>
+Do not audit attempts to receive postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postgresql_server_packets" lineno="49616">
+<summary>
+Send and receive postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="49632">
+<summary>
+Do not audit attempts to send and receive postgresql_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postgresql_server_packets" lineno="49647">
+<summary>
+Relabel packets to postgresql_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="49669">
+<summary>
+Send and receive TCP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_postgrey_port" lineno="49688">
+<summary>
+Send UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="49707">
+<summary>
+Do not audit attempts to send UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_postgrey_port" lineno="49726">
+<summary>
+Receive UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="49745">
+<summary>
+Do not audit attempts to receive UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_postgrey_port" lineno="49764">
+<summary>
+Send and receive UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="49781">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_postgrey_port" lineno="49797">
+<summary>
+Bind TCP sockets to the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_postgrey_port" lineno="49817">
+<summary>
+Bind UDP sockets to the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_postgrey_port" lineno="49836">
+<summary>
+Make a TCP connection to the postgrey port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postgrey_client_packets" lineno="49856">
+<summary>
+Send postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="49875">
+<summary>
+Do not audit attempts to send postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postgrey_client_packets" lineno="49894">
+<summary>
+Receive postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="49913">
+<summary>
+Do not audit attempts to receive postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postgrey_client_packets" lineno="49932">
+<summary>
+Send and receive postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="49948">
+<summary>
+Do not audit attempts to send and receive postgrey_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postgrey_client_packets" lineno="49963">
+<summary>
+Relabel packets to postgrey_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_postgrey_server_packets" lineno="49983">
+<summary>
+Send postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="50002">
+<summary>
+Do not audit attempts to send postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_postgrey_server_packets" lineno="50021">
+<summary>
+Receive postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="50040">
+<summary>
+Do not audit attempts to receive postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_postgrey_server_packets" lineno="50059">
+<summary>
+Send and receive postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="50075">
+<summary>
+Do not audit attempts to send and receive postgrey_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_postgrey_server_packets" lineno="50090">
+<summary>
+Relabel packets to postgrey_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_prelude_port" lineno="50112">
+<summary>
+Send and receive TCP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_prelude_port" lineno="50131">
+<summary>
+Send UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="50150">
+<summary>
+Do not audit attempts to send UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_prelude_port" lineno="50169">
+<summary>
+Receive UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="50188">
+<summary>
+Do not audit attempts to receive UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_prelude_port" lineno="50207">
+<summary>
+Send and receive UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="50224">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_prelude_port" lineno="50240">
+<summary>
+Bind TCP sockets to the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_prelude_port" lineno="50260">
+<summary>
+Bind UDP sockets to the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_prelude_port" lineno="50279">
+<summary>
+Make a TCP connection to the prelude port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_prelude_client_packets" lineno="50299">
+<summary>
+Send prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="50318">
+<summary>
+Do not audit attempts to send prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_prelude_client_packets" lineno="50337">
+<summary>
+Receive prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="50356">
+<summary>
+Do not audit attempts to receive prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_prelude_client_packets" lineno="50375">
+<summary>
+Send and receive prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="50391">
+<summary>
+Do not audit attempts to send and receive prelude_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_prelude_client_packets" lineno="50406">
+<summary>
+Relabel packets to prelude_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_prelude_server_packets" lineno="50426">
+<summary>
+Send prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="50445">
+<summary>
+Do not audit attempts to send prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_prelude_server_packets" lineno="50464">
+<summary>
+Receive prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="50483">
+<summary>
+Do not audit attempts to receive prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_prelude_server_packets" lineno="50502">
+<summary>
+Send and receive prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="50518">
+<summary>
+Do not audit attempts to send and receive prelude_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_prelude_server_packets" lineno="50533">
+<summary>
+Relabel packets to prelude_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_presence_port" lineno="50555">
+<summary>
+Send and receive TCP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_presence_port" lineno="50574">
+<summary>
+Send UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_presence_port" lineno="50593">
+<summary>
+Do not audit attempts to send UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_presence_port" lineno="50612">
+<summary>
+Receive UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="50631">
+<summary>
+Do not audit attempts to receive UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_presence_port" lineno="50650">
+<summary>
+Send and receive UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="50667">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_presence_port" lineno="50683">
+<summary>
+Bind TCP sockets to the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_presence_port" lineno="50703">
+<summary>
+Bind UDP sockets to the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_presence_port" lineno="50722">
+<summary>
+Make a TCP connection to the presence port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_presence_client_packets" lineno="50742">
+<summary>
+Send presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_presence_client_packets" lineno="50761">
+<summary>
+Do not audit attempts to send presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_presence_client_packets" lineno="50780">
+<summary>
+Receive presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="50799">
+<summary>
+Do not audit attempts to receive presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_presence_client_packets" lineno="50818">
+<summary>
+Send and receive presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="50834">
+<summary>
+Do not audit attempts to send and receive presence_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_presence_client_packets" lineno="50849">
+<summary>
+Relabel packets to presence_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_presence_server_packets" lineno="50869">
+<summary>
+Send presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_presence_server_packets" lineno="50888">
+<summary>
+Do not audit attempts to send presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_presence_server_packets" lineno="50907">
+<summary>
+Receive presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="50926">
+<summary>
+Do not audit attempts to receive presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_presence_server_packets" lineno="50945">
+<summary>
+Send and receive presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="50961">
+<summary>
+Do not audit attempts to send and receive presence_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_presence_server_packets" lineno="50976">
+<summary>
+Relabel packets to presence_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_printer_port" lineno="50998">
+<summary>
+Send and receive TCP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_printer_port" lineno="51017">
+<summary>
+Send UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_printer_port" lineno="51036">
+<summary>
+Do not audit attempts to send UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_printer_port" lineno="51055">
+<summary>
+Receive UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="51074">
+<summary>
+Do not audit attempts to receive UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_printer_port" lineno="51093">
+<summary>
+Send and receive UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="51110">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_printer_port" lineno="51126">
+<summary>
+Bind TCP sockets to the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_printer_port" lineno="51146">
+<summary>
+Bind UDP sockets to the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_printer_port" lineno="51165">
+<summary>
+Make a TCP connection to the printer port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_printer_client_packets" lineno="51185">
+<summary>
+Send printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_printer_client_packets" lineno="51204">
+<summary>
+Do not audit attempts to send printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_printer_client_packets" lineno="51223">
+<summary>
+Receive printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="51242">
+<summary>
+Do not audit attempts to receive printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_printer_client_packets" lineno="51261">
+<summary>
+Send and receive printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="51277">
+<summary>
+Do not audit attempts to send and receive printer_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_printer_client_packets" lineno="51292">
+<summary>
+Relabel packets to printer_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_printer_server_packets" lineno="51312">
+<summary>
+Send printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_printer_server_packets" lineno="51331">
+<summary>
+Do not audit attempts to send printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_printer_server_packets" lineno="51350">
+<summary>
+Receive printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="51369">
+<summary>
+Do not audit attempts to receive printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_printer_server_packets" lineno="51388">
+<summary>
+Send and receive printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="51404">
+<summary>
+Do not audit attempts to send and receive printer_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_printer_server_packets" lineno="51419">
+<summary>
+Relabel packets to printer_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ptal_port" lineno="51441">
+<summary>
+Send and receive TCP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ptal_port" lineno="51460">
+<summary>
+Send UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="51479">
+<summary>
+Do not audit attempts to send UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ptal_port" lineno="51498">
+<summary>
+Receive UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="51517">
+<summary>
+Do not audit attempts to receive UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ptal_port" lineno="51536">
+<summary>
+Send and receive UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="51553">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ptal_port" lineno="51569">
+<summary>
+Bind TCP sockets to the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ptal_port" lineno="51589">
+<summary>
+Bind UDP sockets to the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ptal_port" lineno="51608">
+<summary>
+Make a TCP connection to the ptal port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ptal_client_packets" lineno="51628">
+<summary>
+Send ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="51647">
+<summary>
+Do not audit attempts to send ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ptal_client_packets" lineno="51666">
+<summary>
+Receive ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="51685">
+<summary>
+Do not audit attempts to receive ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ptal_client_packets" lineno="51704">
+<summary>
+Send and receive ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="51720">
+<summary>
+Do not audit attempts to send and receive ptal_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ptal_client_packets" lineno="51735">
+<summary>
+Relabel packets to ptal_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ptal_server_packets" lineno="51755">
+<summary>
+Send ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="51774">
+<summary>
+Do not audit attempts to send ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ptal_server_packets" lineno="51793">
+<summary>
+Receive ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="51812">
+<summary>
+Do not audit attempts to receive ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ptal_server_packets" lineno="51831">
+<summary>
+Send and receive ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="51847">
+<summary>
+Do not audit attempts to send and receive ptal_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ptal_server_packets" lineno="51862">
+<summary>
+Relabel packets to ptal_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="51884">
+<summary>
+Send and receive TCP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pulseaudio_port" lineno="51903">
+<summary>
+Send UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="51922">
+<summary>
+Do not audit attempts to send UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pulseaudio_port" lineno="51941">
+<summary>
+Receive UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="51960">
+<summary>
+Do not audit attempts to receive UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="51979">
+<summary>
+Send and receive UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="51996">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pulseaudio_port" lineno="52012">
+<summary>
+Bind TCP sockets to the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pulseaudio_port" lineno="52032">
+<summary>
+Bind UDP sockets to the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pulseaudio_port" lineno="52051">
+<summary>
+Make a TCP connection to the pulseaudio port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pulseaudio_client_packets" lineno="52071">
+<summary>
+Send pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="52090">
+<summary>
+Do not audit attempts to send pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pulseaudio_client_packets" lineno="52109">
+<summary>
+Receive pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="52128">
+<summary>
+Do not audit attempts to receive pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="52147">
+<summary>
+Send and receive pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="52163">
+<summary>
+Do not audit attempts to send and receive pulseaudio_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="52178">
+<summary>
+Relabel packets to pulseaudio_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pulseaudio_server_packets" lineno="52198">
+<summary>
+Send pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="52217">
+<summary>
+Do not audit attempts to send pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pulseaudio_server_packets" lineno="52236">
+<summary>
+Receive pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="52255">
+<summary>
+Do not audit attempts to receive pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="52274">
+<summary>
+Send and receive pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="52290">
+<summary>
+Do not audit attempts to send and receive pulseaudio_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="52305">
+<summary>
+Relabel packets to pulseaudio_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_puppet_port" lineno="52327">
+<summary>
+Send and receive TCP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_puppet_port" lineno="52346">
+<summary>
+Send UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="52365">
+<summary>
+Do not audit attempts to send UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_puppet_port" lineno="52384">
+<summary>
+Receive UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="52403">
+<summary>
+Do not audit attempts to receive UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_puppet_port" lineno="52422">
+<summary>
+Send and receive UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="52439">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_puppet_port" lineno="52455">
+<summary>
+Bind TCP sockets to the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_puppet_port" lineno="52475">
+<summary>
+Bind UDP sockets to the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_puppet_port" lineno="52494">
+<summary>
+Make a TCP connection to the puppet port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_puppet_client_packets" lineno="52514">
+<summary>
+Send puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="52533">
+<summary>
+Do not audit attempts to send puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_puppet_client_packets" lineno="52552">
+<summary>
+Receive puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="52571">
+<summary>
+Do not audit attempts to receive puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_puppet_client_packets" lineno="52590">
+<summary>
+Send and receive puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="52606">
+<summary>
+Do not audit attempts to send and receive puppet_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_puppet_client_packets" lineno="52621">
+<summary>
+Relabel packets to puppet_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_puppet_server_packets" lineno="52641">
+<summary>
+Send puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="52660">
+<summary>
+Do not audit attempts to send puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_puppet_server_packets" lineno="52679">
+<summary>
+Receive puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="52698">
+<summary>
+Do not audit attempts to receive puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_puppet_server_packets" lineno="52717">
+<summary>
+Send and receive puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="52733">
+<summary>
+Do not audit attempts to send and receive puppet_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_puppet_server_packets" lineno="52748">
+<summary>
+Relabel packets to puppet_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pxe_port" lineno="52770">
+<summary>
+Send and receive TCP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pxe_port" lineno="52789">
+<summary>
+Send UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="52808">
+<summary>
+Do not audit attempts to send UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pxe_port" lineno="52827">
+<summary>
+Receive UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="52846">
+<summary>
+Do not audit attempts to receive UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pxe_port" lineno="52865">
+<summary>
+Send and receive UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="52882">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pxe_port" lineno="52898">
+<summary>
+Bind TCP sockets to the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pxe_port" lineno="52918">
+<summary>
+Bind UDP sockets to the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pxe_port" lineno="52937">
+<summary>
+Make a TCP connection to the pxe port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pxe_client_packets" lineno="52957">
+<summary>
+Send pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="52976">
+<summary>
+Do not audit attempts to send pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pxe_client_packets" lineno="52995">
+<summary>
+Receive pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="53014">
+<summary>
+Do not audit attempts to receive pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pxe_client_packets" lineno="53033">
+<summary>
+Send and receive pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="53049">
+<summary>
+Do not audit attempts to send and receive pxe_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pxe_client_packets" lineno="53064">
+<summary>
+Relabel packets to pxe_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pxe_server_packets" lineno="53084">
+<summary>
+Send pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="53103">
+<summary>
+Do not audit attempts to send pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pxe_server_packets" lineno="53122">
+<summary>
+Receive pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="53141">
+<summary>
+Do not audit attempts to receive pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pxe_server_packets" lineno="53160">
+<summary>
+Send and receive pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="53176">
+<summary>
+Do not audit attempts to send and receive pxe_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pxe_server_packets" lineno="53191">
+<summary>
+Relabel packets to pxe_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="53213">
+<summary>
+Send and receive TCP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_pyzor_port" lineno="53232">
+<summary>
+Send UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="53251">
+<summary>
+Do not audit attempts to send UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_pyzor_port" lineno="53270">
+<summary>
+Receive UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="53289">
+<summary>
+Do not audit attempts to receive UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_pyzor_port" lineno="53308">
+<summary>
+Send and receive UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="53325">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_pyzor_port" lineno="53341">
+<summary>
+Bind TCP sockets to the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_pyzor_port" lineno="53361">
+<summary>
+Bind UDP sockets to the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_pyzor_port" lineno="53380">
+<summary>
+Make a TCP connection to the pyzor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pyzor_client_packets" lineno="53400">
+<summary>
+Send pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="53419">
+<summary>
+Do not audit attempts to send pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pyzor_client_packets" lineno="53438">
+<summary>
+Receive pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="53457">
+<summary>
+Do not audit attempts to receive pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pyzor_client_packets" lineno="53476">
+<summary>
+Send and receive pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="53492">
+<summary>
+Do not audit attempts to send and receive pyzor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pyzor_client_packets" lineno="53507">
+<summary>
+Relabel packets to pyzor_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_pyzor_server_packets" lineno="53527">
+<summary>
+Send pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="53546">
+<summary>
+Do not audit attempts to send pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_pyzor_server_packets" lineno="53565">
+<summary>
+Receive pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="53584">
+<summary>
+Do not audit attempts to receive pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_pyzor_server_packets" lineno="53603">
+<summary>
+Send and receive pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="53619">
+<summary>
+Do not audit attempts to send and receive pyzor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_pyzor_server_packets" lineno="53634">
+<summary>
+Relabel packets to pyzor_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_radacct_port" lineno="53656">
+<summary>
+Send and receive TCP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_radacct_port" lineno="53675">
+<summary>
+Send UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="53694">
+<summary>
+Do not audit attempts to send UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_radacct_port" lineno="53713">
+<summary>
+Receive UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="53732">
+<summary>
+Do not audit attempts to receive UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_radacct_port" lineno="53751">
+<summary>
+Send and receive UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="53768">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_radacct_port" lineno="53784">
+<summary>
+Bind TCP sockets to the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_radacct_port" lineno="53804">
+<summary>
+Bind UDP sockets to the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_radacct_port" lineno="53823">
+<summary>
+Make a TCP connection to the radacct port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radacct_client_packets" lineno="53843">
+<summary>
+Send radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="53862">
+<summary>
+Do not audit attempts to send radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radacct_client_packets" lineno="53881">
+<summary>
+Receive radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="53900">
+<summary>
+Do not audit attempts to receive radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radacct_client_packets" lineno="53919">
+<summary>
+Send and receive radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="53935">
+<summary>
+Do not audit attempts to send and receive radacct_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radacct_client_packets" lineno="53950">
+<summary>
+Relabel packets to radacct_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radacct_server_packets" lineno="53970">
+<summary>
+Send radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="53989">
+<summary>
+Do not audit attempts to send radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radacct_server_packets" lineno="54008">
+<summary>
+Receive radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="54027">
+<summary>
+Do not audit attempts to receive radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radacct_server_packets" lineno="54046">
+<summary>
+Send and receive radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="54062">
+<summary>
+Do not audit attempts to send and receive radacct_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radacct_server_packets" lineno="54077">
+<summary>
+Relabel packets to radacct_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_radius_port" lineno="54099">
+<summary>
+Send and receive TCP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_radius_port" lineno="54118">
+<summary>
+Send UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_radius_port" lineno="54137">
+<summary>
+Do not audit attempts to send UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_radius_port" lineno="54156">
+<summary>
+Receive UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="54175">
+<summary>
+Do not audit attempts to receive UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_radius_port" lineno="54194">
+<summary>
+Send and receive UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="54211">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_radius_port" lineno="54227">
+<summary>
+Bind TCP sockets to the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_radius_port" lineno="54247">
+<summary>
+Bind UDP sockets to the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_radius_port" lineno="54266">
+<summary>
+Make a TCP connection to the radius port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radius_client_packets" lineno="54286">
+<summary>
+Send radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radius_client_packets" lineno="54305">
+<summary>
+Do not audit attempts to send radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radius_client_packets" lineno="54324">
+<summary>
+Receive radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="54343">
+<summary>
+Do not audit attempts to receive radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radius_client_packets" lineno="54362">
+<summary>
+Send and receive radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="54378">
+<summary>
+Do not audit attempts to send and receive radius_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radius_client_packets" lineno="54393">
+<summary>
+Relabel packets to radius_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radius_server_packets" lineno="54413">
+<summary>
+Send radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radius_server_packets" lineno="54432">
+<summary>
+Do not audit attempts to send radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radius_server_packets" lineno="54451">
+<summary>
+Receive radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="54470">
+<summary>
+Do not audit attempts to receive radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radius_server_packets" lineno="54489">
+<summary>
+Send and receive radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="54505">
+<summary>
+Do not audit attempts to send and receive radius_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radius_server_packets" lineno="54520">
+<summary>
+Relabel packets to radius_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_radsec_port" lineno="54542">
+<summary>
+Send and receive TCP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_radsec_port" lineno="54561">
+<summary>
+Send UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="54580">
+<summary>
+Do not audit attempts to send UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_radsec_port" lineno="54599">
+<summary>
+Receive UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="54618">
+<summary>
+Do not audit attempts to receive UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_radsec_port" lineno="54637">
+<summary>
+Send and receive UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="54654">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_radsec_port" lineno="54670">
+<summary>
+Bind TCP sockets to the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_radsec_port" lineno="54690">
+<summary>
+Bind UDP sockets to the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_radsec_port" lineno="54709">
+<summary>
+Make a TCP connection to the radsec port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radsec_client_packets" lineno="54729">
+<summary>
+Send radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="54748">
+<summary>
+Do not audit attempts to send radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radsec_client_packets" lineno="54767">
+<summary>
+Receive radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="54786">
+<summary>
+Do not audit attempts to receive radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radsec_client_packets" lineno="54805">
+<summary>
+Send and receive radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="54821">
+<summary>
+Do not audit attempts to send and receive radsec_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radsec_client_packets" lineno="54836">
+<summary>
+Relabel packets to radsec_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_radsec_server_packets" lineno="54856">
+<summary>
+Send radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="54875">
+<summary>
+Do not audit attempts to send radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_radsec_server_packets" lineno="54894">
+<summary>
+Receive radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="54913">
+<summary>
+Do not audit attempts to receive radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_radsec_server_packets" lineno="54932">
+<summary>
+Send and receive radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="54948">
+<summary>
+Do not audit attempts to send and receive radsec_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_radsec_server_packets" lineno="54963">
+<summary>
+Relabel packets to radsec_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_razor_port" lineno="54985">
+<summary>
+Send and receive TCP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_razor_port" lineno="55004">
+<summary>
+Send UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_razor_port" lineno="55023">
+<summary>
+Do not audit attempts to send UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_razor_port" lineno="55042">
+<summary>
+Receive UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="55061">
+<summary>
+Do not audit attempts to receive UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_razor_port" lineno="55080">
+<summary>
+Send and receive UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="55097">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_razor_port" lineno="55113">
+<summary>
+Bind TCP sockets to the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_razor_port" lineno="55133">
+<summary>
+Bind UDP sockets to the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_razor_port" lineno="55152">
+<summary>
+Make a TCP connection to the razor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_razor_client_packets" lineno="55172">
+<summary>
+Send razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_razor_client_packets" lineno="55191">
+<summary>
+Do not audit attempts to send razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_razor_client_packets" lineno="55210">
+<summary>
+Receive razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="55229">
+<summary>
+Do not audit attempts to receive razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_razor_client_packets" lineno="55248">
+<summary>
+Send and receive razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="55264">
+<summary>
+Do not audit attempts to send and receive razor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_razor_client_packets" lineno="55279">
+<summary>
+Relabel packets to razor_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_razor_server_packets" lineno="55299">
+<summary>
+Send razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_razor_server_packets" lineno="55318">
+<summary>
+Do not audit attempts to send razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_razor_server_packets" lineno="55337">
+<summary>
+Receive razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="55356">
+<summary>
+Do not audit attempts to receive razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_razor_server_packets" lineno="55375">
+<summary>
+Send and receive razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="55391">
+<summary>
+Do not audit attempts to send and receive razor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_razor_server_packets" lineno="55406">
+<summary>
+Relabel packets to razor_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_repository_port" lineno="55428">
+<summary>
+Send and receive TCP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_repository_port" lineno="55447">
+<summary>
+Send UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_repository_port" lineno="55466">
+<summary>
+Do not audit attempts to send UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_repository_port" lineno="55485">
+<summary>
+Receive UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="55504">
+<summary>
+Do not audit attempts to receive UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_repository_port" lineno="55523">
+<summary>
+Send and receive UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="55540">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_repository_port" lineno="55556">
+<summary>
+Bind TCP sockets to the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_repository_port" lineno="55576">
+<summary>
+Bind UDP sockets to the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_repository_port" lineno="55595">
+<summary>
+Make a TCP connection to the repository port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_repository_client_packets" lineno="55615">
+<summary>
+Send repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_repository_client_packets" lineno="55634">
+<summary>
+Do not audit attempts to send repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_repository_client_packets" lineno="55653">
+<summary>
+Receive repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="55672">
+<summary>
+Do not audit attempts to receive repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_repository_client_packets" lineno="55691">
+<summary>
+Send and receive repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="55707">
+<summary>
+Do not audit attempts to send and receive repository_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_repository_client_packets" lineno="55722">
+<summary>
+Relabel packets to repository_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_repository_server_packets" lineno="55742">
+<summary>
+Send repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_repository_server_packets" lineno="55761">
+<summary>
+Do not audit attempts to send repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_repository_server_packets" lineno="55780">
+<summary>
+Receive repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="55799">
+<summary>
+Do not audit attempts to receive repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_repository_server_packets" lineno="55818">
+<summary>
+Send and receive repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="55834">
+<summary>
+Do not audit attempts to send and receive repository_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_repository_server_packets" lineno="55849">
+<summary>
+Relabel packets to repository_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ricci_port" lineno="55871">
+<summary>
+Send and receive TCP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ricci_port" lineno="55890">
+<summary>
+Send UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="55909">
+<summary>
+Do not audit attempts to send UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ricci_port" lineno="55928">
+<summary>
+Receive UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="55947">
+<summary>
+Do not audit attempts to receive UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ricci_port" lineno="55966">
+<summary>
+Send and receive UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="55983">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ricci_port" lineno="55999">
+<summary>
+Bind TCP sockets to the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ricci_port" lineno="56019">
+<summary>
+Bind UDP sockets to the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ricci_port" lineno="56038">
+<summary>
+Make a TCP connection to the ricci port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ricci_client_packets" lineno="56058">
+<summary>
+Send ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="56077">
+<summary>
+Do not audit attempts to send ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ricci_client_packets" lineno="56096">
+<summary>
+Receive ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="56115">
+<summary>
+Do not audit attempts to receive ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ricci_client_packets" lineno="56134">
+<summary>
+Send and receive ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="56150">
+<summary>
+Do not audit attempts to send and receive ricci_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ricci_client_packets" lineno="56165">
+<summary>
+Relabel packets to ricci_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ricci_server_packets" lineno="56185">
+<summary>
+Send ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="56204">
+<summary>
+Do not audit attempts to send ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ricci_server_packets" lineno="56223">
+<summary>
+Receive ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="56242">
+<summary>
+Do not audit attempts to receive ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ricci_server_packets" lineno="56261">
+<summary>
+Send and receive ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="56277">
+<summary>
+Do not audit attempts to send and receive ricci_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ricci_server_packets" lineno="56292">
+<summary>
+Relabel packets to ricci_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="56314">
+<summary>
+Send and receive TCP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ricci_modcluster_port" lineno="56333">
+<summary>
+Send UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="56352">
+<summary>
+Do not audit attempts to send UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="56371">
+<summary>
+Receive UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="56390">
+<summary>
+Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="56409">
+<summary>
+Send and receive UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="56426">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="56442">
+<summary>
+Bind TCP sockets to the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="56462">
+<summary>
+Bind UDP sockets to the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="56481">
+<summary>
+Make a TCP connection to the ricci_modcluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ricci_modcluster_client_packets" lineno="56501">
+<summary>
+Send ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="56520">
+<summary>
+Do not audit attempts to send ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="56539">
+<summary>
+Receive ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="56558">
+<summary>
+Do not audit attempts to receive ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="56577">
+<summary>
+Send and receive ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="56593">
+<summary>
+Do not audit attempts to send and receive ricci_modcluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="56608">
+<summary>
+Relabel packets to ricci_modcluster_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ricci_modcluster_server_packets" lineno="56628">
+<summary>
+Send ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="56647">
+<summary>
+Do not audit attempts to send ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="56666">
+<summary>
+Receive ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="56685">
+<summary>
+Do not audit attempts to receive ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="56704">
+<summary>
+Send and receive ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="56720">
+<summary>
+Do not audit attempts to send and receive ricci_modcluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="56735">
+<summary>
+Relabel packets to ricci_modcluster_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="56757">
+<summary>
+Send and receive TCP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_rlogind_port" lineno="56776">
+<summary>
+Send UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="56795">
+<summary>
+Do not audit attempts to send UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_rlogind_port" lineno="56814">
+<summary>
+Receive UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="56833">
+<summary>
+Do not audit attempts to receive UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_rlogind_port" lineno="56852">
+<summary>
+Send and receive UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="56869">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_rlogind_port" lineno="56885">
+<summary>
+Bind TCP sockets to the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_rlogind_port" lineno="56905">
+<summary>
+Bind UDP sockets to the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_rlogind_port" lineno="56924">
+<summary>
+Make a TCP connection to the rlogind port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rlogind_client_packets" lineno="56944">
+<summary>
+Send rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="56963">
+<summary>
+Do not audit attempts to send rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rlogind_client_packets" lineno="56982">
+<summary>
+Receive rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="57001">
+<summary>
+Do not audit attempts to receive rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rlogind_client_packets" lineno="57020">
+<summary>
+Send and receive rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="57036">
+<summary>
+Do not audit attempts to send and receive rlogind_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rlogind_client_packets" lineno="57051">
+<summary>
+Relabel packets to rlogind_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rlogind_server_packets" lineno="57071">
+<summary>
+Send rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="57090">
+<summary>
+Do not audit attempts to send rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rlogind_server_packets" lineno="57109">
+<summary>
+Receive rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="57128">
+<summary>
+Do not audit attempts to receive rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rlogind_server_packets" lineno="57147">
+<summary>
+Send and receive rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="57163">
+<summary>
+Do not audit attempts to send and receive rlogind_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rlogind_server_packets" lineno="57178">
+<summary>
+Relabel packets to rlogind_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_rndc_port" lineno="57200">
+<summary>
+Send and receive TCP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_rndc_port" lineno="57219">
+<summary>
+Send UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="57238">
+<summary>
+Do not audit attempts to send UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_rndc_port" lineno="57257">
+<summary>
+Receive UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="57276">
+<summary>
+Do not audit attempts to receive UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_rndc_port" lineno="57295">
+<summary>
+Send and receive UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="57312">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_rndc_port" lineno="57328">
+<summary>
+Bind TCP sockets to the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_rndc_port" lineno="57348">
+<summary>
+Bind UDP sockets to the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_rndc_port" lineno="57367">
+<summary>
+Make a TCP connection to the rndc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rndc_client_packets" lineno="57387">
+<summary>
+Send rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="57406">
+<summary>
+Do not audit attempts to send rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rndc_client_packets" lineno="57425">
+<summary>
+Receive rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="57444">
+<summary>
+Do not audit attempts to receive rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rndc_client_packets" lineno="57463">
+<summary>
+Send and receive rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="57479">
+<summary>
+Do not audit attempts to send and receive rndc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rndc_client_packets" lineno="57494">
+<summary>
+Relabel packets to rndc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rndc_server_packets" lineno="57514">
+<summary>
+Send rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="57533">
+<summary>
+Do not audit attempts to send rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rndc_server_packets" lineno="57552">
+<summary>
+Receive rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="57571">
+<summary>
+Do not audit attempts to receive rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rndc_server_packets" lineno="57590">
+<summary>
+Send and receive rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="57606">
+<summary>
+Do not audit attempts to send and receive rndc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rndc_server_packets" lineno="57621">
+<summary>
+Relabel packets to rndc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_router_port" lineno="57643">
+<summary>
+Send and receive TCP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_router_port" lineno="57662">
+<summary>
+Send UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_router_port" lineno="57681">
+<summary>
+Do not audit attempts to send UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_router_port" lineno="57700">
+<summary>
+Receive UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_router_port" lineno="57719">
+<summary>
+Do not audit attempts to receive UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_router_port" lineno="57738">
+<summary>
+Send and receive UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="57755">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_router_port" lineno="57771">
+<summary>
+Bind TCP sockets to the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_router_port" lineno="57791">
+<summary>
+Bind UDP sockets to the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_router_port" lineno="57810">
+<summary>
+Make a TCP connection to the router port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_router_client_packets" lineno="57830">
+<summary>
+Send router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_router_client_packets" lineno="57849">
+<summary>
+Do not audit attempts to send router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_router_client_packets" lineno="57868">
+<summary>
+Receive router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_router_client_packets" lineno="57887">
+<summary>
+Do not audit attempts to receive router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_router_client_packets" lineno="57906">
+<summary>
+Send and receive router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="57922">
+<summary>
+Do not audit attempts to send and receive router_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_router_client_packets" lineno="57937">
+<summary>
+Relabel packets to router_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_router_server_packets" lineno="57957">
+<summary>
+Send router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_router_server_packets" lineno="57976">
+<summary>
+Do not audit attempts to send router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_router_server_packets" lineno="57995">
+<summary>
+Receive router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_router_server_packets" lineno="58014">
+<summary>
+Do not audit attempts to receive router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_router_server_packets" lineno="58033">
+<summary>
+Send and receive router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="58049">
+<summary>
+Do not audit attempts to send and receive router_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_router_server_packets" lineno="58064">
+<summary>
+Relabel packets to router_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_rsh_port" lineno="58086">
+<summary>
+Send and receive TCP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_rsh_port" lineno="58105">
+<summary>
+Send UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="58124">
+<summary>
+Do not audit attempts to send UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_rsh_port" lineno="58143">
+<summary>
+Receive UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="58162">
+<summary>
+Do not audit attempts to receive UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_rsh_port" lineno="58181">
+<summary>
+Send and receive UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="58198">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_rsh_port" lineno="58214">
+<summary>
+Bind TCP sockets to the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_rsh_port" lineno="58234">
+<summary>
+Bind UDP sockets to the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_rsh_port" lineno="58253">
+<summary>
+Make a TCP connection to the rsh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rsh_client_packets" lineno="58273">
+<summary>
+Send rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="58292">
+<summary>
+Do not audit attempts to send rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rsh_client_packets" lineno="58311">
+<summary>
+Receive rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="58330">
+<summary>
+Do not audit attempts to receive rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rsh_client_packets" lineno="58349">
+<summary>
+Send and receive rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="58365">
+<summary>
+Do not audit attempts to send and receive rsh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rsh_client_packets" lineno="58380">
+<summary>
+Relabel packets to rsh_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rsh_server_packets" lineno="58400">
+<summary>
+Send rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="58419">
+<summary>
+Do not audit attempts to send rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rsh_server_packets" lineno="58438">
+<summary>
+Receive rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="58457">
+<summary>
+Do not audit attempts to receive rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rsh_server_packets" lineno="58476">
+<summary>
+Send and receive rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="58492">
+<summary>
+Do not audit attempts to send and receive rsh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rsh_server_packets" lineno="58507">
+<summary>
+Relabel packets to rsh_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_rsync_port" lineno="58529">
+<summary>
+Send and receive TCP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_rsync_port" lineno="58548">
+<summary>
+Send UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="58567">
+<summary>
+Do not audit attempts to send UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_rsync_port" lineno="58586">
+<summary>
+Receive UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="58605">
+<summary>
+Do not audit attempts to receive UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_rsync_port" lineno="58624">
+<summary>
+Send and receive UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="58641">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_rsync_port" lineno="58657">
+<summary>
+Bind TCP sockets to the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_rsync_port" lineno="58677">
+<summary>
+Bind UDP sockets to the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_rsync_port" lineno="58696">
+<summary>
+Make a TCP connection to the rsync port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rsync_client_packets" lineno="58716">
+<summary>
+Send rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="58735">
+<summary>
+Do not audit attempts to send rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rsync_client_packets" lineno="58754">
+<summary>
+Receive rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="58773">
+<summary>
+Do not audit attempts to receive rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rsync_client_packets" lineno="58792">
+<summary>
+Send and receive rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="58808">
+<summary>
+Do not audit attempts to send and receive rsync_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rsync_client_packets" lineno="58823">
+<summary>
+Relabel packets to rsync_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rsync_server_packets" lineno="58843">
+<summary>
+Send rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="58862">
+<summary>
+Do not audit attempts to send rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rsync_server_packets" lineno="58881">
+<summary>
+Receive rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="58900">
+<summary>
+Do not audit attempts to receive rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rsync_server_packets" lineno="58919">
+<summary>
+Send and receive rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="58935">
+<summary>
+Do not audit attempts to send and receive rsync_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rsync_server_packets" lineno="58950">
+<summary>
+Relabel packets to rsync_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_rwho_port" lineno="58972">
+<summary>
+Send and receive TCP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_rwho_port" lineno="58991">
+<summary>
+Send UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="59010">
+<summary>
+Do not audit attempts to send UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_rwho_port" lineno="59029">
+<summary>
+Receive UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="59048">
+<summary>
+Do not audit attempts to receive UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_rwho_port" lineno="59067">
+<summary>
+Send and receive UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="59084">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_rwho_port" lineno="59100">
+<summary>
+Bind TCP sockets to the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_rwho_port" lineno="59120">
+<summary>
+Bind UDP sockets to the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_rwho_port" lineno="59139">
+<summary>
+Make a TCP connection to the rwho port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rwho_client_packets" lineno="59159">
+<summary>
+Send rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="59178">
+<summary>
+Do not audit attempts to send rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rwho_client_packets" lineno="59197">
+<summary>
+Receive rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="59216">
+<summary>
+Do not audit attempts to receive rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rwho_client_packets" lineno="59235">
+<summary>
+Send and receive rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="59251">
+<summary>
+Do not audit attempts to send and receive rwho_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rwho_client_packets" lineno="59266">
+<summary>
+Relabel packets to rwho_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_rwho_server_packets" lineno="59286">
+<summary>
+Send rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="59305">
+<summary>
+Do not audit attempts to send rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_rwho_server_packets" lineno="59324">
+<summary>
+Receive rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="59343">
+<summary>
+Do not audit attempts to receive rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_rwho_server_packets" lineno="59362">
+<summary>
+Send and receive rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="59378">
+<summary>
+Do not audit attempts to send and receive rwho_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_rwho_server_packets" lineno="59393">
+<summary>
+Relabel packets to rwho_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_sap_port" lineno="59415">
+<summary>
+Send and receive TCP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_sap_port" lineno="59434">
+<summary>
+Send UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_sap_port" lineno="59453">
+<summary>
+Do not audit attempts to send UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_sap_port" lineno="59472">
+<summary>
+Receive UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="59491">
+<summary>
+Do not audit attempts to receive UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_sap_port" lineno="59510">
+<summary>
+Send and receive UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="59527">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_sap_port" lineno="59543">
+<summary>
+Bind TCP sockets to the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_sap_port" lineno="59563">
+<summary>
+Bind UDP sockets to the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_sap_port" lineno="59582">
+<summary>
+Make a TCP connection to the sap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sap_client_packets" lineno="59602">
+<summary>
+Send sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sap_client_packets" lineno="59621">
+<summary>
+Do not audit attempts to send sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sap_client_packets" lineno="59640">
+<summary>
+Receive sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="59659">
+<summary>
+Do not audit attempts to receive sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sap_client_packets" lineno="59678">
+<summary>
+Send and receive sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="59694">
+<summary>
+Do not audit attempts to send and receive sap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sap_client_packets" lineno="59709">
+<summary>
+Relabel packets to sap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sap_server_packets" lineno="59729">
+<summary>
+Send sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sap_server_packets" lineno="59748">
+<summary>
+Do not audit attempts to send sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sap_server_packets" lineno="59767">
+<summary>
+Receive sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="59786">
+<summary>
+Do not audit attempts to receive sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sap_server_packets" lineno="59805">
+<summary>
+Send and receive sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="59821">
+<summary>
+Do not audit attempts to send and receive sap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sap_server_packets" lineno="59836">
+<summary>
+Relabel packets to sap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_sieve_port" lineno="59858">
+<summary>
+Send and receive TCP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_sieve_port" lineno="59877">
+<summary>
+Send UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="59896">
+<summary>
+Do not audit attempts to send UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_sieve_port" lineno="59915">
+<summary>
+Receive UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="59934">
+<summary>
+Do not audit attempts to receive UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_sieve_port" lineno="59953">
+<summary>
+Send and receive UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="59970">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_sieve_port" lineno="59986">
+<summary>
+Bind TCP sockets to the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_sieve_port" lineno="60006">
+<summary>
+Bind UDP sockets to the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_sieve_port" lineno="60025">
+<summary>
+Make a TCP connection to the sieve port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sieve_client_packets" lineno="60045">
+<summary>
+Send sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="60064">
+<summary>
+Do not audit attempts to send sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sieve_client_packets" lineno="60083">
+<summary>
+Receive sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="60102">
+<summary>
+Do not audit attempts to receive sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sieve_client_packets" lineno="60121">
+<summary>
+Send and receive sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="60137">
+<summary>
+Do not audit attempts to send and receive sieve_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sieve_client_packets" lineno="60152">
+<summary>
+Relabel packets to sieve_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sieve_server_packets" lineno="60172">
+<summary>
+Send sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="60191">
+<summary>
+Do not audit attempts to send sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sieve_server_packets" lineno="60210">
+<summary>
+Receive sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="60229">
+<summary>
+Do not audit attempts to receive sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sieve_server_packets" lineno="60248">
+<summary>
+Send and receive sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="60264">
+<summary>
+Do not audit attempts to send and receive sieve_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sieve_server_packets" lineno="60279">
+<summary>
+Relabel packets to sieve_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_sip_port" lineno="60301">
+<summary>
+Send and receive TCP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_sip_port" lineno="60320">
+<summary>
+Send UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_sip_port" lineno="60339">
+<summary>
+Do not audit attempts to send UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_sip_port" lineno="60358">
+<summary>
+Receive UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="60377">
+<summary>
+Do not audit attempts to receive UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_sip_port" lineno="60396">
+<summary>
+Send and receive UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="60413">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_sip_port" lineno="60429">
+<summary>
+Bind TCP sockets to the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_sip_port" lineno="60449">
+<summary>
+Bind UDP sockets to the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_sip_port" lineno="60468">
+<summary>
+Make a TCP connection to the sip port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sip_client_packets" lineno="60488">
+<summary>
+Send sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sip_client_packets" lineno="60507">
+<summary>
+Do not audit attempts to send sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sip_client_packets" lineno="60526">
+<summary>
+Receive sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="60545">
+<summary>
+Do not audit attempts to receive sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sip_client_packets" lineno="60564">
+<summary>
+Send and receive sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="60580">
+<summary>
+Do not audit attempts to send and receive sip_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sip_client_packets" lineno="60595">
+<summary>
+Relabel packets to sip_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sip_server_packets" lineno="60615">
+<summary>
+Send sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sip_server_packets" lineno="60634">
+<summary>
+Do not audit attempts to send sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sip_server_packets" lineno="60653">
+<summary>
+Receive sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="60672">
+<summary>
+Do not audit attempts to receive sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sip_server_packets" lineno="60691">
+<summary>
+Send and receive sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="60707">
+<summary>
+Do not audit attempts to send and receive sip_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sip_server_packets" lineno="60722">
+<summary>
+Relabel packets to sip_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="60744">
+<summary>
+Send and receive TCP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_sixxsconfig_port" lineno="60763">
+<summary>
+Send UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="60782">
+<summary>
+Do not audit attempts to send UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_sixxsconfig_port" lineno="60801">
+<summary>
+Receive UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="60820">
+<summary>
+Do not audit attempts to receive UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="60839">
+<summary>
+Send and receive UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="60856">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="60872">
+<summary>
+Bind TCP sockets to the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_sixxsconfig_port" lineno="60892">
+<summary>
+Bind UDP sockets to the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="60911">
+<summary>
+Make a TCP connection to the sixxsconfig port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sixxsconfig_client_packets" lineno="60931">
+<summary>
+Send sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="60950">
+<summary>
+Do not audit attempts to send sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sixxsconfig_client_packets" lineno="60969">
+<summary>
+Receive sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="60988">
+<summary>
+Do not audit attempts to receive sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="61007">
+<summary>
+Send and receive sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="61023">
+<summary>
+Do not audit attempts to send and receive sixxsconfig_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="61038">
+<summary>
+Relabel packets to sixxsconfig_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_sixxsconfig_server_packets" lineno="61058">
+<summary>
+Send sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="61077">
+<summary>
+Do not audit attempts to send sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_sixxsconfig_server_packets" lineno="61096">
+<summary>
+Receive sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="61115">
+<summary>
+Do not audit attempts to receive sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="61134">
+<summary>
+Send and receive sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="61150">
+<summary>
+Do not audit attempts to send and receive sixxsconfig_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="61165">
+<summary>
+Relabel packets to sixxsconfig_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_smbd_port" lineno="61187">
+<summary>
+Send and receive TCP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_smbd_port" lineno="61206">
+<summary>
+Send UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="61225">
+<summary>
+Do not audit attempts to send UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_smbd_port" lineno="61244">
+<summary>
+Receive UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="61263">
+<summary>
+Do not audit attempts to receive UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_smbd_port" lineno="61282">
+<summary>
+Send and receive UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="61299">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_smbd_port" lineno="61315">
+<summary>
+Bind TCP sockets to the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_smbd_port" lineno="61335">
+<summary>
+Bind UDP sockets to the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_smbd_port" lineno="61354">
+<summary>
+Make a TCP connection to the smbd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_smbd_client_packets" lineno="61374">
+<summary>
+Send smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="61393">
+<summary>
+Do not audit attempts to send smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_smbd_client_packets" lineno="61412">
+<summary>
+Receive smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="61431">
+<summary>
+Do not audit attempts to receive smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_smbd_client_packets" lineno="61450">
+<summary>
+Send and receive smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="61466">
+<summary>
+Do not audit attempts to send and receive smbd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_smbd_client_packets" lineno="61481">
+<summary>
+Relabel packets to smbd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_smbd_server_packets" lineno="61501">
+<summary>
+Send smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="61520">
+<summary>
+Do not audit attempts to send smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_smbd_server_packets" lineno="61539">
+<summary>
+Receive smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="61558">
+<summary>
+Do not audit attempts to receive smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_smbd_server_packets" lineno="61577">
+<summary>
+Send and receive smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="61593">
+<summary>
+Do not audit attempts to send and receive smbd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_smbd_server_packets" lineno="61608">
+<summary>
+Relabel packets to smbd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_smtp_port" lineno="61630">
+<summary>
+Send and receive TCP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_smtp_port" lineno="61649">
+<summary>
+Send UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="61668">
+<summary>
+Do not audit attempts to send UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_smtp_port" lineno="61687">
+<summary>
+Receive UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="61706">
+<summary>
+Do not audit attempts to receive UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_smtp_port" lineno="61725">
+<summary>
+Send and receive UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="61742">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_smtp_port" lineno="61758">
+<summary>
+Bind TCP sockets to the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_smtp_port" lineno="61778">
+<summary>
+Bind UDP sockets to the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_smtp_port" lineno="61797">
+<summary>
+Make a TCP connection to the smtp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_smtp_client_packets" lineno="61817">
+<summary>
+Send smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="61836">
+<summary>
+Do not audit attempts to send smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_smtp_client_packets" lineno="61855">
+<summary>
+Receive smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="61874">
+<summary>
+Do not audit attempts to receive smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_smtp_client_packets" lineno="61893">
+<summary>
+Send and receive smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="61909">
+<summary>
+Do not audit attempts to send and receive smtp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_smtp_client_packets" lineno="61924">
+<summary>
+Relabel packets to smtp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_smtp_server_packets" lineno="61944">
+<summary>
+Send smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="61963">
+<summary>
+Do not audit attempts to send smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_smtp_server_packets" lineno="61982">
+<summary>
+Receive smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="62001">
+<summary>
+Do not audit attempts to receive smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_smtp_server_packets" lineno="62020">
+<summary>
+Send and receive smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="62036">
+<summary>
+Do not audit attempts to send and receive smtp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_smtp_server_packets" lineno="62051">
+<summary>
+Relabel packets to smtp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_snmp_port" lineno="62073">
+<summary>
+Send and receive TCP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_snmp_port" lineno="62092">
+<summary>
+Send UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="62111">
+<summary>
+Do not audit attempts to send UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_snmp_port" lineno="62130">
+<summary>
+Receive UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="62149">
+<summary>
+Do not audit attempts to receive UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_snmp_port" lineno="62168">
+<summary>
+Send and receive UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="62185">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_snmp_port" lineno="62201">
+<summary>
+Bind TCP sockets to the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_snmp_port" lineno="62221">
+<summary>
+Bind UDP sockets to the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_snmp_port" lineno="62240">
+<summary>
+Make a TCP connection to the snmp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_snmp_client_packets" lineno="62260">
+<summary>
+Send snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="62279">
+<summary>
+Do not audit attempts to send snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_snmp_client_packets" lineno="62298">
+<summary>
+Receive snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="62317">
+<summary>
+Do not audit attempts to receive snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_snmp_client_packets" lineno="62336">
+<summary>
+Send and receive snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="62352">
+<summary>
+Do not audit attempts to send and receive snmp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_snmp_client_packets" lineno="62367">
+<summary>
+Relabel packets to snmp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_snmp_server_packets" lineno="62387">
+<summary>
+Send snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="62406">
+<summary>
+Do not audit attempts to send snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_snmp_server_packets" lineno="62425">
+<summary>
+Receive snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="62444">
+<summary>
+Do not audit attempts to receive snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_snmp_server_packets" lineno="62463">
+<summary>
+Send and receive snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="62479">
+<summary>
+Do not audit attempts to send and receive snmp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_snmp_server_packets" lineno="62494">
+<summary>
+Relabel packets to snmp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_socks_port" lineno="62516">
+<summary>
+Send and receive TCP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_socks_port" lineno="62535">
+<summary>
+Send UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_socks_port" lineno="62554">
+<summary>
+Do not audit attempts to send UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_socks_port" lineno="62573">
+<summary>
+Receive UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_socks_port" lineno="62592">
+<summary>
+Do not audit attempts to receive UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_socks_port" lineno="62611">
+<summary>
+Send and receive UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_socks_port" lineno="62628">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_socks_port" lineno="62644">
+<summary>
+Bind TCP sockets to the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_socks_port" lineno="62664">
+<summary>
+Bind UDP sockets to the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_socks_port" lineno="62683">
+<summary>
+Make a TCP connection to the socks port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_socks_client_packets" lineno="62703">
+<summary>
+Send socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_socks_client_packets" lineno="62722">
+<summary>
+Do not audit attempts to send socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_socks_client_packets" lineno="62741">
+<summary>
+Receive socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_socks_client_packets" lineno="62760">
+<summary>
+Do not audit attempts to receive socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_socks_client_packets" lineno="62779">
+<summary>
+Send and receive socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_socks_client_packets" lineno="62795">
+<summary>
+Do not audit attempts to send and receive socks_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_socks_client_packets" lineno="62810">
+<summary>
+Relabel packets to socks_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_socks_server_packets" lineno="62830">
+<summary>
+Send socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_socks_server_packets" lineno="62849">
+<summary>
+Do not audit attempts to send socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_socks_server_packets" lineno="62868">
+<summary>
+Receive socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_socks_server_packets" lineno="62887">
+<summary>
+Do not audit attempts to receive socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_socks_server_packets" lineno="62906">
+<summary>
+Send and receive socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_socks_server_packets" lineno="62922">
+<summary>
+Do not audit attempts to send and receive socks_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_socks_server_packets" lineno="62937">
+<summary>
+Relabel packets to socks_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_soundd_port" lineno="62959">
+<summary>
+Send and receive TCP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_soundd_port" lineno="62978">
+<summary>
+Send UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="62997">
+<summary>
+Do not audit attempts to send UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_soundd_port" lineno="63016">
+<summary>
+Receive UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="63035">
+<summary>
+Do not audit attempts to receive UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_soundd_port" lineno="63054">
+<summary>
+Send and receive UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="63071">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_soundd_port" lineno="63087">
+<summary>
+Bind TCP sockets to the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_soundd_port" lineno="63107">
+<summary>
+Bind UDP sockets to the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_soundd_port" lineno="63126">
+<summary>
+Make a TCP connection to the soundd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_soundd_client_packets" lineno="63146">
+<summary>
+Send soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="63165">
+<summary>
+Do not audit attempts to send soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_soundd_client_packets" lineno="63184">
+<summary>
+Receive soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="63203">
+<summary>
+Do not audit attempts to receive soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_soundd_client_packets" lineno="63222">
+<summary>
+Send and receive soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="63238">
+<summary>
+Do not audit attempts to send and receive soundd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_soundd_client_packets" lineno="63253">
+<summary>
+Relabel packets to soundd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_soundd_server_packets" lineno="63273">
+<summary>
+Send soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="63292">
+<summary>
+Do not audit attempts to send soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_soundd_server_packets" lineno="63311">
+<summary>
+Receive soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="63330">
+<summary>
+Do not audit attempts to receive soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_soundd_server_packets" lineno="63349">
+<summary>
+Send and receive soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="63365">
+<summary>
+Do not audit attempts to send and receive soundd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_soundd_server_packets" lineno="63380">
+<summary>
+Relabel packets to soundd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_spamd_port" lineno="63402">
+<summary>
+Send and receive TCP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_spamd_port" lineno="63421">
+<summary>
+Send UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="63440">
+<summary>
+Do not audit attempts to send UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_spamd_port" lineno="63459">
+<summary>
+Receive UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="63478">
+<summary>
+Do not audit attempts to receive UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_spamd_port" lineno="63497">
+<summary>
+Send and receive UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="63514">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_spamd_port" lineno="63530">
+<summary>
+Bind TCP sockets to the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_spamd_port" lineno="63550">
+<summary>
+Bind UDP sockets to the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_spamd_port" lineno="63569">
+<summary>
+Make a TCP connection to the spamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_spamd_client_packets" lineno="63589">
+<summary>
+Send spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="63608">
+<summary>
+Do not audit attempts to send spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_spamd_client_packets" lineno="63627">
+<summary>
+Receive spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="63646">
+<summary>
+Do not audit attempts to receive spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_spamd_client_packets" lineno="63665">
+<summary>
+Send and receive spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="63681">
+<summary>
+Do not audit attempts to send and receive spamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_spamd_client_packets" lineno="63696">
+<summary>
+Relabel packets to spamd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_spamd_server_packets" lineno="63716">
+<summary>
+Send spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="63735">
+<summary>
+Do not audit attempts to send spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_spamd_server_packets" lineno="63754">
+<summary>
+Receive spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="63773">
+<summary>
+Do not audit attempts to receive spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_spamd_server_packets" lineno="63792">
+<summary>
+Send and receive spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="63808">
+<summary>
+Do not audit attempts to send and receive spamd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_spamd_server_packets" lineno="63823">
+<summary>
+Relabel packets to spamd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_speech_port" lineno="63845">
+<summary>
+Send and receive TCP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_speech_port" lineno="63864">
+<summary>
+Send UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_speech_port" lineno="63883">
+<summary>
+Do not audit attempts to send UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_speech_port" lineno="63902">
+<summary>
+Receive UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="63921">
+<summary>
+Do not audit attempts to receive UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_speech_port" lineno="63940">
+<summary>
+Send and receive UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="63957">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_speech_port" lineno="63973">
+<summary>
+Bind TCP sockets to the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_speech_port" lineno="63993">
+<summary>
+Bind UDP sockets to the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_speech_port" lineno="64012">
+<summary>
+Make a TCP connection to the speech port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_speech_client_packets" lineno="64032">
+<summary>
+Send speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_speech_client_packets" lineno="64051">
+<summary>
+Do not audit attempts to send speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_speech_client_packets" lineno="64070">
+<summary>
+Receive speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="64089">
+<summary>
+Do not audit attempts to receive speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_speech_client_packets" lineno="64108">
+<summary>
+Send and receive speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="64124">
+<summary>
+Do not audit attempts to send and receive speech_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_speech_client_packets" lineno="64139">
+<summary>
+Relabel packets to speech_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_speech_server_packets" lineno="64159">
+<summary>
+Send speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_speech_server_packets" lineno="64178">
+<summary>
+Do not audit attempts to send speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_speech_server_packets" lineno="64197">
+<summary>
+Receive speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="64216">
+<summary>
+Do not audit attempts to receive speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_speech_server_packets" lineno="64235">
+<summary>
+Send and receive speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="64251">
+<summary>
+Do not audit attempts to send and receive speech_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_speech_server_packets" lineno="64266">
+<summary>
+Relabel packets to speech_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_squid_port" lineno="64288">
+<summary>
+Send and receive TCP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_squid_port" lineno="64307">
+<summary>
+Send UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_squid_port" lineno="64326">
+<summary>
+Do not audit attempts to send UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_squid_port" lineno="64345">
+<summary>
+Receive UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="64364">
+<summary>
+Do not audit attempts to receive UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_squid_port" lineno="64383">
+<summary>
+Send and receive UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="64400">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_squid_port" lineno="64416">
+<summary>
+Bind TCP sockets to the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_squid_port" lineno="64436">
+<summary>
+Bind UDP sockets to the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_squid_port" lineno="64455">
+<summary>
+Make a TCP connection to the squid port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_squid_client_packets" lineno="64475">
+<summary>
+Send squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_squid_client_packets" lineno="64494">
+<summary>
+Do not audit attempts to send squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_squid_client_packets" lineno="64513">
+<summary>
+Receive squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="64532">
+<summary>
+Do not audit attempts to receive squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_squid_client_packets" lineno="64551">
+<summary>
+Send and receive squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="64567">
+<summary>
+Do not audit attempts to send and receive squid_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_squid_client_packets" lineno="64582">
+<summary>
+Relabel packets to squid_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_squid_server_packets" lineno="64602">
+<summary>
+Send squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_squid_server_packets" lineno="64621">
+<summary>
+Do not audit attempts to send squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_squid_server_packets" lineno="64640">
+<summary>
+Receive squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="64659">
+<summary>
+Do not audit attempts to receive squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_squid_server_packets" lineno="64678">
+<summary>
+Send and receive squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="64694">
+<summary>
+Do not audit attempts to send and receive squid_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_squid_server_packets" lineno="64709">
+<summary>
+Relabel packets to squid_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ssh_port" lineno="64731">
+<summary>
+Send and receive TCP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ssh_port" lineno="64750">
+<summary>
+Send UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="64769">
+<summary>
+Do not audit attempts to send UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ssh_port" lineno="64788">
+<summary>
+Receive UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="64807">
+<summary>
+Do not audit attempts to receive UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ssh_port" lineno="64826">
+<summary>
+Send and receive UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="64843">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ssh_port" lineno="64859">
+<summary>
+Bind TCP sockets to the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ssh_port" lineno="64879">
+<summary>
+Bind UDP sockets to the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ssh_port" lineno="64898">
+<summary>
+Make a TCP connection to the ssh port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ssh_client_packets" lineno="64918">
+<summary>
+Send ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="64937">
+<summary>
+Do not audit attempts to send ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ssh_client_packets" lineno="64956">
+<summary>
+Receive ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="64975">
+<summary>
+Do not audit attempts to receive ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ssh_client_packets" lineno="64994">
+<summary>
+Send and receive ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="65010">
+<summary>
+Do not audit attempts to send and receive ssh_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ssh_client_packets" lineno="65025">
+<summary>
+Relabel packets to ssh_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ssh_server_packets" lineno="65045">
+<summary>
+Send ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="65064">
+<summary>
+Do not audit attempts to send ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ssh_server_packets" lineno="65083">
+<summary>
+Receive ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="65102">
+<summary>
+Do not audit attempts to receive ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ssh_server_packets" lineno="65121">
+<summary>
+Send and receive ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="65137">
+<summary>
+Do not audit attempts to send and receive ssh_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ssh_server_packets" lineno="65152">
+<summary>
+Relabel packets to ssh_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_stunnel_port" lineno="65174">
+<summary>
+Send and receive TCP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_stunnel_port" lineno="65193">
+<summary>
+Send UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_stunnel_port" lineno="65212">
+<summary>
+Do not audit attempts to send UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_stunnel_port" lineno="65231">
+<summary>
+Receive UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_stunnel_port" lineno="65250">
+<summary>
+Do not audit attempts to receive UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_stunnel_port" lineno="65269">
+<summary>
+Send and receive UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_stunnel_port" lineno="65286">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_stunnel_port" lineno="65302">
+<summary>
+Bind TCP sockets to the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_stunnel_port" lineno="65322">
+<summary>
+Bind UDP sockets to the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_stunnel_port" lineno="65341">
+<summary>
+Make a TCP connection to the stunnel port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_stunnel_client_packets" lineno="65361">
+<summary>
+Send stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_stunnel_client_packets" lineno="65380">
+<summary>
+Do not audit attempts to send stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_stunnel_client_packets" lineno="65399">
+<summary>
+Receive stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_stunnel_client_packets" lineno="65418">
+<summary>
+Do not audit attempts to receive stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_stunnel_client_packets" lineno="65437">
+<summary>
+Send and receive stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_stunnel_client_packets" lineno="65453">
+<summary>
+Do not audit attempts to send and receive stunnel_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_stunnel_client_packets" lineno="65468">
+<summary>
+Relabel packets to stunnel_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_stunnel_server_packets" lineno="65488">
+<summary>
+Send stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_stunnel_server_packets" lineno="65507">
+<summary>
+Do not audit attempts to send stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_stunnel_server_packets" lineno="65526">
+<summary>
+Receive stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_stunnel_server_packets" lineno="65545">
+<summary>
+Do not audit attempts to receive stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_stunnel_server_packets" lineno="65564">
+<summary>
+Send and receive stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_stunnel_server_packets" lineno="65580">
+<summary>
+Do not audit attempts to send and receive stunnel_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_stunnel_server_packets" lineno="65595">
+<summary>
+Relabel packets to stunnel_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_swat_port" lineno="65617">
+<summary>
+Send and receive TCP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_swat_port" lineno="65636">
+<summary>
+Send UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_swat_port" lineno="65655">
+<summary>
+Do not audit attempts to send UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_swat_port" lineno="65674">
+<summary>
+Receive UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="65693">
+<summary>
+Do not audit attempts to receive UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_swat_port" lineno="65712">
+<summary>
+Send and receive UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="65729">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_swat_port" lineno="65745">
+<summary>
+Bind TCP sockets to the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_swat_port" lineno="65765">
+<summary>
+Bind UDP sockets to the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_swat_port" lineno="65784">
+<summary>
+Make a TCP connection to the swat port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_swat_client_packets" lineno="65804">
+<summary>
+Send swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_swat_client_packets" lineno="65823">
+<summary>
+Do not audit attempts to send swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_swat_client_packets" lineno="65842">
+<summary>
+Receive swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="65861">
+<summary>
+Do not audit attempts to receive swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_swat_client_packets" lineno="65880">
+<summary>
+Send and receive swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="65896">
+<summary>
+Do not audit attempts to send and receive swat_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_swat_client_packets" lineno="65911">
+<summary>
+Relabel packets to swat_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_swat_server_packets" lineno="65931">
+<summary>
+Send swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_swat_server_packets" lineno="65950">
+<summary>
+Do not audit attempts to send swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_swat_server_packets" lineno="65969">
+<summary>
+Receive swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="65988">
+<summary>
+Do not audit attempts to receive swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_swat_server_packets" lineno="66007">
+<summary>
+Send and receive swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="66023">
+<summary>
+Do not audit attempts to send and receive swat_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_swat_server_packets" lineno="66038">
+<summary>
+Relabel packets to swat_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="66060">
+<summary>
+Send and receive TCP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_syslogd_port" lineno="66079">
+<summary>
+Send UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="66098">
+<summary>
+Do not audit attempts to send UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_syslogd_port" lineno="66117">
+<summary>
+Receive UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="66136">
+<summary>
+Do not audit attempts to receive UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_syslogd_port" lineno="66155">
+<summary>
+Send and receive UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="66172">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_syslogd_port" lineno="66188">
+<summary>
+Bind TCP sockets to the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_syslogd_port" lineno="66208">
+<summary>
+Bind UDP sockets to the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_syslogd_port" lineno="66227">
+<summary>
+Make a TCP connection to the syslogd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_syslogd_client_packets" lineno="66247">
+<summary>
+Send syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="66266">
+<summary>
+Do not audit attempts to send syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_syslogd_client_packets" lineno="66285">
+<summary>
+Receive syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="66304">
+<summary>
+Do not audit attempts to receive syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_syslogd_client_packets" lineno="66323">
+<summary>
+Send and receive syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="66339">
+<summary>
+Do not audit attempts to send and receive syslogd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_syslogd_client_packets" lineno="66354">
+<summary>
+Relabel packets to syslogd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_syslogd_server_packets" lineno="66374">
+<summary>
+Send syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="66393">
+<summary>
+Do not audit attempts to send syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_syslogd_server_packets" lineno="66412">
+<summary>
+Receive syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="66431">
+<summary>
+Do not audit attempts to receive syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_syslogd_server_packets" lineno="66450">
+<summary>
+Send and receive syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="66466">
+<summary>
+Do not audit attempts to send and receive syslogd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_syslogd_server_packets" lineno="66481">
+<summary>
+Relabel packets to syslogd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_tcs_port" lineno="66503">
+<summary>
+Send and receive TCP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_tcs_port" lineno="66522">
+<summary>
+Send UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_tcs_port" lineno="66541">
+<summary>
+Do not audit attempts to send UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_tcs_port" lineno="66560">
+<summary>
+Receive UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_tcs_port" lineno="66579">
+<summary>
+Do not audit attempts to receive UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_tcs_port" lineno="66598">
+<summary>
+Send and receive UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_tcs_port" lineno="66615">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_tcs_port" lineno="66631">
+<summary>
+Bind TCP sockets to the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_tcs_port" lineno="66651">
+<summary>
+Bind UDP sockets to the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_tcs_port" lineno="66670">
+<summary>
+Make a TCP connection to the tcs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tcs_client_packets" lineno="66690">
+<summary>
+Send tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tcs_client_packets" lineno="66709">
+<summary>
+Do not audit attempts to send tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tcs_client_packets" lineno="66728">
+<summary>
+Receive tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tcs_client_packets" lineno="66747">
+<summary>
+Do not audit attempts to receive tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tcs_client_packets" lineno="66766">
+<summary>
+Send and receive tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tcs_client_packets" lineno="66782">
+<summary>
+Do not audit attempts to send and receive tcs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tcs_client_packets" lineno="66797">
+<summary>
+Relabel packets to tcs_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tcs_server_packets" lineno="66817">
+<summary>
+Send tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tcs_server_packets" lineno="66836">
+<summary>
+Do not audit attempts to send tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tcs_server_packets" lineno="66855">
+<summary>
+Receive tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tcs_server_packets" lineno="66874">
+<summary>
+Do not audit attempts to receive tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tcs_server_packets" lineno="66893">
+<summary>
+Send and receive tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tcs_server_packets" lineno="66909">
+<summary>
+Do not audit attempts to send and receive tcs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tcs_server_packets" lineno="66924">
+<summary>
+Relabel packets to tcs_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="66946">
+<summary>
+Send and receive TCP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_telnetd_port" lineno="66965">
+<summary>
+Send UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="66984">
+<summary>
+Do not audit attempts to send UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_telnetd_port" lineno="67003">
+<summary>
+Receive UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="67022">
+<summary>
+Do not audit attempts to receive UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_telnetd_port" lineno="67041">
+<summary>
+Send and receive UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="67058">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_telnetd_port" lineno="67074">
+<summary>
+Bind TCP sockets to the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_telnetd_port" lineno="67094">
+<summary>
+Bind UDP sockets to the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_telnetd_port" lineno="67113">
+<summary>
+Make a TCP connection to the telnetd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_telnetd_client_packets" lineno="67133">
+<summary>
+Send telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="67152">
+<summary>
+Do not audit attempts to send telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_telnetd_client_packets" lineno="67171">
+<summary>
+Receive telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="67190">
+<summary>
+Do not audit attempts to receive telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_telnetd_client_packets" lineno="67209">
+<summary>
+Send and receive telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="67225">
+<summary>
+Do not audit attempts to send and receive telnetd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_telnetd_client_packets" lineno="67240">
+<summary>
+Relabel packets to telnetd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_telnetd_server_packets" lineno="67260">
+<summary>
+Send telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="67279">
+<summary>
+Do not audit attempts to send telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_telnetd_server_packets" lineno="67298">
+<summary>
+Receive telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="67317">
+<summary>
+Do not audit attempts to receive telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_telnetd_server_packets" lineno="67336">
+<summary>
+Send and receive telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="67352">
+<summary>
+Do not audit attempts to send and receive telnetd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_telnetd_server_packets" lineno="67367">
+<summary>
+Relabel packets to telnetd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_tftp_port" lineno="67389">
+<summary>
+Send and receive TCP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_tftp_port" lineno="67408">
+<summary>
+Send UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="67427">
+<summary>
+Do not audit attempts to send UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_tftp_port" lineno="67446">
+<summary>
+Receive UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="67465">
+<summary>
+Do not audit attempts to receive UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_tftp_port" lineno="67484">
+<summary>
+Send and receive UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="67501">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_tftp_port" lineno="67517">
+<summary>
+Bind TCP sockets to the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_tftp_port" lineno="67537">
+<summary>
+Bind UDP sockets to the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_tftp_port" lineno="67556">
+<summary>
+Make a TCP connection to the tftp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tftp_client_packets" lineno="67576">
+<summary>
+Send tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="67595">
+<summary>
+Do not audit attempts to send tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tftp_client_packets" lineno="67614">
+<summary>
+Receive tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="67633">
+<summary>
+Do not audit attempts to receive tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tftp_client_packets" lineno="67652">
+<summary>
+Send and receive tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="67668">
+<summary>
+Do not audit attempts to send and receive tftp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tftp_client_packets" lineno="67683">
+<summary>
+Relabel packets to tftp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tftp_server_packets" lineno="67703">
+<summary>
+Send tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="67722">
+<summary>
+Do not audit attempts to send tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tftp_server_packets" lineno="67741">
+<summary>
+Receive tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="67760">
+<summary>
+Do not audit attempts to receive tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tftp_server_packets" lineno="67779">
+<summary>
+Send and receive tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="67795">
+<summary>
+Do not audit attempts to send and receive tftp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tftp_server_packets" lineno="67810">
+<summary>
+Relabel packets to tftp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_tor_port" lineno="67832">
+<summary>
+Send and receive TCP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_tor_port" lineno="67851">
+<summary>
+Send UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_tor_port" lineno="67870">
+<summary>
+Do not audit attempts to send UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_tor_port" lineno="67889">
+<summary>
+Receive UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="67908">
+<summary>
+Do not audit attempts to receive UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_tor_port" lineno="67927">
+<summary>
+Send and receive UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="67944">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_tor_port" lineno="67960">
+<summary>
+Bind TCP sockets to the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_tor_port" lineno="67980">
+<summary>
+Bind UDP sockets to the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_tor_port" lineno="67999">
+<summary>
+Make a TCP connection to the tor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tor_client_packets" lineno="68019">
+<summary>
+Send tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tor_client_packets" lineno="68038">
+<summary>
+Do not audit attempts to send tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tor_client_packets" lineno="68057">
+<summary>
+Receive tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="68076">
+<summary>
+Do not audit attempts to receive tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tor_client_packets" lineno="68095">
+<summary>
+Send and receive tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="68111">
+<summary>
+Do not audit attempts to send and receive tor_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tor_client_packets" lineno="68126">
+<summary>
+Relabel packets to tor_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_tor_server_packets" lineno="68146">
+<summary>
+Send tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_tor_server_packets" lineno="68165">
+<summary>
+Do not audit attempts to send tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_tor_server_packets" lineno="68184">
+<summary>
+Receive tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="68203">
+<summary>
+Do not audit attempts to receive tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_tor_server_packets" lineno="68222">
+<summary>
+Send and receive tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="68238">
+<summary>
+Do not audit attempts to send and receive tor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_tor_server_packets" lineno="68253">
+<summary>
+Relabel packets to tor_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="68275">
+<summary>
+Send and receive TCP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_traceroute_port" lineno="68294">
+<summary>
+Send UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="68313">
+<summary>
+Do not audit attempts to send UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_traceroute_port" lineno="68332">
+<summary>
+Receive UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="68351">
+<summary>
+Do not audit attempts to receive UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_traceroute_port" lineno="68370">
+<summary>
+Send and receive UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="68387">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_traceroute_port" lineno="68403">
+<summary>
+Bind TCP sockets to the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_traceroute_port" lineno="68423">
+<summary>
+Bind UDP sockets to the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_traceroute_port" lineno="68442">
+<summary>
+Make a TCP connection to the traceroute port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_traceroute_client_packets" lineno="68462">
+<summary>
+Send traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="68481">
+<summary>
+Do not audit attempts to send traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_traceroute_client_packets" lineno="68500">
+<summary>
+Receive traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="68519">
+<summary>
+Do not audit attempts to receive traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_traceroute_client_packets" lineno="68538">
+<summary>
+Send and receive traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="68554">
+<summary>
+Do not audit attempts to send and receive traceroute_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_traceroute_client_packets" lineno="68569">
+<summary>
+Relabel packets to traceroute_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_traceroute_server_packets" lineno="68589">
+<summary>
+Send traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="68608">
+<summary>
+Do not audit attempts to send traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_traceroute_server_packets" lineno="68627">
+<summary>
+Receive traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="68646">
+<summary>
+Do not audit attempts to receive traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_traceroute_server_packets" lineno="68665">
+<summary>
+Send and receive traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="68681">
+<summary>
+Do not audit attempts to send and receive traceroute_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_traceroute_server_packets" lineno="68696">
+<summary>
+Relabel packets to traceroute_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="68718">
+<summary>
+Send and receive TCP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_transproxy_port" lineno="68737">
+<summary>
+Send UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="68756">
+<summary>
+Do not audit attempts to send UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_transproxy_port" lineno="68775">
+<summary>
+Receive UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="68794">
+<summary>
+Do not audit attempts to receive UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_transproxy_port" lineno="68813">
+<summary>
+Send and receive UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="68830">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_transproxy_port" lineno="68846">
+<summary>
+Bind TCP sockets to the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_transproxy_port" lineno="68866">
+<summary>
+Bind UDP sockets to the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_transproxy_port" lineno="68885">
+<summary>
+Make a TCP connection to the transproxy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_transproxy_client_packets" lineno="68905">
+<summary>
+Send transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="68924">
+<summary>
+Do not audit attempts to send transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_transproxy_client_packets" lineno="68943">
+<summary>
+Receive transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="68962">
+<summary>
+Do not audit attempts to receive transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_transproxy_client_packets" lineno="68981">
+<summary>
+Send and receive transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="68997">
+<summary>
+Do not audit attempts to send and receive transproxy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_transproxy_client_packets" lineno="69012">
+<summary>
+Relabel packets to transproxy_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_transproxy_server_packets" lineno="69032">
+<summary>
+Send transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="69051">
+<summary>
+Do not audit attempts to send transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_transproxy_server_packets" lineno="69070">
+<summary>
+Receive transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="69089">
+<summary>
+Do not audit attempts to receive transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_transproxy_server_packets" lineno="69108">
+<summary>
+Send and receive transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="69124">
+<summary>
+Do not audit attempts to send and receive transproxy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_transproxy_server_packets" lineno="69139">
+<summary>
+Relabel packets to transproxy_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ups_port" lineno="69161">
+<summary>
+Send and receive TCP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_ups_port" lineno="69180">
+<summary>
+Send UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_ups_port" lineno="69199">
+<summary>
+Do not audit attempts to send UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_ups_port" lineno="69218">
+<summary>
+Receive UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="69237">
+<summary>
+Do not audit attempts to receive UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_ups_port" lineno="69256">
+<summary>
+Send and receive UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="69273">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_ups_port" lineno="69289">
+<summary>
+Bind TCP sockets to the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_ups_port" lineno="69309">
+<summary>
+Bind UDP sockets to the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_ups_port" lineno="69328">
+<summary>
+Make a TCP connection to the ups port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ups_client_packets" lineno="69348">
+<summary>
+Send ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ups_client_packets" lineno="69367">
+<summary>
+Do not audit attempts to send ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ups_client_packets" lineno="69386">
+<summary>
+Receive ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="69405">
+<summary>
+Do not audit attempts to receive ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ups_client_packets" lineno="69424">
+<summary>
+Send and receive ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="69440">
+<summary>
+Do not audit attempts to send and receive ups_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ups_client_packets" lineno="69455">
+<summary>
+Relabel packets to ups_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_ups_server_packets" lineno="69475">
+<summary>
+Send ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_ups_server_packets" lineno="69494">
+<summary>
+Do not audit attempts to send ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_ups_server_packets" lineno="69513">
+<summary>
+Receive ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="69532">
+<summary>
+Do not audit attempts to receive ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_ups_server_packets" lineno="69551">
+<summary>
+Send and receive ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="69567">
+<summary>
+Do not audit attempts to send and receive ups_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_ups_server_packets" lineno="69582">
+<summary>
+Relabel packets to ups_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_utcpserver_port" lineno="69604">
+<summary>
+Send and receive TCP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_utcpserver_port" lineno="69623">
+<summary>
+Send UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_utcpserver_port" lineno="69642">
+<summary>
+Do not audit attempts to send UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_utcpserver_port" lineno="69661">
+<summary>
+Receive UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_utcpserver_port" lineno="69680">
+<summary>
+Do not audit attempts to receive UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_utcpserver_port" lineno="69699">
+<summary>
+Send and receive UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_utcpserver_port" lineno="69716">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_utcpserver_port" lineno="69732">
+<summary>
+Bind TCP sockets to the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_utcpserver_port" lineno="69752">
+<summary>
+Bind UDP sockets to the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_utcpserver_port" lineno="69771">
+<summary>
+Make a TCP connection to the utcpserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_utcpserver_client_packets" lineno="69791">
+<summary>
+Send utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_utcpserver_client_packets" lineno="69810">
+<summary>
+Do not audit attempts to send utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_utcpserver_client_packets" lineno="69829">
+<summary>
+Receive utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_utcpserver_client_packets" lineno="69848">
+<summary>
+Do not audit attempts to receive utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_utcpserver_client_packets" lineno="69867">
+<summary>
+Send and receive utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_utcpserver_client_packets" lineno="69883">
+<summary>
+Do not audit attempts to send and receive utcpserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_utcpserver_client_packets" lineno="69898">
+<summary>
+Relabel packets to utcpserver_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_utcpserver_server_packets" lineno="69918">
+<summary>
+Send utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_utcpserver_server_packets" lineno="69937">
+<summary>
+Do not audit attempts to send utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_utcpserver_server_packets" lineno="69956">
+<summary>
+Receive utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_utcpserver_server_packets" lineno="69975">
+<summary>
+Do not audit attempts to receive utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_utcpserver_server_packets" lineno="69994">
+<summary>
+Send and receive utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_utcpserver_server_packets" lineno="70010">
+<summary>
+Do not audit attempts to send and receive utcpserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_utcpserver_server_packets" lineno="70025">
+<summary>
+Relabel packets to utcpserver_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="70047">
+<summary>
+Send and receive TCP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_uucpd_port" lineno="70066">
+<summary>
+Send UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="70085">
+<summary>
+Do not audit attempts to send UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_uucpd_port" lineno="70104">
+<summary>
+Receive UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="70123">
+<summary>
+Do not audit attempts to receive UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_uucpd_port" lineno="70142">
+<summary>
+Send and receive UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="70159">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_uucpd_port" lineno="70175">
+<summary>
+Bind TCP sockets to the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_uucpd_port" lineno="70195">
+<summary>
+Bind UDP sockets to the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_uucpd_port" lineno="70214">
+<summary>
+Make a TCP connection to the uucpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_uucpd_client_packets" lineno="70234">
+<summary>
+Send uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="70253">
+<summary>
+Do not audit attempts to send uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_uucpd_client_packets" lineno="70272">
+<summary>
+Receive uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="70291">
+<summary>
+Do not audit attempts to receive uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_uucpd_client_packets" lineno="70310">
+<summary>
+Send and receive uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="70326">
+<summary>
+Do not audit attempts to send and receive uucpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_uucpd_client_packets" lineno="70341">
+<summary>
+Relabel packets to uucpd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_uucpd_server_packets" lineno="70361">
+<summary>
+Send uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="70380">
+<summary>
+Do not audit attempts to send uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_uucpd_server_packets" lineno="70399">
+<summary>
+Receive uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="70418">
+<summary>
+Do not audit attempts to receive uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_uucpd_server_packets" lineno="70437">
+<summary>
+Send and receive uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="70453">
+<summary>
+Do not audit attempts to send and receive uucpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_uucpd_server_packets" lineno="70468">
+<summary>
+Relabel packets to uucpd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="70490">
+<summary>
+Send and receive TCP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_varnishd_port" lineno="70509">
+<summary>
+Send UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="70528">
+<summary>
+Do not audit attempts to send UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_varnishd_port" lineno="70547">
+<summary>
+Receive UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="70566">
+<summary>
+Do not audit attempts to receive UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_varnishd_port" lineno="70585">
+<summary>
+Send and receive UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="70602">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_varnishd_port" lineno="70618">
+<summary>
+Bind TCP sockets to the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_varnishd_port" lineno="70638">
+<summary>
+Bind UDP sockets to the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_varnishd_port" lineno="70657">
+<summary>
+Make a TCP connection to the varnishd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_varnishd_client_packets" lineno="70677">
+<summary>
+Send varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="70696">
+<summary>
+Do not audit attempts to send varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_varnishd_client_packets" lineno="70715">
+<summary>
+Receive varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="70734">
+<summary>
+Do not audit attempts to receive varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_varnishd_client_packets" lineno="70753">
+<summary>
+Send and receive varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="70769">
+<summary>
+Do not audit attempts to send and receive varnishd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_varnishd_client_packets" lineno="70784">
+<summary>
+Relabel packets to varnishd_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_varnishd_server_packets" lineno="70804">
+<summary>
+Send varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="70823">
+<summary>
+Do not audit attempts to send varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_varnishd_server_packets" lineno="70842">
+<summary>
+Receive varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="70861">
+<summary>
+Do not audit attempts to receive varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_varnishd_server_packets" lineno="70880">
+<summary>
+Send and receive varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="70896">
+<summary>
+Do not audit attempts to send and receive varnishd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_varnishd_server_packets" lineno="70911">
+<summary>
+Relabel packets to varnishd_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_virt_port" lineno="70933">
+<summary>
+Send and receive TCP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_virt_port" lineno="70952">
+<summary>
+Send UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_virt_port" lineno="70971">
+<summary>
+Do not audit attempts to send UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_virt_port" lineno="70990">
+<summary>
+Receive UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="71009">
+<summary>
+Do not audit attempts to receive UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_virt_port" lineno="71028">
+<summary>
+Send and receive UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="71045">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_virt_port" lineno="71061">
+<summary>
+Bind TCP sockets to the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_virt_port" lineno="71081">
+<summary>
+Bind UDP sockets to the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_virt_port" lineno="71100">
+<summary>
+Make a TCP connection to the virt port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virt_client_packets" lineno="71120">
+<summary>
+Send virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virt_client_packets" lineno="71139">
+<summary>
+Do not audit attempts to send virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virt_client_packets" lineno="71158">
+<summary>
+Receive virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="71177">
+<summary>
+Do not audit attempts to receive virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virt_client_packets" lineno="71196">
+<summary>
+Send and receive virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="71212">
+<summary>
+Do not audit attempts to send and receive virt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virt_client_packets" lineno="71227">
+<summary>
+Relabel packets to virt_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virt_server_packets" lineno="71247">
+<summary>
+Send virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virt_server_packets" lineno="71266">
+<summary>
+Do not audit attempts to send virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virt_server_packets" lineno="71285">
+<summary>
+Receive virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="71304">
+<summary>
+Do not audit attempts to receive virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virt_server_packets" lineno="71323">
+<summary>
+Send and receive virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="71339">
+<summary>
+Do not audit attempts to send and receive virt_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virt_server_packets" lineno="71354">
+<summary>
+Relabel packets to virt_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="71376">
+<summary>
+Send and receive TCP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_virt_migration_port" lineno="71395">
+<summary>
+Send UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="71414">
+<summary>
+Do not audit attempts to send UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_virt_migration_port" lineno="71433">
+<summary>
+Receive UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="71452">
+<summary>
+Do not audit attempts to receive UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="71471">
+<summary>
+Send and receive UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="71488">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_virt_migration_port" lineno="71504">
+<summary>
+Bind TCP sockets to the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_virt_migration_port" lineno="71524">
+<summary>
+Bind UDP sockets to the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_virt_migration_port" lineno="71543">
+<summary>
+Make a TCP connection to the virt_migration port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virt_migration_client_packets" lineno="71563">
+<summary>
+Send virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="71582">
+<summary>
+Do not audit attempts to send virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virt_migration_client_packets" lineno="71601">
+<summary>
+Receive virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="71620">
+<summary>
+Do not audit attempts to receive virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="71639">
+<summary>
+Send and receive virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="71655">
+<summary>
+Do not audit attempts to send and receive virt_migration_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virt_migration_client_packets" lineno="71670">
+<summary>
+Relabel packets to virt_migration_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virt_migration_server_packets" lineno="71690">
+<summary>
+Send virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="71709">
+<summary>
+Do not audit attempts to send virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virt_migration_server_packets" lineno="71728">
+<summary>
+Receive virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="71747">
+<summary>
+Do not audit attempts to receive virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="71766">
+<summary>
+Send and receive virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="71782">
+<summary>
+Do not audit attempts to send and receive virt_migration_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virt_migration_server_packets" lineno="71797">
+<summary>
+Relabel packets to virt_migration_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_vnc_port" lineno="71819">
+<summary>
+Send and receive TCP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_vnc_port" lineno="71838">
+<summary>
+Send UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="71857">
+<summary>
+Do not audit attempts to send UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_vnc_port" lineno="71876">
+<summary>
+Receive UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="71895">
+<summary>
+Do not audit attempts to receive UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_vnc_port" lineno="71914">
+<summary>
+Send and receive UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="71931">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_vnc_port" lineno="71947">
+<summary>
+Bind TCP sockets to the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_vnc_port" lineno="71967">
+<summary>
+Bind UDP sockets to the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_vnc_port" lineno="71986">
+<summary>
+Make a TCP connection to the vnc port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_vnc_client_packets" lineno="72006">
+<summary>
+Send vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="72025">
+<summary>
+Do not audit attempts to send vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_vnc_client_packets" lineno="72044">
+<summary>
+Receive vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="72063">
+<summary>
+Do not audit attempts to receive vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_vnc_client_packets" lineno="72082">
+<summary>
+Send and receive vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="72098">
+<summary>
+Do not audit attempts to send and receive vnc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_vnc_client_packets" lineno="72113">
+<summary>
+Relabel packets to vnc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_vnc_server_packets" lineno="72133">
+<summary>
+Send vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="72152">
+<summary>
+Do not audit attempts to send vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_vnc_server_packets" lineno="72171">
+<summary>
+Receive vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="72190">
+<summary>
+Do not audit attempts to receive vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_vnc_server_packets" lineno="72209">
+<summary>
+Send and receive vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="72225">
+<summary>
+Do not audit attempts to send and receive vnc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_vnc_server_packets" lineno="72240">
+<summary>
+Relabel packets to vnc_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_wccp_port" lineno="72262">
+<summary>
+Send and receive TCP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_wccp_port" lineno="72281">
+<summary>
+Send UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="72300">
+<summary>
+Do not audit attempts to send UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_wccp_port" lineno="72319">
+<summary>
+Receive UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="72338">
+<summary>
+Do not audit attempts to receive UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_wccp_port" lineno="72357">
+<summary>
+Send and receive UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="72374">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_wccp_port" lineno="72390">
+<summary>
+Bind TCP sockets to the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_wccp_port" lineno="72410">
+<summary>
+Bind UDP sockets to the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_wccp_port" lineno="72429">
+<summary>
+Make a TCP connection to the wccp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wccp_client_packets" lineno="72449">
+<summary>
+Send wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="72468">
+<summary>
+Do not audit attempts to send wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wccp_client_packets" lineno="72487">
+<summary>
+Receive wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="72506">
+<summary>
+Do not audit attempts to receive wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wccp_client_packets" lineno="72525">
+<summary>
+Send and receive wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="72541">
+<summary>
+Do not audit attempts to send and receive wccp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wccp_client_packets" lineno="72556">
+<summary>
+Relabel packets to wccp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wccp_server_packets" lineno="72576">
+<summary>
+Send wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="72595">
+<summary>
+Do not audit attempts to send wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wccp_server_packets" lineno="72614">
+<summary>
+Receive wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="72633">
+<summary>
+Do not audit attempts to receive wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wccp_server_packets" lineno="72652">
+<summary>
+Send and receive wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="72668">
+<summary>
+Do not audit attempts to send and receive wccp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wccp_server_packets" lineno="72683">
+<summary>
+Relabel packets to wccp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_whois_port" lineno="72705">
+<summary>
+Send and receive TCP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_whois_port" lineno="72724">
+<summary>
+Send UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_whois_port" lineno="72743">
+<summary>
+Do not audit attempts to send UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_whois_port" lineno="72762">
+<summary>
+Receive UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="72781">
+<summary>
+Do not audit attempts to receive UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_whois_port" lineno="72800">
+<summary>
+Send and receive UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="72817">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_whois_port" lineno="72833">
+<summary>
+Bind TCP sockets to the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_whois_port" lineno="72853">
+<summary>
+Bind UDP sockets to the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_whois_port" lineno="72872">
+<summary>
+Make a TCP connection to the whois port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_whois_client_packets" lineno="72892">
+<summary>
+Send whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_whois_client_packets" lineno="72911">
+<summary>
+Do not audit attempts to send whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_whois_client_packets" lineno="72930">
+<summary>
+Receive whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="72949">
+<summary>
+Do not audit attempts to receive whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_whois_client_packets" lineno="72968">
+<summary>
+Send and receive whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="72984">
+<summary>
+Do not audit attempts to send and receive whois_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_whois_client_packets" lineno="72999">
+<summary>
+Relabel packets to whois_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_whois_server_packets" lineno="73019">
+<summary>
+Send whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_whois_server_packets" lineno="73038">
+<summary>
+Do not audit attempts to send whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_whois_server_packets" lineno="73057">
+<summary>
+Receive whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="73076">
+<summary>
+Do not audit attempts to receive whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_whois_server_packets" lineno="73095">
+<summary>
+Send and receive whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="73111">
+<summary>
+Do not audit attempts to send and receive whois_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_whois_server_packets" lineno="73126">
+<summary>
+Relabel packets to whois_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="73148">
+<summary>
+Send and receive TCP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_xdmcp_port" lineno="73167">
+<summary>
+Send UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="73186">
+<summary>
+Do not audit attempts to send UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_xdmcp_port" lineno="73205">
+<summary>
+Receive UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="73224">
+<summary>
+Do not audit attempts to receive UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="73243">
+<summary>
+Send and receive UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="73260">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_xdmcp_port" lineno="73276">
+<summary>
+Bind TCP sockets to the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_xdmcp_port" lineno="73296">
+<summary>
+Bind UDP sockets to the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_xdmcp_port" lineno="73315">
+<summary>
+Make a TCP connection to the xdmcp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xdmcp_client_packets" lineno="73335">
+<summary>
+Send xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="73354">
+<summary>
+Do not audit attempts to send xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xdmcp_client_packets" lineno="73373">
+<summary>
+Receive xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="73392">
+<summary>
+Do not audit attempts to receive xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="73411">
+<summary>
+Send and receive xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="73427">
+<summary>
+Do not audit attempts to send and receive xdmcp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xdmcp_client_packets" lineno="73442">
+<summary>
+Relabel packets to xdmcp_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xdmcp_server_packets" lineno="73462">
+<summary>
+Send xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="73481">
+<summary>
+Do not audit attempts to send xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xdmcp_server_packets" lineno="73500">
+<summary>
+Receive xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="73519">
+<summary>
+Do not audit attempts to receive xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="73538">
+<summary>
+Send and receive xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="73554">
+<summary>
+Do not audit attempts to send and receive xdmcp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xdmcp_server_packets" lineno="73569">
+<summary>
+Relabel packets to xdmcp_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_xen_port" lineno="73591">
+<summary>
+Send and receive TCP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_xen_port" lineno="73610">
+<summary>
+Send UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_xen_port" lineno="73629">
+<summary>
+Do not audit attempts to send UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_xen_port" lineno="73648">
+<summary>
+Receive UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="73667">
+<summary>
+Do not audit attempts to receive UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_xen_port" lineno="73686">
+<summary>
+Send and receive UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="73703">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_xen_port" lineno="73719">
+<summary>
+Bind TCP sockets to the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_xen_port" lineno="73739">
+<summary>
+Bind UDP sockets to the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_xen_port" lineno="73758">
+<summary>
+Make a TCP connection to the xen port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xen_client_packets" lineno="73778">
+<summary>
+Send xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xen_client_packets" lineno="73797">
+<summary>
+Do not audit attempts to send xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xen_client_packets" lineno="73816">
+<summary>
+Receive xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="73835">
+<summary>
+Do not audit attempts to receive xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xen_client_packets" lineno="73854">
+<summary>
+Send and receive xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="73870">
+<summary>
+Do not audit attempts to send and receive xen_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xen_client_packets" lineno="73885">
+<summary>
+Relabel packets to xen_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xen_server_packets" lineno="73905">
+<summary>
+Send xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xen_server_packets" lineno="73924">
+<summary>
+Do not audit attempts to send xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xen_server_packets" lineno="73943">
+<summary>
+Receive xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="73962">
+<summary>
+Do not audit attempts to receive xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xen_server_packets" lineno="73981">
+<summary>
+Send and receive xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="73997">
+<summary>
+Do not audit attempts to send and receive xen_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xen_server_packets" lineno="74012">
+<summary>
+Relabel packets to xen_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_xfs_port" lineno="74034">
+<summary>
+Send and receive TCP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_xfs_port" lineno="74053">
+<summary>
+Send UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="74072">
+<summary>
+Do not audit attempts to send UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_xfs_port" lineno="74091">
+<summary>
+Receive UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="74110">
+<summary>
+Do not audit attempts to receive UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_xfs_port" lineno="74129">
+<summary>
+Send and receive UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="74146">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_xfs_port" lineno="74162">
+<summary>
+Bind TCP sockets to the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_xfs_port" lineno="74182">
+<summary>
+Bind UDP sockets to the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_xfs_port" lineno="74201">
+<summary>
+Make a TCP connection to the xfs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xfs_client_packets" lineno="74221">
+<summary>
+Send xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="74240">
+<summary>
+Do not audit attempts to send xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xfs_client_packets" lineno="74259">
+<summary>
+Receive xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="74278">
+<summary>
+Do not audit attempts to receive xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xfs_client_packets" lineno="74297">
+<summary>
+Send and receive xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="74313">
+<summary>
+Do not audit attempts to send and receive xfs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xfs_client_packets" lineno="74328">
+<summary>
+Relabel packets to xfs_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xfs_server_packets" lineno="74348">
+<summary>
+Send xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="74367">
+<summary>
+Do not audit attempts to send xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xfs_server_packets" lineno="74386">
+<summary>
+Receive xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="74405">
+<summary>
+Do not audit attempts to receive xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xfs_server_packets" lineno="74424">
+<summary>
+Send and receive xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="74440">
+<summary>
+Do not audit attempts to send and receive xfs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xfs_server_packets" lineno="74455">
+<summary>
+Relabel packets to xfs_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_xserver_port" lineno="74477">
+<summary>
+Send and receive TCP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_xserver_port" lineno="74496">
+<summary>
+Send UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="74515">
+<summary>
+Do not audit attempts to send UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_xserver_port" lineno="74534">
+<summary>
+Receive UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="74553">
+<summary>
+Do not audit attempts to receive UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_xserver_port" lineno="74572">
+<summary>
+Send and receive UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="74589">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_xserver_port" lineno="74605">
+<summary>
+Bind TCP sockets to the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_xserver_port" lineno="74625">
+<summary>
+Bind UDP sockets to the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_xserver_port" lineno="74644">
+<summary>
+Make a TCP connection to the xserver port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xserver_client_packets" lineno="74664">
+<summary>
+Send xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="74683">
+<summary>
+Do not audit attempts to send xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xserver_client_packets" lineno="74702">
+<summary>
+Receive xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="74721">
+<summary>
+Do not audit attempts to receive xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xserver_client_packets" lineno="74740">
+<summary>
+Send and receive xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="74756">
+<summary>
+Do not audit attempts to send and receive xserver_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xserver_client_packets" lineno="74771">
+<summary>
+Relabel packets to xserver_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_xserver_server_packets" lineno="74791">
+<summary>
+Send xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="74810">
+<summary>
+Do not audit attempts to send xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_xserver_server_packets" lineno="74829">
+<summary>
+Receive xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="74848">
+<summary>
+Do not audit attempts to receive xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_xserver_server_packets" lineno="74867">
+<summary>
+Send and receive xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="74883">
+<summary>
+Do not audit attempts to send and receive xserver_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_xserver_server_packets" lineno="74898">
+<summary>
+Relabel packets to xserver_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="74920">
+<summary>
+Send and receive TCP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zarafa_port" lineno="74939">
+<summary>
+Send UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="74958">
+<summary>
+Do not audit attempts to send UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zarafa_port" lineno="74977">
+<summary>
+Receive UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="74996">
+<summary>
+Do not audit attempts to receive UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zarafa_port" lineno="75015">
+<summary>
+Send and receive UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="75032">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zarafa_port" lineno="75048">
+<summary>
+Bind TCP sockets to the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zarafa_port" lineno="75068">
+<summary>
+Bind UDP sockets to the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zarafa_port" lineno="75087">
+<summary>
+Make a TCP connection to the zarafa port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zarafa_client_packets" lineno="75107">
+<summary>
+Send zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="75126">
+<summary>
+Do not audit attempts to send zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zarafa_client_packets" lineno="75145">
+<summary>
+Receive zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="75164">
+<summary>
+Do not audit attempts to receive zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zarafa_client_packets" lineno="75183">
+<summary>
+Send and receive zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="75199">
+<summary>
+Do not audit attempts to send and receive zarafa_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zarafa_client_packets" lineno="75214">
+<summary>
+Relabel packets to zarafa_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zarafa_server_packets" lineno="75234">
+<summary>
+Send zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="75253">
+<summary>
+Do not audit attempts to send zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zarafa_server_packets" lineno="75272">
+<summary>
+Receive zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="75291">
+<summary>
+Do not audit attempts to receive zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zarafa_server_packets" lineno="75310">
+<summary>
+Send and receive zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="75326">
+<summary>
+Do not audit attempts to send and receive zarafa_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zarafa_server_packets" lineno="75341">
+<summary>
+Relabel packets to zarafa_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="75363">
+<summary>
+Send and receive TCP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zabbix_port" lineno="75382">
+<summary>
+Send UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="75401">
+<summary>
+Do not audit attempts to send UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zabbix_port" lineno="75420">
+<summary>
+Receive UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="75439">
+<summary>
+Do not audit attempts to receive UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zabbix_port" lineno="75458">
+<summary>
+Send and receive UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="75475">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zabbix_port" lineno="75491">
+<summary>
+Bind TCP sockets to the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zabbix_port" lineno="75511">
+<summary>
+Bind UDP sockets to the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zabbix_port" lineno="75530">
+<summary>
+Make a TCP connection to the zabbix port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zabbix_client_packets" lineno="75550">
+<summary>
+Send zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="75569">
+<summary>
+Do not audit attempts to send zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zabbix_client_packets" lineno="75588">
+<summary>
+Receive zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="75607">
+<summary>
+Do not audit attempts to receive zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zabbix_client_packets" lineno="75626">
+<summary>
+Send and receive zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="75642">
+<summary>
+Do not audit attempts to send and receive zabbix_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zabbix_client_packets" lineno="75657">
+<summary>
+Relabel packets to zabbix_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zabbix_server_packets" lineno="75677">
+<summary>
+Send zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="75696">
+<summary>
+Do not audit attempts to send zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zabbix_server_packets" lineno="75715">
+<summary>
+Receive zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="75734">
+<summary>
+Do not audit attempts to receive zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zabbix_server_packets" lineno="75753">
+<summary>
+Send and receive zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="75769">
+<summary>
+Do not audit attempts to send and receive zabbix_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zabbix_server_packets" lineno="75784">
+<summary>
+Relabel packets to zabbix_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="75806">
+<summary>
+Send and receive TCP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zabbix_agent_port" lineno="75825">
+<summary>
+Send UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="75844">
+<summary>
+Do not audit attempts to send UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zabbix_agent_port" lineno="75863">
+<summary>
+Receive UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="75882">
+<summary>
+Do not audit attempts to receive UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="75901">
+<summary>
+Send and receive UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="75918">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="75934">
+<summary>
+Bind TCP sockets to the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zabbix_agent_port" lineno="75954">
+<summary>
+Bind UDP sockets to the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="75973">
+<summary>
+Make a TCP connection to the zabbix_agent port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zabbix_agent_client_packets" lineno="75993">
+<summary>
+Send zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="76012">
+<summary>
+Do not audit attempts to send zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zabbix_agent_client_packets" lineno="76031">
+<summary>
+Receive zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="76050">
+<summary>
+Do not audit attempts to receive zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="76069">
+<summary>
+Send and receive zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="76085">
+<summary>
+Do not audit attempts to send and receive zabbix_agent_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="76100">
+<summary>
+Relabel packets to zabbix_agent_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zabbix_agent_server_packets" lineno="76120">
+<summary>
+Send zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="76139">
+<summary>
+Do not audit attempts to send zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zabbix_agent_server_packets" lineno="76158">
+<summary>
+Receive zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="76177">
+<summary>
+Do not audit attempts to receive zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="76196">
+<summary>
+Send and receive zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="76212">
+<summary>
+Do not audit attempts to send and receive zabbix_agent_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="76227">
+<summary>
+Relabel packets to zabbix_agent_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zookeeper_client_port" lineno="76249">
+<summary>
+Send and receive TCP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zookeeper_client_port" lineno="76268">
+<summary>
+Send UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zookeeper_client_port" lineno="76287">
+<summary>
+Do not audit attempts to send UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zookeeper_client_port" lineno="76306">
+<summary>
+Receive UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zookeeper_client_port" lineno="76325">
+<summary>
+Do not audit attempts to receive UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zookeeper_client_port" lineno="76344">
+<summary>
+Send and receive UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_client_port" lineno="76361">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zookeeper_client_port" lineno="76377">
+<summary>
+Bind TCP sockets to the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zookeeper_client_port" lineno="76397">
+<summary>
+Bind UDP sockets to the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zookeeper_client_port" lineno="76416">
+<summary>
+Make a TCP connection to the zookeeper_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_client_client_packets" lineno="76436">
+<summary>
+Send zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_client_client_packets" lineno="76455">
+<summary>
+Do not audit attempts to send zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_client_client_packets" lineno="76474">
+<summary>
+Receive zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_client_client_packets" lineno="76493">
+<summary>
+Do not audit attempts to receive zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_client_client_packets" lineno="76512">
+<summary>
+Send and receive zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_client_client_packets" lineno="76528">
+<summary>
+Do not audit attempts to send and receive zookeeper_client_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_client_client_packets" lineno="76543">
+<summary>
+Relabel packets to zookeeper_client_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_client_server_packets" lineno="76563">
+<summary>
+Send zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_client_server_packets" lineno="76582">
+<summary>
+Do not audit attempts to send zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_client_server_packets" lineno="76601">
+<summary>
+Receive zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_client_server_packets" lineno="76620">
+<summary>
+Do not audit attempts to receive zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_client_server_packets" lineno="76639">
+<summary>
+Send and receive zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_client_server_packets" lineno="76655">
+<summary>
+Do not audit attempts to send and receive zookeeper_client_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_client_server_packets" lineno="76670">
+<summary>
+Relabel packets to zookeeper_client_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zookeeper_election_port" lineno="76692">
+<summary>
+Send and receive TCP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zookeeper_election_port" lineno="76711">
+<summary>
+Send UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zookeeper_election_port" lineno="76730">
+<summary>
+Do not audit attempts to send UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zookeeper_election_port" lineno="76749">
+<summary>
+Receive UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zookeeper_election_port" lineno="76768">
+<summary>
+Do not audit attempts to receive UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zookeeper_election_port" lineno="76787">
+<summary>
+Send and receive UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_election_port" lineno="76804">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zookeeper_election_port" lineno="76820">
+<summary>
+Bind TCP sockets to the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zookeeper_election_port" lineno="76840">
+<summary>
+Bind UDP sockets to the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zookeeper_election_port" lineno="76859">
+<summary>
+Make a TCP connection to the zookeeper_election port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_election_client_packets" lineno="76879">
+<summary>
+Send zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_election_client_packets" lineno="76898">
+<summary>
+Do not audit attempts to send zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_election_client_packets" lineno="76917">
+<summary>
+Receive zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_election_client_packets" lineno="76936">
+<summary>
+Do not audit attempts to receive zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_election_client_packets" lineno="76955">
+<summary>
+Send and receive zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_election_client_packets" lineno="76971">
+<summary>
+Do not audit attempts to send and receive zookeeper_election_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_election_client_packets" lineno="76986">
+<summary>
+Relabel packets to zookeeper_election_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_election_server_packets" lineno="77006">
+<summary>
+Send zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_election_server_packets" lineno="77025">
+<summary>
+Do not audit attempts to send zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_election_server_packets" lineno="77044">
+<summary>
+Receive zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_election_server_packets" lineno="77063">
+<summary>
+Do not audit attempts to receive zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_election_server_packets" lineno="77082">
+<summary>
+Send and receive zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_election_server_packets" lineno="77098">
+<summary>
+Do not audit attempts to send and receive zookeeper_election_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_election_server_packets" lineno="77113">
+<summary>
+Relabel packets to zookeeper_election_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zookeeper_leader_port" lineno="77135">
+<summary>
+Send and receive TCP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zookeeper_leader_port" lineno="77154">
+<summary>
+Send UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zookeeper_leader_port" lineno="77173">
+<summary>
+Do not audit attempts to send UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zookeeper_leader_port" lineno="77192">
+<summary>
+Receive UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zookeeper_leader_port" lineno="77211">
+<summary>
+Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zookeeper_leader_port" lineno="77230">
+<summary>
+Send and receive UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_leader_port" lineno="77247">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zookeeper_leader_port" lineno="77263">
+<summary>
+Bind TCP sockets to the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zookeeper_leader_port" lineno="77283">
+<summary>
+Bind UDP sockets to the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zookeeper_leader_port" lineno="77302">
+<summary>
+Make a TCP connection to the zookeeper_leader port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_leader_client_packets" lineno="77322">
+<summary>
+Send zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_leader_client_packets" lineno="77341">
+<summary>
+Do not audit attempts to send zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_leader_client_packets" lineno="77360">
+<summary>
+Receive zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_leader_client_packets" lineno="77379">
+<summary>
+Do not audit attempts to receive zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_leader_client_packets" lineno="77398">
+<summary>
+Send and receive zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_client_packets" lineno="77414">
+<summary>
+Do not audit attempts to send and receive zookeeper_leader_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_leader_client_packets" lineno="77429">
+<summary>
+Relabel packets to zookeeper_leader_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zookeeper_leader_server_packets" lineno="77449">
+<summary>
+Send zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zookeeper_leader_server_packets" lineno="77468">
+<summary>
+Do not audit attempts to send zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zookeeper_leader_server_packets" lineno="77487">
+<summary>
+Receive zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zookeeper_leader_server_packets" lineno="77506">
+<summary>
+Do not audit attempts to receive zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zookeeper_leader_server_packets" lineno="77525">
+<summary>
+Send and receive zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_server_packets" lineno="77541">
+<summary>
+Do not audit attempts to send and receive zookeeper_leader_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zookeeper_leader_server_packets" lineno="77556">
+<summary>
+Relabel packets to zookeeper_leader_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zebra_port" lineno="77578">
+<summary>
+Send and receive TCP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zebra_port" lineno="77597">
+<summary>
+Send UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="77616">
+<summary>
+Do not audit attempts to send UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zebra_port" lineno="77635">
+<summary>
+Receive UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="77654">
+<summary>
+Do not audit attempts to receive UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zebra_port" lineno="77673">
+<summary>
+Send and receive UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="77690">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zebra_port" lineno="77706">
+<summary>
+Bind TCP sockets to the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zebra_port" lineno="77726">
+<summary>
+Bind UDP sockets to the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zebra_port" lineno="77745">
+<summary>
+Make a TCP connection to the zebra port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zebra_client_packets" lineno="77765">
+<summary>
+Send zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="77784">
+<summary>
+Do not audit attempts to send zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zebra_client_packets" lineno="77803">
+<summary>
+Receive zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="77822">
+<summary>
+Do not audit attempts to receive zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zebra_client_packets" lineno="77841">
+<summary>
+Send and receive zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="77857">
+<summary>
+Do not audit attempts to send and receive zebra_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zebra_client_packets" lineno="77872">
+<summary>
+Relabel packets to zebra_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zebra_server_packets" lineno="77892">
+<summary>
+Send zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="77911">
+<summary>
+Do not audit attempts to send zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zebra_server_packets" lineno="77930">
+<summary>
+Receive zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="77949">
+<summary>
+Do not audit attempts to receive zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zebra_server_packets" lineno="77968">
+<summary>
+Send and receive zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="77984">
+<summary>
+Do not audit attempts to send and receive zebra_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zebra_server_packets" lineno="77999">
+<summary>
+Relabel packets to zebra_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zope_port" lineno="78021">
+<summary>
+Send and receive TCP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zope_port" lineno="78040">
+<summary>
+Send UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zope_port" lineno="78059">
+<summary>
+Do not audit attempts to send UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zope_port" lineno="78078">
+<summary>
+Receive UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="78097">
+<summary>
+Do not audit attempts to receive UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zope_port" lineno="78116">
+<summary>
+Send and receive UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="78133">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zope_port" lineno="78149">
+<summary>
+Bind TCP sockets to the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zope_port" lineno="78169">
+<summary>
+Bind UDP sockets to the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zope_port" lineno="78188">
+<summary>
+Make a TCP connection to the zope port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zope_client_packets" lineno="78208">
+<summary>
+Send zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zope_client_packets" lineno="78227">
+<summary>
+Do not audit attempts to send zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zope_client_packets" lineno="78246">
+<summary>
+Receive zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="78265">
+<summary>
+Do not audit attempts to receive zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zope_client_packets" lineno="78284">
+<summary>
+Send and receive zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="78300">
+<summary>
+Do not audit attempts to send and receive zope_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zope_client_packets" lineno="78315">
+<summary>
+Relabel packets to zope_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zope_server_packets" lineno="78335">
+<summary>
+Send zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zope_server_packets" lineno="78354">
+<summary>
+Do not audit attempts to send zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zope_server_packets" lineno="78373">
+<summary>
+Receive zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="78392">
+<summary>
+Do not audit attempts to receive zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zope_server_packets" lineno="78411">
+<summary>
+Send and receive zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="78427">
+<summary>
+Do not audit attempts to send and receive zope_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zope_server_packets" lineno="78442">
+<summary>
+Relabel packets to zope_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_lo_if" lineno="78465">
+<summary>
+Send and receive TCP network traffic on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_lo_if" lineno="78484">
+<summary>
+Send UDP network traffic on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_udp_receive_lo_if" lineno="78503">
+<summary>
+Receive UDP network traffic on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_udp_sendrecv_lo_if" lineno="78522">
+<summary>
+Send and receive UDP network traffic on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_raw_send_lo_if" lineno="78538">
+<summary>
+Send raw IP packets on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_raw_receive_lo_if" lineno="78557">
+<summary>
+Receive raw IP packets on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_raw_sendrecv_lo_if" lineno="78576">
+<summary>
+Send and receive raw IP packets on the lo interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+</module>
+<module name="devices" filename="policy/modules/kernel/devices.if">
+<summary>
+Device nodes and interfaces for many basic system devices.
+</summary>
+<desc>
+<p>
+This module creates the device node concept and provides
+the policy for many of the device files. Notable exceptions are
+the mass storage and terminal devices that are covered by other
+modules.
+</p>
+<p>
+This module creates the concept of a device node. That is a
+char or block device file, usually in /dev. All types that
+are used to label device nodes should use the dev_node macro.
+</p>
+<p>
+Additionally, this module controls access to three things:
+<ul>
+<li>the device directories containing device nodes</li>
+<li>device nodes as a group</li>
+<li>individual access to specific device nodes covered by
+this module.</li>
+</ul>
+</p>
+</desc>
+<required val="true">
+Depended on by other required modules.
+</required>
+<interface name="dev_node" lineno="66">
+<summary>
+Make the specified type usable for device
+nodes in a filesystem.
+</summary>
+<desc>
+<p>
+Make the specified type usable for device nodes
+in a filesystem. Types used for device nodes that
+do not use this interface, or an interface that
+calls this one, will have unexpected behaviors
+while the system is running.
+</p>
+<p>
+Example:
+</p>
+<p>
+type mydev_t;
+dev_node(mydev_t)
+allow mydomain_t mydev_t:chr_file read_chr_file_perms;
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>term_tty()</li>
+<li>term_pty()</li>
+</ul>
+</desc>
+<param name="type">
+<summary>
+Type to be used for device nodes.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="dev_associate" lineno="84">
+<summary>
+Associate the specified file type with device filesystem.
+</summary>
+<param name="file_type">
+<summary>
+The type of the file to be associated.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_fs" lineno="103">
+<summary>
+Get attributes of device filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_mounton" lineno="121">
+<summary>
+Mount a filesystem on /dev
+</summary>
+<param name="domain">
+<summary>
+Domain allow access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_all_dev_nodes" lineno="140">
+<summary>
+Allow full relabeling (to and from) of all device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_list_all_dev_nodes" lineno="165">
+<summary>
+List all of the device nodes in a device directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_generic_dirs" lineno="184">
+<summary>
+Set the attributes of /dev directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_list_all_dev_nodes" lineno="202">
+<summary>
+Dontaudit attempts to list all device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_add_entry_generic_dirs" lineno="220">
+<summary>
+Add entries to directories in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_remove_entry_generic_dirs" lineno="238">
+<summary>
+Add entries to directories in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_generic_dirs" lineno="256">
+<summary>
+Create a directory in the device directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_generic_dirs" lineno="275">
+<summary>
+Delete a directory in the device directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_generic_dirs" lineno="293">
+<summary>
+Manage of directories in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_generic_dev_dirs" lineno="311">
+<summary>
+Allow full relabeling (to and from) of directories in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_generic_files" lineno="329">
+<summary>
+dontaudit getattr generic files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_generic_files" lineno="347">
+<summary>
+Read generic files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_generic_files" lineno="365">
+<summary>
+Read and write generic files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_generic_files" lineno="383">
+<summary>
+Delete generic files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_generic_files" lineno="401">
+<summary>
+Create a file in the device directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_generic_pipes" lineno="419">
+<summary>
+Dontaudit getattr on generic pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_generic_sockets" lineno="437">
+<summary>
+Write generic socket files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_generic_blk_files" lineno="455">
+<summary>
+Allow getattr on generic block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="473">
+<summary>
+Dontaudit getattr on generic block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="491">
+<summary>
+Dontaudit setattr on generic block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_generic_blk_files" lineno="509">
+<summary>
+Create generic block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_generic_blk_files" lineno="527">
+<summary>
+Delete generic block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_generic_chr_files" lineno="545">
+<summary>
+Allow getattr for generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="563">
+<summary>
+Dontaudit getattr for generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="581">
+<summary>
+Dontaudit setattr for generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_generic_chr_files" lineno="599">
+<summary>
+Read generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_generic_chr_files" lineno="617">
+<summary>
+Read and write generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_generic_blk_files" lineno="635">
+<summary>
+Read and write generic block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_generic_chr_files" lineno="653">
+<summary>
+Dontaudit attempts to read/write generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain to dontaudit access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_generic_chr_files" lineno="671">
+<summary>
+Create generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_generic_chr_files" lineno="689">
+<summary>
+Delete generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabelfrom_generic_chr_files" lineno="707">
+<summary>
+Relabel from generic character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="726">
+<summary>
+Do not audit attempts to set the attributes
+of symbolic links in device directories (/dev).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_generic_symlinks" lineno="744">
+<summary>
+Read symbolic links in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_generic_symlinks" lineno="762">
+<summary>
+Create symbolic links in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_generic_symlinks" lineno="780">
+<summary>
+Delete symbolic links in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_generic_symlinks" lineno="798">
+<summary>
+Create, delete, read, and write symbolic links in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_generic_symlinks" lineno="816">
+<summary>
+Relabel symbolic links in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_all_dev_nodes" lineno="834">
+<summary>
+Create, delete, read, and write device nodes in device directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="870">
+<summary>
+Dontaudit getattr for generic device files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_generic_blk_files" lineno="888">
+<summary>
+Create, delete, read, and write block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_generic_chr_files" lineno="906">
+<summary>
+Create, delete, read, and write character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_filetrans" lineno="936">
+<summary>
+Create, read, and write device nodes. The node
+will be transitioned to the type provided.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file">
+<summary>
+Type to which the created node will be transitioned.
+</summary>
+</param>
+<param name="objectclass(es)">
+<summary>
+Object class(es) (single or set including {}) for which this
+the transition will occur.
+</summary>
+</param>
+</interface>
+<interface name="dev_tmpfs_filetrans_dev" lineno="966">
+<summary>
+Create, read, and write device nodes. The node
+will be transitioned to the type provided. This is
+a temporary interface until devtmpfs functionality
+fixed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="objectclass(es)">
+<summary>
+Object class(es) (single or set including {}) for which this
+the transition will occur.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_all_blk_files" lineno="985">
+<summary>
+Getattr on all block file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_dontaudit_getattr_all_blk_files" lineno="1004">
+<summary>
+Dontaudit getattr on all block file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_all_chr_files" lineno="1024">
+<summary>
+Getattr on all character file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_dontaudit_getattr_all_chr_files" lineno="1042">
+<summary>
+Dontaudit getattr on all character file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_all_blk_files" lineno="1062">
+<summary>
+Setattr on all block file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_setattr_all_chr_files" lineno="1081">
+<summary>
+Setattr on all character file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_dontaudit_read_all_blk_files" lineno="1099">
+<summary>
+Dontaudit read on all block file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_write_all_blk_files" lineno="1117">
+<summary>
+Dontaudit write on all block file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_all_chr_files" lineno="1135">
+<summary>
+Dontaudit read on all character file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_write_all_chr_files" lineno="1153">
+<summary>
+Dontaudit write on all character file device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_all_blk_files" lineno="1171">
+<summary>
+Create all block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_all_chr_files" lineno="1189">
+<summary>
+Create all character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_all_blk_files" lineno="1207">
+<summary>
+Delete all block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_all_chr_files" lineno="1225">
+<summary>
+Delete all character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rename_all_blk_files" lineno="1243">
+<summary>
+Rename all block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rename_all_chr_files" lineno="1261">
+<summary>
+Rename all character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_all_blk_files" lineno="1279">
+<summary>
+Read, write, create, and delete all block device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_all_chr_files" lineno="1303">
+<summary>
+Read, write, create, and delete all character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_agp_dev" lineno="1323">
+<summary>
+Getattr the agp devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_agp" lineno="1341">
+<summary>
+Read and write the agp devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_apm_bios_dev" lineno="1359">
+<summary>
+Get the attributes of the apm bios device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_apm_bios_dev" lineno="1378">
+<summary>
+Do not audit attempts to get the attributes of
+the apm bios device node.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_apm_bios_dev" lineno="1396">
+<summary>
+Set the attributes of the apm bios device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_apm_bios_dev" lineno="1415">
+<summary>
+Do not audit attempts to set the attributes of
+the apm bios device node.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_apm_bios" lineno="1433">
+<summary>
+Read and write the apm bios.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_autofs_dev" lineno="1451">
+<summary>
+Get the attributes of the autofs device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1470">
+<summary>
+Do not audit attempts to get the attributes of
+the autofs device node.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_autofs_dev" lineno="1488">
+<summary>
+Set the attributes of the autofs device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1507">
+<summary>
+Do not audit attempts to set the attributes of
+the autofs device node.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_autofs" lineno="1525">
+<summary>
+Read and write the autofs device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_autofs_dev" lineno="1543">
+<summary>
+Relabel the autofs device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_cardmgr" lineno="1561">
+<summary>
+Read and write the PCMCIA card manager device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_cardmgr" lineno="1580">
+<summary>
+Do not audit attempts to read and
+write the PCMCIA card manager device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_cardmgr_dev" lineno="1600">
+<summary>
+Create, read, write, and delete
+the PCMCIA card manager device
+with the correct type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_cardmgr_dev" lineno="1620">
+<summary>
+Create, read, write, and delete
+the PCMCIA card manager device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_filetrans_cardmgr" lineno="1641">
+<summary>
+Automatic type transition to the type
+for PCMCIA card manager device nodes when
+created in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_cpu_dev" lineno="1660">
+<summary>
+Get the attributes of the CPU
+microcode and id interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_cpu_dev" lineno="1679">
+<summary>
+Set the attributes of the CPU
+microcode and id interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_cpuid" lineno="1697">
+<summary>
+Read the CPU identity.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_cpu_microcode" lineno="1716">
+<summary>
+Read and write the the CPU microcode device. This
+is required to load CPU microcode.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_crash" lineno="1734">
+<summary>
+Read the kernel crash device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_crypto" lineno="1752">
+<summary>
+Read and write the the hardware SSL accelerator.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_dlm_control" lineno="1770">
+<summary>
+Set the attributes of the dlm control devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_dlm_control" lineno="1788">
+<summary>
+Read and write the the dlm control device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_dri_dev" lineno="1806">
+<summary>
+getattr the dri devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_dri_dev" lineno="1824">
+<summary>
+Setattr the dri devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_dri" lineno="1842">
+<summary>
+Read and write the dri devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_dri" lineno="1860">
+<summary>
+Dontaudit read and write on the dri devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_dri_dev" lineno="1878">
+<summary>
+Create, read, write, and delete the dri devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_filetrans_dri" lineno="1897">
+<summary>
+Automatic type transition to the type
+for DRI device nodes when created in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_input_dev" lineno="1915">
+<summary>
+Get the attributes of the event devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_input_dev" lineno="1934">
+<summary>
+Set the attributes of the event devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_input" lineno="1953">
+<summary>
+Read input event devices (/dev/input).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_input_dev" lineno="1971">
+<summary>
+Read input event devices (/dev/input).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_framebuffer_dev" lineno="1989">
+<summary>
+Get the attributes of the framebuffer device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_framebuffer_dev" lineno="2007">
+<summary>
+Set the attributes of the framebuffer device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2026">
+<summary>
+Dot not audit attempts to set the attributes
+of the framebuffer device node.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_framebuffer" lineno="2044">
+<summary>
+Read the framebuffer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_framebuffer" lineno="2062">
+<summary>
+Do not audit attempts to read the framebuffer.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_framebuffer" lineno="2080">
+<summary>
+Write the framebuffer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_framebuffer" lineno="2098">
+<summary>
+Read and write the framebuffer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_kmsg" lineno="2116">
+<summary>
+Read the kernel messages
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_kmsg" lineno="2134">
+<summary>
+Do not audit attempts to read the kernel messages
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_kmsg" lineno="2152">
+<summary>
+Write to the kernel messages device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_ksm_dev" lineno="2170">
+<summary>
+Get the attributes of the ksm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_ksm_dev" lineno="2188">
+<summary>
+Set the attributes of the ksm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_ksm" lineno="2206">
+<summary>
+Read the ksm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_ksm" lineno="2224">
+<summary>
+Read and write to ksm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_kvm_dev" lineno="2242">
+<summary>
+Get the attributes of the kvm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_kvm_dev" lineno="2260">
+<summary>
+Set the attributes of the kvm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_kvm" lineno="2278">
+<summary>
+Read the kvm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_kvm" lineno="2296">
+<summary>
+Read and write to kvm devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_lirc" lineno="2314">
+<summary>
+Read the lirc device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_lirc" lineno="2332">
+<summary>
+Read and write the lirc device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_filetrans_lirc" lineno="2351">
+<summary>
+Automatic type transition to the type
+for lirc device nodes when created in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_lvm_control" lineno="2369">
+<summary>
+Get the attributes of the lvm comtrol device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_lvm_control" lineno="2387">
+<summary>
+Read the lvm comtrol device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_lvm_control" lineno="2405">
+<summary>
+Read and write the lvm control device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_lvm_control" lineno="2423">
+<summary>
+Do not audit attempts to read and write lvm control device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_lvm_control_dev" lineno="2441">
+<summary>
+Delete the lvm control device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_memory_dev" lineno="2459">
+<summary>
+dontaudit getattr raw memory devices (e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_raw_memory" lineno="2477">
+<summary>
+Read raw memory devices (e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_raw_memory" lineno="2500">
+<summary>
+Do not audit attempts to read raw memory devices
+(e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_raw_memory" lineno="2518">
+<summary>
+Write raw memory devices (e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rx_raw_memory" lineno="2540">
+<summary>
+Read and execute raw memory devices (e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_wx_raw_memory" lineno="2559">
+<summary>
+Write and execute raw memory devices (e.g. /dev/mem).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_misc_dev" lineno="2578">
+<summary>
+Get the attributes of miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_misc_dev" lineno="2597">
+<summary>
+Do not audit attempts to get the attributes
+of miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_misc_dev" lineno="2615">
+<summary>
+Set the attributes of miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_misc_dev" lineno="2634">
+<summary>
+Do not audit attempts to set the attributes
+of miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_misc" lineno="2652">
+<summary>
+Read miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_misc" lineno="2670">
+<summary>
+Write miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_rw_misc" lineno="2688">
+<summary>
+Do not audit attempts to read and write miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_modem_dev" lineno="2706">
+<summary>
+Get the attributes of the modem devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_modem_dev" lineno="2724">
+<summary>
+Set the attributes of the modem devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_modem" lineno="2742">
+<summary>
+Read the modem devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_modem" lineno="2760">
+<summary>
+Read and write to modem devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_mouse_dev" lineno="2778">
+<summary>
+Get the attributes of the mouse devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_mouse_dev" lineno="2796">
+<summary>
+Set the attributes of the mouse devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_mouse" lineno="2814">
+<summary>
+Read the mouse devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_mouse" lineno="2832">
+<summary>
+Read and write to mouse devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_mtrr_dev" lineno="2851">
+<summary>
+Get the attributes of the memory type range
+registers (MTRR) device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_mtrr" lineno="2884">
+<summary>
+Read the memory type range
+registers (MTRR). (Deprecated)
+</summary>
+<desc>
+<p>
+Read the memory type range
+registers (MTRR). This interface has
+been deprecated, dev_rw_mtrr() should be
+used instead.
+</p>
+<p>
+The MTRR device ioctls can be used for
+reading and writing; thus, read access to the
+device cannot be separated from write access.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_mtrr" lineno="2913">
+<summary>
+Write the memory type range
+registers (MTRR). (Deprecated)
+</summary>
+<desc>
+<p>
+Write the memory type range
+registers (MTRR). This interface has
+been deprecated, dev_rw_mtrr() should be
+used instead.
+</p>
+<p>
+The MTRR device ioctls can be used for
+reading and writing; thus, write access to the
+device cannot be separated from read access.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_write_mtrr" lineno="2929">
+<summary>
+Do not audit attempts to write the memory type
+range registers (MTRR).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_mtrr" lineno="2948">
+<summary>
+Read and write the memory type range registers (MTRR).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_netcontrol_dev" lineno="2967">
+<summary>
+Get the attributes of the network control device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_netcontrol" lineno="2985">
+<summary>
+Read the network control identity.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_netcontrol" lineno="3003">
+<summary>
+Read and write the the network control device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_null_dev" lineno="3021">
+<summary>
+Get the attributes of the null device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_null_dev" lineno="3039">
+<summary>
+Set the attributes of the null device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_delete_null" lineno="3057">
+<summary>
+Delete the null device (/dev/null).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_null" lineno="3075">
+<summary>
+Read and write to the null device (/dev/null).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_null_dev" lineno="3093">
+<summary>
+Create the null device (/dev/null).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_nvram_dev" lineno="3112">
+<summary>
+Do not audit attempts to get the attributes
+of the BIOS non-volatile RAM device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_nvram" lineno="3130">
+<summary>
+Read and write BIOS non-volatile RAM.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_printer_dev" lineno="3148">
+<summary>
+Get the attributes of the printer device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_printer_dev" lineno="3166">
+<summary>
+Set the attributes of the printer device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_append_printer" lineno="3185">
+<summary>
+Append the printer device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_printer" lineno="3203">
+<summary>
+Read and write the printer device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_printk" lineno="3221">
+<summary>
+Read printk devices (e.g., /dev/kmsg /dev/mcelog)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_qemu_dev" lineno="3240">
+<summary>
+Get the attributes of the QEMU
+microcode and id interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_qemu_dev" lineno="3259">
+<summary>
+Set the attributes of the QEMU
+microcode and id interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_qemu" lineno="3277">
+<summary>
+Read the QEMU device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_qemu" lineno="3295">
+<summary>
+Read and write the the QEMU device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_rand" lineno="3329">
+<summary>
+Read from random number generator
+devices (e.g., /dev/random).
+</summary>
+<desc>
+<p>
+Allow the specified domain to read from random number
+generator devices (e.g., /dev/random). Typically this is
+used in situations when a cryptographically secure random
+number is needed.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>dev_read_urand()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="dev_dontaudit_read_rand" lineno="3348">
+<summary>
+Do not audit attempts to read from random
+number generator devices (e.g., /dev/random)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_append_rand" lineno="3367">
+<summary>
+Do not audit attempts to append to random
+number generator devices (e.g., /dev/random)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_rand" lineno="3387">
+<summary>
+Write to the random device (e.g., /dev/random). This adds
+entropy used to generate the random data read from the
+random device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_realtime_clock" lineno="3405">
+<summary>
+Read the realtime clock (/dev/rtc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_realtime_clock" lineno="3423">
+<summary>
+Set the realtime clock (/dev/rtc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_realtime_clock" lineno="3443">
+<summary>
+Read and set the realtime clock (/dev/rtc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_scanner_dev" lineno="3458">
+<summary>
+Get the attributes of the scanner device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_scanner_dev" lineno="3477">
+<summary>
+Do not audit attempts to get the attributes of
+the scanner device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_scanner_dev" lineno="3495">
+<summary>
+Set the attributes of the scanner device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_scanner_dev" lineno="3514">
+<summary>
+Do not audit attempts to set the attributes of
+the scanner device.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_scanner" lineno="3532">
+<summary>
+Read and write the scanner device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_sound_dev" lineno="3550">
+<summary>
+Get the attributes of the sound devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_sound_dev" lineno="3568">
+<summary>
+Set the attributes of the sound devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_sound" lineno="3586">
+<summary>
+Read the sound devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_sound" lineno="3604">
+<summary>
+Write the sound devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_sound_mixer" lineno="3622">
+<summary>
+Read the sound mixer devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_sound_mixer" lineno="3640">
+<summary>
+Write the sound mixer devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_power_mgmt_dev" lineno="3658">
+<summary>
+Get the attributes of the the power management device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_power_mgmt_dev" lineno="3676">
+<summary>
+Set the attributes of the the power management device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_power_management" lineno="3694">
+<summary>
+Read and write the the power management device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_smartcard_dev" lineno="3712">
+<summary>
+Getattr on smartcard devices
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="3731">
+<summary>
+dontaudit getattr on smartcard devices
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_smartcard" lineno="3750">
+<summary>
+Read and write smartcard devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_smartcard" lineno="3768">
+<summary>
+Create, read, write, and delete smartcard devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_associate_sysfs" lineno="3786">
+<summary>
+Associate a file to a sysfs filesystem.
+</summary>
+<param name="file_type">
+<summary>
+The type of the file to be associated to sysfs.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_sysfs_dirs" lineno="3804">
+<summary>
+Get the attributes of sysfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_search_sysfs" lineno="3822">
+<summary>
+Search the sysfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_search_sysfs" lineno="3840">
+<summary>
+Do not audit attempts to search sysfs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_list_sysfs" lineno="3858">
+<summary>
+List the contents of the sysfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_sysfs_dirs" lineno="3877">
+<summary>
+Write in a sysfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_write_sysfs_dirs" lineno="3895">
+<summary>
+Do not audit attempts to write in a sysfs directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_sysfs_dirs" lineno="3914">
+<summary>
+Create, read, write, and delete sysfs
+directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_sysfs" lineno="3941">
+<summary>
+Read hardware state information.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read the contents of
+the sysfs filesystem. This filesystem contains
+information, parameters, and other settings on the
+hardware installed on the system.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="dev_rw_sysfs" lineno="3962">
+<summary>
+Allow caller to modify hardware state information.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_tpm" lineno="3983">
+<summary>
+Read and write the TPM device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_urand" lineno="4024">
+<summary>
+Read from pseudo random number generator devices (e.g., /dev/urandom).
+</summary>
+<desc>
+<p>
+Allow the specified domain to read from pseudo random number
+generator devices (e.g., /dev/urandom). Typically this is
+used in situations when a cryptographically secure random
+number is not necessarily needed. One example is the Stack
+Smashing Protector (SSP, formerly known as ProPolice) support
+that may be compiled into programs.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>dev_read_rand()</li>
+</ul>
+<p>
+Related tunable:
+</p>
+<ul>
+<li>global_ssp</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="dev_dontaudit_read_urand" lineno="4043">
+<summary>
+Do not audit attempts to read from pseudo
+random devices (e.g., /dev/urandom)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_urand" lineno="4062">
+<summary>
+Write to the pseudo random device (e.g., /dev/urandom). This
+sets the random number generator seed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_generic_usb_dev" lineno="4080">
+<summary>
+Getattr generic the USB devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_generic_usb_dev" lineno="4098">
+<summary>
+Setattr generic the USB devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_generic_usb_dev" lineno="4116">
+<summary>
+Read generic the USB devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_generic_usb_dev" lineno="4134">
+<summary>
+Read and write generic the USB devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_usbmon_dev" lineno="4152">
+<summary>
+Read USB monitor devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_usbmon_dev" lineno="4170">
+<summary>
+Write USB monitor devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_mount_usbfs" lineno="4188">
+<summary>
+Mount a usbfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_associate_usbfs" lineno="4206">
+<summary>
+Associate a file to a usbfs filesystem.
+</summary>
+<param name="file_type">
+<summary>
+The type of the file to be associated to usbfs.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_usbfs_dirs" lineno="4224">
+<summary>
+Get the attributes of a directory in the usb filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="4243">
+<summary>
+Do not audit attempts to get the attributes
+of a directory in the usb filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_search_usbfs" lineno="4261">
+<summary>
+Search the directory containing USB hardware information.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_list_usbfs" lineno="4279">
+<summary>
+Allow caller to get a list of usb hardware.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_usbfs_files" lineno="4300">
+<summary>
+Set the attributes of usbfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_usbfs" lineno="4320">
+<summary>
+Read USB hardware information using
+the usbfs filesystem interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_usbfs" lineno="4340">
+<summary>
+Allow caller to modify usb hardware configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_video_dev" lineno="4360">
+<summary>
+Get the attributes of video4linux devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_userio_dev" lineno="4378">
+<summary>
+Read and write userio device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_video_dev" lineno="4397">
+<summary>
+Do not audit attempts to get the attributes
+of video4linux device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_video_dev" lineno="4415">
+<summary>
+Set the attributes of video4linux device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_video_dev" lineno="4434">
+<summary>
+Do not audit attempts to set the attributes
+of video4linux device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_video_dev" lineno="4452">
+<summary>
+Read the video4linux devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_video_dev" lineno="4470">
+<summary>
+Write the video4linux devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_vhost" lineno="4488">
+<summary>
+Allow read/write the vhost net device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_vmware" lineno="4506">
+<summary>
+Read and write VMWare devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rwx_vmware" lineno="4524">
+<summary>
+Read, write, and mmap VMWare devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_watchdog" lineno="4543">
+<summary>
+Read from watchdog devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_write_watchdog" lineno="4561">
+<summary>
+Write to watchdog devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_wireless" lineno="4579">
+<summary>
+Read and write the the wireless device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_xen" lineno="4597">
+<summary>
+Read and write Xen devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_xen" lineno="4615">
+<summary>
+Create, read, write, and delete Xen devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_filetrans_xen" lineno="4634">
+<summary>
+Automatic type transition to the type
+for xen device nodes when created in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_xserver_misc_dev" lineno="4652">
+<summary>
+Get the attributes of X server miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_setattr_xserver_misc_dev" lineno="4670">
+<summary>
+Set the attributes of X server miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_xserver_misc" lineno="4688">
+<summary>
+Read and write X server miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_zero" lineno="4706">
+<summary>
+Read and write to the zero device (/dev/zero).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rwx_zero" lineno="4724">
+<summary>
+Read, write, and execute the zero device (/dev/zero).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_execmod_zero" lineno="4743">
+<summary>
+Execmod the zero device (/dev/zero).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_create_zero_dev" lineno="4762">
+<summary>
+Create the zero device (/dev/zero).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_unconfined" lineno="4780">
+<summary>
+Unconfined access to devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="domain" filename="policy/modules/kernel/domain.if">
+<summary>Core policy for domains.</summary>
+<required val="true">
+Contains the concept of a domain.
+</required>
+<interface name="domain_base_type" lineno="26">
+<summary>
+Make the specified type usable as a basic domain.
+</summary>
+<desc>
+<p>
+Make the specified type usable as a basic domain.
+</p>
+<p>
+This is primarily used for kernel threads;
+generally the domain_type() interface is
+more appropriate for userland processes.
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used as a basic domain type.
+</summary>
+</param>
+</interface>
+<interface name="domain_type" lineno="75">
+<summary>
+Make the specified type usable as a domain.
+</summary>
+<desc>
+<p>
+Make the specified type usable as a domain. This,
+or an interface that calls this interface, must be
+used on all types that are used as domains.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>application_domain()</li>
+<li>init_daemon_domain()</li>
+<li>init_domaion()</li>
+<li>init_ranged_daemon_domain()</li>
+<li>init_ranged_domain()</li>
+<li>init_ranged_system_domain()</li>
+<li>init_script_domain()</li>
+<li>init_system_domain()</li>
+</ul>
+<p>
+Example:
+</p>
+<p>
+type mydomain_t;
+domain_type(mydomain_t)
+type myfile_t;
+files_type(myfile_t)
+allow mydomain_t myfile_t:file read_file_perms;
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used as a domain type.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="domain_entry_file" lineno="125">
+<summary>
+Make the specified type usable as
+an entry point for the domain.
+</summary>
+<param name="domain">
+<summary>
+Domain to be entered.
+</summary>
+</param>
+<param name="type">
+<summary>
+Type of program used for entering
+the domain.
+</summary>
+</param>
+</interface>
+<interface name="domain_interactive_fd" lineno="149">
+<summary>
+Make the file descriptors of the specified
+domain for interactive use (widely inheritable)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dyntrans_type" lineno="178">
+<summary>
+Allow the specified domain to perform
+dynamic transitions.
+</summary>
+<desc>
+<p>
+Allow the specified domain to perform
+dynamic transitions.
+</p>
+<p>
+This violates process tranquility, and it
+is strongly suggested that this not be used.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_system_change_exemption" lineno="198">
+<summary>
+Makes caller and execption to the constraint
+preventing changing to the system user
+identity and system role.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_subj_id_change_exemption" lineno="217">
+<summary>
+Makes caller an exception to the constraint preventing
+changing of user identity.
+</summary>
+<param name="domain">
+<summary>
+The process type to make an exception to the constraint.
+</summary>
+</param>
+</interface>
+<interface name="domain_role_change_exemption" lineno="236">
+<summary>
+Makes caller an exception to the constraint preventing
+changing of role.
+</summary>
+<param name="domain">
+<summary>
+The process type to make an exception to the constraint.
+</summary>
+</param>
+</interface>
+<interface name="domain_obj_id_change_exemption" lineno="256">
+<summary>
+Makes caller an exception to the constraint preventing
+changing the user identity in object contexts.
+</summary>
+<param name="domain">
+<summary>
+The process type to make an exception to the constraint.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_user_exemption_target" lineno="291">
+<summary>
+Make the specified domain the target of
+the user domain exception of the
+SELinux role and identity change
+constraints.
+</summary>
+<desc>
+<p>
+Make the specified domain the target of
+the user domain exception of the
+SELinux role and identity change
+constraints.
+</p>
+<p>
+This interface is needed to decouple
+the user domains from the base module.
+It should not be used other than on
+user domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+</interface>
+<interface name="domain_cron_exemption_source" lineno="326">
+<summary>
+Make the specified domain the source of
+the cron domain exception of the
+SELinux role and identity change
+constraints.
+</summary>
+<desc>
+<p>
+Make the specified domain the source of
+the cron domain exception of the
+SELinux role and identity change
+constraints.
+</p>
+<p>
+This interface is needed to decouple
+the cron domains from the base module.
+It should not be used other than on
+cron domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+</interface>
+<interface name="domain_cron_exemption_target" lineno="361">
+<summary>
+Make the specified domain the target of
+the cron domain exception of the
+SELinux role and identity change
+constraints.
+</summary>
+<desc>
+<p>
+Make the specified domain the target of
+the cron domain exception of the
+SELinux role and identity change
+constraints.
+</p>
+<p>
+This interface is needed to decouple
+the cron domains from the base module.
+It should not be used other than on
+user cron jobs.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+</interface>
+<interface name="domain_use_interactive_fds" lineno="389">
+<summary>
+Inherit and use file descriptors from
+domains with interactive programs.
+</summary>
+<desc>
+<p>
+Allow the specified domain to inherit and use file
+descriptors from domains with interactive programs.
+This does not allow access to the objects being referenced
+by the file descriptors.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="1"/>
+</interface>
+<interface name="domain_dontaudit_use_interactive_fds" lineno="409">
+<summary>
+Do not audit attempts to inherit file
+descriptors from domains with interactive
+programs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_sigchld_interactive_fds" lineno="429">
+<summary>
+Send a SIGCHLD signal to domains whose file
+discriptors are widely inheritable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_setpriority_all_domains" lineno="448">
+<summary>
+Set the nice level of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_signal_all_domains" lineno="467">
+<summary>
+Send general signals to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_dontaudit_signal_all_domains" lineno="487">
+<summary>
+Do not audit attempts to send general
+signals to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_signull_all_domains" lineno="506">
+<summary>
+Send a null signal to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_sigstop_all_domains" lineno="525">
+<summary>
+Send a stop signal to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_sigchld_all_domains" lineno="544">
+<summary>
+Send a child terminated signal to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_kill_all_domains" lineno="563">
+<summary>
+Send a kill signal to all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_search_all_domains_state" lineno="582">
+<summary>
+Search the process state directory (/proc/pid) of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_search_all_domains_state" lineno="602">
+<summary>
+Do not audit attempts to search the process
+state directory (/proc/pid) of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_read_all_domains_state" lineno="621">
+<summary>
+Read the process state (/proc/pid) of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_getattr_all_domains" lineno="643">
+<summary>
+Get the attributes of all domains of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_dontaudit_getattr_all_domains" lineno="662">
+<summary>
+Do not audit attempts to get the attributes
+of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_read_confined_domains_state" lineno="681">
+<summary>
+Read the process state (/proc/pid) of all confined domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_getattr_confined_domains" lineno="707">
+<summary>
+Get the attributes of all confined domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_ptrace_all_domains" lineno="726">
+<summary>
+Ptrace all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_dontaudit_ptrace_all_domains" lineno="755">
+<summary>
+Do not audit attempts to ptrace all domains.
+</summary>
+<desc>
+<p>
+Do not audit attempts to ptrace all domains.
+</p>
+<p>
+Generally this needs to be suppressed because procps tries to access
+/proc/pid/environ and this now triggers a ptrace check in recent kernels
+(2.4 and 2.6).
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_ptrace_confined_domains" lineno="783">
+<summary>
+Do not audit attempts to ptrace confined domains.
+</summary>
+<desc>
+<p>
+Do not audit attempts to ptrace confined domains.
+</p>
+<p>
+Generally this needs to be suppressed because procps tries to access
+/proc/pid/environ and this now triggers a ptrace check in recent kernels
+(2.4 and 2.6).
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_read_all_domains_state" lineno="802">
+<summary>
+Do not audit attempts to read the process
+state (/proc/pid) of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_list_all_domains_state" lineno="827">
+<summary>
+Do not audit attempts to read the process state
+directories of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_getsession_all_domains" lineno="845">
+<summary>
+Get the session ID of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getsession_all_domains" lineno="864">
+<summary>
+Do not audit attempts to get the
+session ID of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_getpgid_all_domains" lineno="882">
+<summary>
+Get the process group ID of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_getsched_all_domains" lineno="900">
+<summary>
+Get the scheduler information of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_getcap_all_domains" lineno="918">
+<summary>
+Get the capability information of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_getattr_all_sockets" lineno="947">
+<summary>
+Get the attributes of all domains
+sockets, for all socket types.
+</summary>
+<desc>
+<p>
+Get the attributes of all domains
+sockets, for all socket types.
+</p>
+<p>
+This is commonly used for domains
+that can use lsof on all domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_sockets" lineno="976">
+<summary>
+Do not audit attempts to get the attributes
+of all domains sockets, for all socket types.
+</summary>
+<desc>
+<p>
+Do not audit attempts to get the attributes
+of all domains sockets, for all socket types.
+</p>
+<p>
+This interface was added for PCMCIA cardmgr
+and is probably excessive.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_tcp_sockets" lineno="995">
+<summary>
+Do not audit attempts to get the attributes
+of all domains TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_udp_sockets" lineno="1014">
+<summary>
+Do not audit attempts to get the attributes
+of all domains UDP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_rw_all_udp_sockets" lineno="1033">
+<summary>
+Do not audit attempts to read or write
+all domains UDP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_key_sockets" lineno="1052">
+<summary>
+Do not audit attempts to get attribues of
+all domains IPSEC key management sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_packet_sockets" lineno="1071">
+<summary>
+Do not audit attempts to get attribues of
+all domains packet sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_raw_sockets" lineno="1090">
+<summary>
+Do not audit attempts to get attribues of
+all domains raw sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_rw_all_key_sockets" lineno="1109">
+<summary>
+Do not audit attempts to read or write
+all domains key sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_dgram_sockets" lineno="1128">
+<summary>
+Do not audit attempts to get the attributes
+of all domains unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_getattr_all_stream_sockets" lineno="1147">
+<summary>
+Get the attributes
+of all domains unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_stream_sockets" lineno="1166">
+<summary>
+Do not audit attempts to get the attributes
+of all domains unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_getattr_all_pipes" lineno="1195">
+<summary>
+Get the attributes of all domains
+unnamed pipes.
+</summary>
+<desc>
+<p>
+Get the attributes of all domains
+unnamed pipes.
+</p>
+<p>
+This is commonly used for domains
+that can use lsof on all domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_pipes" lineno="1214">
+<summary>
+Do not audit attempts to get the attributes
+of all domains unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_ipsec_setcontext_all_domains" lineno="1233">
+<summary>
+Allow specified type to set context of all
+domains IPSEC associations.
+</summary>
+<param name="type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_getattr_all_entry_files" lineno="1252">
+<summary>
+Get the attributes of entry point
+files for all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_dontaudit_getattr_all_entry_files" lineno="1272">
+<summary>
+Do not audit attempts to get the attributes
+of all entry point files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_read_all_entry_files" lineno="1290">
+<summary>
+Read the entry point files for all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_exec_all_entry_files" lineno="1311">
+<summary>
+Execute the entry point files for all
+domains in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="domain_dontaudit_exec_all_entry_files" lineno="1329">
+<summary>
+dontaudit checking for execute on all entry point files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="domain_manage_all_entry_files" lineno="1349">
+<summary>
+Create, read, write, and delete all
+entrypoint files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_relabel_all_entry_files" lineno="1369">
+<summary>
+Relabel to and from all entry point
+file types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_mmap_all_entry_files" lineno="1388">
+<summary>
+Mmap all entry point files as executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_entry_file_spec_domtrans" lineno="1412">
+<summary>
+Execute an entry_type in the specified domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="domain_mmap_low" lineno="1434">
+<summary>
+Ability to mmap a low area of the address
+space conditionally, as configured by
+/proc/sys/kernel/mmap_min_addr.
+Preventing such mappings helps protect against
+exploiting null deref bugs in the kernel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_mmap_low_uncond" lineno="1461">
+<summary>
+Ability to mmap a low area of the address
+space unconditionally, as configured
+by /proc/sys/kernel/mmap_min_addr.
+Preventing such mappings helps protect against
+exploiting null deref bugs in the kernel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_all_recvfrom_all_domains" lineno="1483">
+<summary>
+Allow specified type to receive labeled
+networking packets from all domains, over
+all protocols (TCP, UDP, etc)
+</summary>
+<param name="type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_unconfined_signal" lineno="1501">
+<summary>
+Send generic signals to the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="domain_unconfined" lineno="1519">
+<summary>
+Unconfined access to domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="mmap_low_allowed" dftval="false">
+<desc>
+<p>
+Control the ability to mmap a low area of the address space,
+as configured by /proc/sys/kernel/mmap_min_addr.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="files" filename="policy/modules/kernel/files.if">
+<summary>
+Basic filesystem types and interfaces.
+</summary>
+<desc>
+<p>
+This module contains basic filesystem types and interfaces. This
+includes:
+<ul>
+<li>The concept of different file types including basic
+files, mount points, tmp files, etc.</li>
+<li>Access to groups of files and all files.</li>
+<li>Types and interfaces for the basic filesystem layout
+(/, /etc, /tmp, /usr, etc.).</li>
+</ul>
+</p>
+</desc>
+<required val="true">
+Contains the concept of a file.
+Comains the file initial SID.
+</required>
+<interface name="files_type" lineno="79">
+<summary>
+Make the specified type usable for files
+in a filesystem.
+</summary>
+<desc>
+<p>
+Make the specified type usable for files
+in a filesystem. Types used for files that
+do not use this interface, or an interface that
+calls this one, will have unexpected behaviors
+while the system is running. If the type is used
+for device nodes (character or block files), then
+the dev_node() interface is more appropriate.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>application_domain()</li>
+<li>application_executable_file()</li>
+<li>corecmd_executable_file()</li>
+<li>init_daemon_domain()</li>
+<li>init_domaion()</li>
+<li>init_ranged_daemon_domain()</li>
+<li>init_ranged_domain()</li>
+<li>init_ranged_system_domain()</li>
+<li>init_script_file()</li>
+<li>init_script_domain()</li>
+<li>init_system_domain()</li>
+<li>files_config_files()</li>
+<li>files_lock_file()</li>
+<li>files_mountpoint()</li>
+<li>files_pid_file()</li>
+<li>files_security_file()</li>
+<li>files_security_mountpoint()</li>
+<li>files_tmp_file()</li>
+<li>files_tmpfs_file()</li>
+<li>logging_log_file()</li>
+<li>userdom_user_home_content()</li>
+</ul>
+<p>
+Example:
+</p>
+<p>
+type myfile_t;
+files_type(myfile_t)
+allow mydomain_t myfile_t:file read_file_perms;
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="files_security_file" lineno="100">
+<summary>
+Make the specified type a file that
+should not be dontaudited from
+browsing from user domains.
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+member directory.
+</summary>
+</param>
+</interface>
+<interface name="files_lock_file" lineno="119">
+<summary>
+Make the specified type usable for
+lock files.
+</summary>
+<param name="type">
+<summary>
+Type to be used for lock files.
+</summary>
+</param>
+</interface>
+<interface name="files_mountpoint" lineno="139">
+<summary>
+Make the specified type usable for
+filesystem mount points.
+</summary>
+<param name="type">
+<summary>
+Type to be used for mount points.
+</summary>
+</param>
+</interface>
+<interface name="files_security_mountpoint" lineno="159">
+<summary>
+Make the specified type usable for
+security file filesystem mount points.
+</summary>
+<param name="type">
+<summary>
+Type to be used for mount points.
+</summary>
+</param>
+</interface>
+<interface name="files_pid_file" lineno="207">
+<summary>
+Make the specified type usable for
+runtime process ID files.
+</summary>
+<desc>
+<p>
+Make the specified type usable for runtime process ID files,
+typically found in /var/run.
+This will also make the type usable for files, making
+calls to files_type() redundant. Failure to use this interface
+for a PID file type may result in problems with starting
+or stopping services.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_pid_filetrans()</li>
+</ul>
+<p>
+Example usage with a domain that can create and
+write its PID file with a private PID file type in the
+/var/run directory:
+</p>
+<p>
+type mypidfile_t;
+files_pid_file(mypidfile_t)
+allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
+files_pid_filetrans(mydomain_t, mypidfile_t, file)
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used for PID files.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="files_config_file" lineno="247">
+<summary>
+Make the specified type a
+configuration file.
+</summary>
+<desc>
+<p>
+Make the specified type usable for configuration files.
+This will also make the type usable for files, making
+calls to files_type() redundant. Failure to use this interface
+for a temporary file may result in problems with
+configuration management tools.
+</p>
+<p>
+Example usage with a domain that can read
+its configuration file /etc:
+</p>
+<p>
+type myconffile_t;
+files_config_file(myconffile_t)
+allow mydomain_t myconffile_t:file read_file_perms;
+files_search_etc(mydomain_t)
+</p>
+</desc>
+<param name="file_type">
+<summary>
+Type to be used as a configuration file.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="files_poly" lineno="267">
+<summary>
+Make the specified type a
+polyinstantiated directory.
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+polyinstantiated directory.
+</summary>
+</param>
+</interface>
+<interface name="files_poly_parent" lineno="288">
+<summary>
+Make the specified type a parent
+of a polyinstantiated directory.
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+parent directory.
+</summary>
+</param>
+</interface>
+<interface name="files_poly_member" lineno="309">
+<summary>
+Make the specified type a
+polyinstantiation member directory.
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+member directory.
+</summary>
+</param>
+</interface>
+<interface name="files_poly_member_tmp" lineno="336">
+<summary>
+Make the domain use the specified
+type of polyinstantiated directory.
+</summary>
+<param name="domain">
+<summary>
+Domain using the polyinstantiated
+directory.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+member directory.
+</summary>
+</param>
+</interface>
+<interface name="files_tmp_file" lineno="383">
+<summary>
+Make the specified type a file
+used for temporary files.
+</summary>
+<desc>
+<p>
+Make the specified type usable for temporary files.
+This will also make the type usable for files, making
+calls to files_type() redundant. Failure to use this interface
+for a temporary file may result in problems with
+purging temporary files.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_tmp_filetrans()</li>
+</ul>
+<p>
+Example usage with a domain that can create and
+write its temporary file in the system temporary file
+directories (/tmp or /var/tmp):
+</p>
+<p>
+type mytmpfile_t;
+files_tmp_file(mytmpfile_t)
+allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
+files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
+</p>
+</desc>
+<param name="file_type">
+<summary>
+Type of the file to be used as a
+temporary file.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="files_tmpfs_file" lineno="405">
+<summary>
+Transform the type into a file, for use on a
+virtual memory filesystem (tmpfs).
+</summary>
+<param name="type">
+<summary>
+The type to be transformed.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_dirs" lineno="424">
+<summary>
+Get the attributes of all directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_dirs" lineno="443">
+<summary>
+Do not audit attempts to get the attributes
+of all directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_non_security" lineno="461">
+<summary>
+List all non-security directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_non_security" lineno="480">
+<summary>
+Do not audit attempts to list all
+non-security directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_non_security" lineno="499">
+<summary>
+Mount a filesystem on all non-security
+directories and files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_write_non_security_dirs" lineno="518">
+<summary>
+Allow attempts to modify any directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_non_security_dirs" lineno="536">
+<summary>
+Allow attempts to manage non-security directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_files" lineno="554">
+<summary>
+Get the attributes of all files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_files" lineno="574">
+<summary>
+Do not audit attempts to get the attributes
+of all files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_files" lineno="593">
+<summary>
+Do not audit attempts to get the attributes
+of non security files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_files" lineno="611">
+<summary>
+Read all files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_execmod_all_files" lineno="642">
+<summary>
+Allow shared library text relocations in all files.
+</summary>
+<desc>
+<p>
+Allow shared library text relocations in all files.
+</p>
+<p>
+This is added to support WINE policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_non_security_files" lineno="661">
+<summary>
+Read all non-security files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_all_dirs_except" lineno="687">
+<summary>
+Read all directories on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_files_except" lineno="712">
+<summary>
+Read all files on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_symlinks_except" lineno="737">
+<summary>
+Read all symbolic links on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_symlinks" lineno="755">
+<summary>
+Get the attributes of all symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_symlinks" lineno="774">
+<summary>
+Do not audit attempts to get the attributes
+of all symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_read_all_symlinks" lineno="792">
+<summary>
+Do not audit attempts to read all symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="811">
+<summary>
+Do not audit attempts to get the attributes
+of non security symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="830">
+<summary>
+Do not audit attempts to get the attributes
+of non security block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="849">
+<summary>
+Do not audit attempts to get the attributes
+of non security character devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_symlinks" lineno="868">
+<summary>
+Read all symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_getattr_all_pipes" lineno="887">
+<summary>
+Get the attributes of all named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_pipes" lineno="907">
+<summary>
+Do not audit attempts to get the attributes
+of all named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_pipes" lineno="926">
+<summary>
+Do not audit attempts to get the attributes
+of non security named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_sockets" lineno="944">
+<summary>
+Get the attributes of all named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_sockets" lineno="964">
+<summary>
+Do not audit attempts to get the attributes
+of all named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_non_security_sockets" lineno="983">
+<summary>
+Do not audit attempts to get the attributes
+of non security named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_blk_files" lineno="1001">
+<summary>
+Read all block nodes with file types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_chr_files" lineno="1019">
+<summary>
+Read all character nodes with file types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_files" lineno="1045">
+<summary>
+Relabel all files on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_rw_all_files" lineno="1083">
+<summary>
+rw all files on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_all_files" lineno="1109">
+<summary>
+Manage all files on the filesystem, except
+the listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_search_all" lineno="1136">
+<summary>
+Search the contents of all directories on
+extended attribute filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_all" lineno="1155">
+<summary>
+List the contents of all directories on
+extended attribute filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_all_dirs" lineno="1175">
+<summary>
+Do not audit attempts to search the
+contents of any directories on extended
+attribute filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_file_type_fs" lineno="1198">
+<summary>
+Get the attributes of all filesystems
+with the type of a file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabelto_all_file_type_fs" lineno="1216">
+<summary>
+Relabel a filesystem to the type of a file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_file_type_fs" lineno="1234">
+<summary>
+Relabel a filesystem to the type of a file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mount_all_file_type_fs" lineno="1252">
+<summary>
+Mount all filesystems with the type of a file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_unmount_all_file_type_fs" lineno="1270">
+<summary>
+Unmount all filesystems with the type of a file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_config_dirs" lineno="1289">
+<summary>
+Manage all configuration directories on filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_relabel_config_dirs" lineno="1308">
+<summary>
+Relabel configuration directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_read_config_files" lineno="1326">
+<summary>
+Read config files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_config_files" lineno="1347">
+<summary>
+Manage all configuration files on filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_relabel_config_files" lineno="1366">
+<summary>
+Relabel configuration files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_mounton_all_mountpoints" lineno="1384">
+<summary>
+Mount a filesystem on all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_mountpoints" lineno="1403">
+<summary>
+Get the attributes of all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_all_mountpoints" lineno="1421">
+<summary>
+Set the attributes of all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_all_mountpoints" lineno="1439">
+<summary>
+Search all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_all_mountpoints" lineno="1457">
+<summary>
+Do not audit searching of all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_all_mountpoints" lineno="1475">
+<summary>
+Do not audit listing of all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_root" lineno="1493">
+<summary>
+List the contents of the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_root_dirs" lineno="1512">
+<summary>
+Do not audit attempts to write to / dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_rw_root_dir" lineno="1531">
+<summary>
+Do not audit attempts to write
+files in the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_root_filetrans" lineno="1560">
+<summary>
+Create an object in the root directory, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_read_root_files" lineno="1579">
+<summary>
+Do not audit attempts to read files in
+the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_rw_root_files" lineno="1598">
+<summary>
+Do not audit attempts to read or write
+files in the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_rw_root_chr_files" lineno="1617">
+<summary>
+Do not audit attempts to read or write
+character device nodes in the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_root_files" lineno="1635">
+<summary>
+Delete files in the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_root_dir_entry" lineno="1653">
+<summary>
+Remove entries from the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_unmount_rootfs" lineno="1671">
+<summary>
+Unmount a rootfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_boot_dirs" lineno="1689">
+<summary>
+Get attributes of the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_boot_dirs" lineno="1708">
+<summary>
+Do not audit attempts to get attributes
+of the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_search_boot" lineno="1726">
+<summary>
+Search the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_boot" lineno="1744">
+<summary>
+Do not audit attempts to search the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_boot" lineno="1762">
+<summary>
+List the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_boot" lineno="1780">
+<summary>
+Do not audit attempts to list the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_boot_dirs" lineno="1798">
+<summary>
+Create directories in /boot
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_boot_dirs" lineno="1817">
+<summary>
+Create, read, write, and delete
+directories in /boot.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_boot_filetrans" lineno="1846">
+<summary>
+Create a private type object in boot
+with an automatic type transition
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_read_boot_files" lineno="1865">
+<summary>
+read files in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_boot_files" lineno="1885">
+<summary>
+Create, read, write, and delete files
+in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_relabelfrom_boot_files" lineno="1903">
+<summary>
+Relabel from files in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_boot_symlinks" lineno="1921">
+<summary>
+Read symbolic links in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_boot_symlinks" lineno="1940">
+<summary>
+Read and write symbolic links
+in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_boot_symlinks" lineno="1960">
+<summary>
+Create, read, write, and delete symbolic links
+in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_kernel_img" lineno="1978">
+<summary>
+Read kernel files in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_kernel_img" lineno="1999">
+<summary>
+Install a kernel into the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_delete_kernel" lineno="2019">
+<summary>
+Delete a kernel from /boot.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_getattr_default_dirs" lineno="2037">
+<summary>
+Getattr of directories with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_default_dirs" lineno="2056">
+<summary>
+Do not audit attempts to get the attributes of
+directories with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_search_default" lineno="2074">
+<summary>
+Search the contents of directories with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_default" lineno="2092">
+<summary>
+List contents of directories with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_default" lineno="2111">
+<summary>
+Do not audit attempts to list contents of
+directories with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_default_dirs" lineno="2130">
+<summary>
+Create, read, write, and delete directories with
+the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_default" lineno="2148">
+<summary>
+Mount a filesystem on a directory with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_default_files" lineno="2167">
+<summary>
+Do not audit attempts to get the attributes of
+files with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_default_files" lineno="2185">
+<summary>
+Read files with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_read_default_files" lineno="2204">
+<summary>
+Do not audit attempts to read files
+with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_default_files" lineno="2223">
+<summary>
+Create, read, write, and delete files with
+the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_default_symlinks" lineno="2241">
+<summary>
+Read symbolic links with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_default_sockets" lineno="2259">
+<summary>
+Read sockets with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_default_pipes" lineno="2277">
+<summary>
+Read named pipes with the default file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_etc" lineno="2295">
+<summary>
+Search the contents of /etc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_etc_dirs" lineno="2313">
+<summary>
+Set the attributes of the /etc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_etc" lineno="2331">
+<summary>
+List the contents of /etc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_etc_dirs" lineno="2349">
+<summary>
+Do not audit attempts to write to /etc dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_etc_dirs" lineno="2367">
+<summary>
+Add and remove entries from /etc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_etc_dirs" lineno="2386">
+<summary>
+Manage generic directories in /etc
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+
+</interface>
+<interface name="files_read_etc_files" lineno="2438">
+<summary>
+Read generic files in /etc.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read generic
+files in /etc. These files are typically
+general system configuration files that do
+not have more specific SELinux types. Some
+examples of these files are:
+</p>
+<ul>
+<li>/etc/fstab</li>
+<li>/etc/passwd</li>
+<li>/etc/services</li>
+<li>/etc/shells</li>
+</ul>
+<p>
+This interface does not include access to /etc/shadow.
+</p>
+<p>
+Generally, it is safe for many domains to have
+this access. However, since this interface provides
+access to the /etc/passwd file, caution must be
+exercised, as user account names can be leaked
+through this access.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>auth_read_shadow()</li>
+<li>files_read_etc_runtime_files()</li>
+<li>seutil_read_config()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="files_dontaudit_write_etc_files" lineno="2458">
+<summary>
+Do not audit attempts to write generic files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_etc_files" lineno="2477">
+<summary>
+Read and write generic files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_etc_files" lineno="2499">
+<summary>
+Create, read, write, and delete generic
+files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_delete_etc_files" lineno="2518">
+<summary>
+Delete system configuration files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_exec_etc_files" lineno="2536">
+<summary>
+Execute generic files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_etc_files" lineno="2556">
+<summary>
+Relabel from and to generic files in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_etc_symlinks" lineno="2575">
+<summary>
+Read symbolic links in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_etc_symlinks" lineno="2593">
+<summary>
+Create, read, write, and delete symbolic links in /etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_etc_filetrans" lineno="2622">
+<summary>
+Create objects in /etc with a private
+type using a type_transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="class">
+<summary>
+Object classes to be created.
+</summary>
+</param>
+</interface>
+<interface name="files_create_boot_flag" lineno="2647">
+<summary>
+Create a boot flag.
+</summary>
+<desc>
+<p>
+Create a boot flag, such as
+/.autorelabel and /.autofsck.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_delete_boot_flag" lineno="2673">
+<summary>
+Delete a boot flag.
+</summary>
+<desc>
+<p>
+Delete a boot flag, such as
+/.autorelabel and /.autofsck.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="2691">
+<summary>
+Do not audit attempts to set the attributes of the etc_runtime files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_etc_runtime_files" lineno="2729">
+<summary>
+Read files in /etc that are dynamically
+created on boot, such as mtab.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read dynamically created
+configuration files in /etc. These files are typically
+general system configuration files that do
+not have more specific SELinux types. Some
+examples of these files are:
+</p>
+<ul>
+<li>/etc/motd</li>
+<li>/etc/mtab</li>
+<li>/etc/nologin</li>
+</ul>
+<p>
+This interface does not include access to /etc/shadow.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10" />
+<rolecap/>
+</interface>
+<interface name="files_dontaudit_read_etc_runtime_files" lineno="2751">
+<summary>
+Do not audit attempts to read files
+in /etc that are dynamically
+created on boot, such as mtab.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_etc_runtime_files" lineno="2771">
+<summary>
+Read and write files in /etc that are dynamically
+created on boot, such as mtab.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_etc_runtime_files" lineno="2793">
+<summary>
+Create, read, write, and delete files in
+/etc that are dynamically created on boot,
+such as mtab.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_etc_filetrans_etc_runtime" lineno="2817">
+<summary>
+Create, etc runtime objects with an automatic
+type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object">
+<summary>
+The class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_isid_type_dirs" lineno="2836">
+<summary>
+Getattr of directories on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_isid_type_dirs" lineno="2855">
+<summary>
+Do not audit attempts to search directories on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_isid_type_dirs" lineno="2874">
+<summary>
+List the contents of directories on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_isid_type_dirs" lineno="2893">
+<summary>
+Read and write directories on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_dirs" lineno="2912">
+<summary>
+Delete directories on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_isid_type_dirs" lineno="2931">
+<summary>
+Create, read, write, and delete directories
+on new filesystems that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_isid_type_dirs" lineno="2950">
+<summary>
+Mount a filesystem on a directory on new filesystems
+that has not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_isid_type_files" lineno="2969">
+<summary>
+Read files on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_files" lineno="2988">
+<summary>
+Delete files on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_symlinks" lineno="3007">
+<summary>
+Delete symbolic links on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_fifo_files" lineno="3026">
+<summary>
+Delete named pipes on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_sock_files" lineno="3045">
+<summary>
+Delete named sockets on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_blk_files" lineno="3064">
+<summary>
+Delete block files on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_isid_chr_files" lineno="3083">
+<summary>
+Do not audit attempts to write to character
+files that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_isid_type_chr_files" lineno="3102">
+<summary>
+Delete chr files on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_isid_type_files" lineno="3121">
+<summary>
+Create, read, write, and delete files
+on new filesystems that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_isid_type_symlinks" lineno="3140">
+<summary>
+Create, read, write, and delete symbolic links
+on new filesystems that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_isid_type_blk_files" lineno="3159">
+<summary>
+Read and write block device nodes on new filesystems
+that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_isid_type_blk_files" lineno="3178">
+<summary>
+Create, read, write, and delete block device nodes
+on new filesystems that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_isid_type_chr_files" lineno="3197">
+<summary>
+Create, read, write, and delete character device nodes
+on new filesystems that have not yet been labeled.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_home_dir" lineno="3216">
+<summary>
+Get the attributes of the home directories root
+(/home).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_home_dir" lineno="3237">
+<summary>
+Do not audit attempts to get the
+attributes of the home directories root
+(/home).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_search_home" lineno="3256">
+<summary>
+Search home directories root (/home).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_home" lineno="3276">
+<summary>
+Do not audit attempts to search
+home directories root (/home).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_home" lineno="3296">
+<summary>
+Do not audit attempts to list
+home directories root (/home).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_home" lineno="3315">
+<summary>
+Get listing of home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabelto_home" lineno="3334">
+<summary>
+Relabel to user home root (/home).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_home_filetrans" lineno="3362">
+<summary>
+Create objects in /home.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="home_type">
+<summary>
+The private type.
+</summary>
+</param>
+<param name="object">
+<summary>
+The class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_lost_found_dirs" lineno="3380">
+<summary>
+Get the attributes of lost+found directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="3399">
+<summary>
+Do not audit attempts to get the attributes of
+lost+found directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_lost_found" lineno="3417">
+<summary>
+List the contents of lost+found directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_lost_found" lineno="3437">
+<summary>
+Create, read, write, and delete objects in
+lost+found directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_search_mnt" lineno="3459">
+<summary>
+Search the contents of /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_mnt" lineno="3477">
+<summary>
+Do not audit attempts to search /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_mnt" lineno="3495">
+<summary>
+List the contents of /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_mnt" lineno="3513">
+<summary>
+Do not audit attempts to list the contents of /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_mnt" lineno="3531">
+<summary>
+Mount a filesystem on /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_mnt_dirs" lineno="3550">
+<summary>
+Create, read, write, and delete directories in /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_mnt_files" lineno="3568">
+<summary>
+Create, read, write, and delete files in /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_mnt_files" lineno="3586">
+<summary>
+read files in /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_mnt_symlinks" lineno="3604">
+<summary>
+Read symbolic links in /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_mnt_symlinks" lineno="3622">
+<summary>
+Create, read, write, and delete symbolic links in /mnt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_kernel_modules" lineno="3640">
+<summary>
+Search the contents of the kernel module directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_kernel_modules" lineno="3659">
+<summary>
+List the contents of the kernel module directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_kernel_modules" lineno="3677">
+<summary>
+Get the attributes of kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_kernel_modules" lineno="3695">
+<summary>
+Read kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_write_kernel_modules" lineno="3715">
+<summary>
+Write kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_kernel_modules" lineno="3734">
+<summary>
+Delete kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_kernel_modules" lineno="3754">
+<summary>
+Create, read, write, and delete
+kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_relabel_kernel_modules" lineno="3772">
+<summary>
+Relabel from and to kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_kernel_modules_filetrans" lineno="3802">
+<summary>
+Create objects in the kernel module directories
+with a private type via an automatic type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_list_world_readable" lineno="3821">
+<summary>
+List world-readable directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_world_readable_files" lineno="3840">
+<summary>
+Read world-readable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_world_readable_symlinks" lineno="3859">
+<summary>
+Read world-readable symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_world_readable_pipes" lineno="3877">
+<summary>
+Read world-readable named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_world_readable_sockets" lineno="3895">
+<summary>
+Read world-readable sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_associate_tmp" lineno="3915">
+<summary>
+Allow the specified type to associate
+to a filesystem with the type of the
+temporary directory (/tmp).
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to associate.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_tmp_dirs" lineno="3933">
+<summary>
+Get the attributes of the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_tmp_dirs" lineno="3952">
+<summary>
+Do not audit attempts to get the
+attributes of the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_tmp" lineno="3970">
+<summary>
+Search the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_tmp" lineno="3988">
+<summary>
+Do not audit attempts to search the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_tmp" lineno="4006">
+<summary>
+Read the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_tmp" lineno="4024">
+<summary>
+Do not audit listing of the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_tmp_dir_entry" lineno="4042">
+<summary>
+Remove entries from the tmp directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_generic_tmp_files" lineno="4060">
+<summary>
+Read files in the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_generic_tmp_dirs" lineno="4078">
+<summary>
+Manage temporary directories in /tmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_generic_tmp_files" lineno="4096">
+<summary>
+Manage temporary files and directories in /tmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_generic_tmp_symlinks" lineno="4114">
+<summary>
+Read symbolic links in the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_generic_tmp_sockets" lineno="4132">
+<summary>
+Read and write generic named sockets in the tmp directory (/tmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_all_tmp_dirs" lineno="4150">
+<summary>
+Set the attributes of all tmp directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_all_tmp" lineno="4168">
+<summary>
+List all tmp directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_tmp_dirs" lineno="4188">
+<summary>
+Relabel to and from all temporary
+directory types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4209">
+<summary>
+Do not audit attempts to get the attributes
+of all tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_tmp_files" lineno="4228">
+<summary>
+Allow attempts to get the attributes
+of all tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_tmp_files" lineno="4248">
+<summary>
+Relabel to and from all temporary
+file types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="4269">
+<summary>
+Do not audit attempts to get the attributes
+of all tmp sock_file.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_tmp_files" lineno="4287">
+<summary>
+Read all tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_tmp_filetrans" lineno="4316">
+<summary>
+Create an object in the tmp directories, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_purge_tmp" lineno="4334">
+<summary>
+Delete the contents of /tmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_usr_dirs" lineno="4357">
+<summary>
+Set the attributes of the /usr directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_usr" lineno="4375">
+<summary>
+Search the content of /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_usr" lineno="4394">
+<summary>
+List the contents of generic
+directories in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_usr_dirs" lineno="4412">
+<summary>
+Do not audit write of /usr dirs
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_usr_dirs" lineno="4430">
+<summary>
+Add and remove entries from /usr directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_rw_usr_dirs" lineno="4449">
+<summary>
+Do not audit attempts to add and remove
+entries from /usr directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_usr_dirs" lineno="4467">
+<summary>
+Delete generic directories in /usr in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_usr_files" lineno="4485">
+<summary>
+Delete generic files in /usr in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_usr_files" lineno="4503">
+<summary>
+Get the attributes of files in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_usr_files" lineno="4539">
+<summary>
+Read generic files in /usr.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read generic
+files in /usr. These files are various program
+files that do not have more specific SELinux types.
+Some examples of these files are:
+</p>
+<ul>
+<li>/usr/include/*</li>
+<li>/usr/share/doc/*</li>
+<li>/usr/share/info/*</li>
+</ul>
+<p>
+Generally, it is safe for many domains to have
+this access.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="files_exec_usr_files" lineno="4559">
+<summary>
+Execute generic programs in /usr in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_usr_files" lineno="4579">
+<summary>
+dontaudit write of /usr files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_usr_files" lineno="4597">
+<summary>
+Create, read, write, and delete files in the /usr directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabelto_usr_files" lineno="4615">
+<summary>
+Relabel a file to the type used in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabelfrom_usr_files" lineno="4633">
+<summary>
+Relabel a file from the type used in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_usr_symlinks" lineno="4651">
+<summary>
+Read symbolic links in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_usr_filetrans" lineno="4679">
+<summary>
+Create objects in the /usr directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_src" lineno="4697">
+<summary>
+Do not audit attempts to search /usr/src.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_usr_src_files" lineno="4715">
+<summary>
+Get the attributes of files in /usr/src.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_usr_src_files" lineno="4736">
+<summary>
+Read files in /usr/src.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_exec_usr_src_files" lineno="4757">
+<summary>
+Execute programs in /usr/src in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_kernel_symbol_table" lineno="4777">
+<summary>
+Install a system.map into the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_kernel_symbol_table" lineno="4796">
+<summary>
+Read system.map in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_kernel_symbol_table" lineno="4815">
+<summary>
+Delete a system.map in the /boot directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_var" lineno="4834">
+<summary>
+Search the contents of /var.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_var_dirs" lineno="4852">
+<summary>
+Do not audit attempts to write to /var.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_write_var_dirs" lineno="4870">
+<summary>
+Allow attempts to write to /var.dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_var" lineno="4889">
+<summary>
+Do not audit attempts to search
+the contents of /var.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_var" lineno="4907">
+<summary>
+List the contents of /var.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_var_dirs" lineno="4926">
+<summary>
+Create, read, write, and delete directories
+in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_var_files" lineno="4944">
+<summary>
+Read files in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_append_var_files" lineno="4962">
+<summary>
+Append files in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_var_files" lineno="4980">
+<summary>
+Read and write files in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_rw_var_files" lineno="4999">
+<summary>
+Do not audit attempts to read and write
+files in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_var_files" lineno="5017">
+<summary>
+Create, read, write, and delete files in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_var_symlinks" lineno="5035">
+<summary>
+Read symbolic links in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_var_symlinks" lineno="5054">
+<summary>
+Create, read, write, and delete symbolic
+links in the /var directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_var_filetrans" lineno="5082">
+<summary>
+Create objects in the /var directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_var_lib_dirs" lineno="5100">
+<summary>
+Get the attributes of the /var/lib directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_var_lib" lineno="5132">
+<summary>
+Search the /var/lib directory.
+</summary>
+<desc>
+<p>
+Search the /var/lib directory. This is
+necessary to access files or directories under
+/var/lib that have a private type. For example, a
+domain accessing a private library file in the
+/var/lib directory:
+</p>
+<p>
+allow mydomain_t mylibfile_t:file read_file_perms;
+files_search_var_lib(mydomain_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+</interface>
+<interface name="files_dontaudit_search_var_lib" lineno="5152">
+<summary>
+Do not audit attempts to search the
+contents of /var/lib.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+</interface>
+<interface name="files_list_var_lib" lineno="5170">
+<summary>
+List the contents of the /var/lib directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_var_lib_dirs" lineno="5188">
+<summary>
+Read-write /var/lib directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_var_lib_filetrans" lineno="5216">
+<summary>
+Create objects in the /var/lib directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+</interface>
+<interface name="files_read_var_lib_files" lineno="5235">
+<summary>
+Read generic files in /var/lib.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_var_lib_symlinks" lineno="5254">
+<summary>
+Read generic symbolic links in /var/lib
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_urandom_seed" lineno="5276">
+<summary>
+Create, read, write, and delete the
+pseudorandom number generator seed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_mounttab" lineno="5296">
+<summary>
+Allow domain to manage mount tables
+necessary for rpcd, nfsd, etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_locks" lineno="5315">
+<summary>
+Search the locks directory (/var/lock).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_locks" lineno="5335">
+<summary>
+Do not audit attempts to search the
+locks directory (/var/lock).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_locks" lineno="5354">
+<summary>
+List generic lock directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_lock_dirs" lineno="5374">
+<summary>
+Add and remove entries in the /var/lock
+directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_lock_dirs" lineno="5394">
+<summary>
+Relabel to and from all lock directory types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_getattr_generic_locks" lineno="5415">
+<summary>
+Get the attributes of generic lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_generic_locks" lineno="5436">
+<summary>
+Delete generic lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_generic_locks" lineno="5457">
+<summary>
+Create, read, write, and delete generic
+lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_all_locks" lineno="5478">
+<summary>
+Delete all lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_all_locks" lineno="5499">
+<summary>
+Read all lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_all_locks" lineno="5522">
+<summary>
+manage all lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_lock_filetrans" lineno="5556">
+<summary>
+Create an object in the locks directory, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_pid_dirs" lineno="5577">
+<summary>
+Do not audit attempts to get the attributes
+of the /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_pid_dirs" lineno="5596">
+<summary>
+Set the attributes of the /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_pids" lineno="5616">
+<summary>
+Search the contents of runtime process
+ID directories (/var/run).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_pids" lineno="5636">
+<summary>
+Do not audit attempts to search
+the /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_pids" lineno="5656">
+<summary>
+List the contents of the runtime process
+ID directories (/var/run).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_generic_pids" lineno="5675">
+<summary>
+Read generic process ID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_write_generic_pid_pipes" lineno="5695">
+<summary>
+Write named generic process ID pipes
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_pid_filetrans" lineno="5751">
+<summary>
+Create an object in the process ID directory, with a private type.
+</summary>
+<desc>
+<p>
+Create an object in the process ID directory (e.g., /var/run)
+with a private type. Typically this is used for creating
+private PID files in /var/run with the private type instead
+of the general PID file type. To accomplish this goal,
+either the program must be SELinux-aware, or use this interface.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_pid_file()</li>
+</ul>
+<p>
+Example usage with a domain that can create and
+write its PID file with a private PID file type in the
+/var/run directory:
+</p>
+<p>
+type mypidfile_t;
+files_pid_file(mypidfile_t)
+allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
+files_pid_filetrans(mydomain_t, mypidfile_t, file)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="files_rw_generic_pids" lineno="5771">
+<summary>
+Read and write generic process ID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_getattr_all_pids" lineno="5792">
+<summary>
+Do not audit attempts to get the attributes of
+daemon runtime data files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_all_pids" lineno="5812">
+<summary>
+Do not audit attempts to write to daemon runtime data files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_ioctl_all_pids" lineno="5831">
+<summary>
+Do not audit attempts to ioctl daemon runtime data files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_pids" lineno="5852">
+<summary>
+Read all process ID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_mounton_all_poly_members" lineno="5874">
+<summary>
+Mount filesystems on all polyinstantiation
+member directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_all_pids" lineno="5893">
+<summary>
+Delete all process IDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_delete_all_pid_dirs" lineno="5918">
+<summary>
+Delete all process ID directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_spool" lineno="5940">
+<summary>
+Search the contents of generic spool
+directories (/var/spool).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_spool" lineno="5959">
+<summary>
+Do not audit attempts to search generic
+spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_list_spool" lineno="5978">
+<summary>
+List the contents of generic spool
+(/var/spool) directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_generic_spool_dirs" lineno="5997">
+<summary>
+Create, read, write, and delete generic
+spool directories (/var/spool).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_generic_spool" lineno="6016">
+<summary>
+Read generic spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_generic_spool" lineno="6036">
+<summary>
+Create, read, write, and delete generic
+spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_spool_filetrans" lineno="6067">
+<summary>
+Create objects in the spool directory
+with a private type with a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file">
+<summary>
+Type to which the created node will be transitioned.
+</summary>
+</param>
+<param name="class">
+<summary>
+Object class(es) (single or set including {}) for which this
+the transition will occur.
+</summary>
+</param>
+</interface>
+<interface name="files_polyinstantiate_all" lineno="6087">
+<summary>
+Allow access to manage all polyinstantiated
+directories on the system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_unconfined" lineno="6141">
+<summary>
+Unconfined access to files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="filesystem" filename="policy/modules/kernel/filesystem.if">
+<summary>Policy for filesystems.</summary>
+<required val="true">
+Contains the initial SID for the filesystems.
+</required>
+<interface name="fs_type" lineno="16">
+<summary>
+Transform specified type into a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_noxattr_type" lineno="36">
+<summary>
+Transform specified type into a filesystem
+type which does not have extended attribute
+support.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate" lineno="59">
+<summary>
+Associate the specified file type to persistent
+filesystems with extended attributes. This
+allows a file of this type to be created on
+a filesystem such as ext3, JFS, and XFS.
+</summary>
+<param name="file_type">
+<summary>
+The type of the to be associated.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate_noxattr" lineno="81">
+<summary>
+Associate the specified file type to
+filesystems which lack extended attributes
+support. This allows a file of this type
+to be created on a filesystem such as
+FAT32, and NFS.
+</summary>
+<param name="file_type">
+<summary>
+The type of the to be associated.
+</summary>
+</param>
+</interface>
+<interface name="fs_exec_noxattr" lineno="101">
+<summary>
+Execute files on a filesystem that does
+not support extended attributes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_mount_xattr_fs" lineno="121">
+<summary>
+Mount a persistent filesystem which
+has extended attributes, such as
+ext3, JFS, or XFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_xattr_fs" lineno="142">
+<summary>
+Remount a persistent filesystem which
+has extended attributes, such as
+ext3, JFS, or XFS. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_xattr_fs" lineno="162">
+<summary>
+Unmount a persistent filesystem which
+has extended attributes, such as
+ext3, JFS, or XFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_xattr_fs" lineno="198">
+<summary>
+Get the attributes of persistent
+filesystems which have extended
+attributes, such as ext3, JFS, or XFS.
+</summary>
+<desc>
+<p>
+Allow the specified domain to
+get the attributes of a persistent
+filesystems which have extended
+attributes, such as ext3, JFS, or XFS.
+Example attributes:
+</p>
+<ul>
+<li>Type of the file system (e.g., ext3)</li>
+<li>Size of the file system</li>
+<li>Available space on the file system</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_getattr_xattr_fs" lineno="219">
+<summary>
+Do not audit attempts to
+get the attributes of a persistent
+filesystem which has extended
+attributes, such as ext3, JFS, or XFS.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabelfrom_xattr_fs" lineno="239">
+<summary>
+Allow changing of the label of a
+filesystem with extended attributes
+using the context= mount option.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_get_xattr_fs_quotas" lineno="259">
+<summary>
+Get the filesystem quotas of a filesystem
+with extended attributes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_set_xattr_fs_quotas" lineno="279">
+<summary>
+Set the filesystem quotas of a filesystem
+with extended attributes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_read_anon_inodefs_files" lineno="297">
+<summary>
+Read files on anon_inodefs file systems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_anon_inodefs_files" lineno="317">
+<summary>
+Read and write files on anon_inodefs
+file systems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="337">
+<summary>
+Do not audit attempts to read or write files on
+anon_inodefs file systems.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_autofs" lineno="356">
+<summary>
+Mount an automount pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_autofs" lineno="375">
+<summary>
+Remount an automount pseudo filesystem
+This allows some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_autofs" lineno="393">
+<summary>
+Unmount an automount pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_autofs" lineno="412">
+<summary>
+Get the attributes of an automount
+pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_auto_mountpoints" lineno="439">
+<summary>
+Search automount filesystem to use automatically
+mounted filesystems.
+</summary>
+<desc>
+Allow the specified domain to search mount points
+that have filesystems that are mounted by
+the automount service. Generally this will
+be required for any domain that accesses objects
+on these filesystems.
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+</interface>
+<interface name="fs_list_auto_mountpoints" lineno="459">
+<summary>
+Read directories of automatically
+mounted filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_list_auto_mountpoints" lineno="478">
+<summary>
+Do not audit attempts to list directories of automatically
+mounted filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_autofs_symlinks" lineno="497">
+<summary>
+Create, read, write, and delete symbolic links
+on an autofs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_binfmt_misc_dirs" lineno="516">
+<summary>
+Get the attributes of directories on
+binfmt_misc filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_register_binary_executable_type" lineno="552">
+<summary>
+Register an interpreter for new binary
+file types, using the kernel binfmt_misc
+support.
+</summary>
+<desc>
+<p>
+Register an interpreter for new binary
+file types, using the kernel binfmt_misc
+support.
+</p>
+<p>
+A common use for this is to
+register a JVM as an interpreter for
+Java byte code. Registered binaries
+can be directly executed on a command line
+without specifying the interpreter.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_mount_cgroup" lineno="570">
+<summary>
+Mount cgroup filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_cgroup" lineno="588">
+<summary>
+Remount cgroup filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_cgroup" lineno="606">
+<summary>
+Unmount cgroup filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_cgroup" lineno="624">
+<summary>
+Get attributes of cgroup filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_cgroup_dirs" lineno="642">
+<summary>
+Search cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_cgroup_dirs" lineno="662">
+<summary>
+list cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_delete_cgroup_dirs" lineno="681">
+<summary>
+Delete cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cgroup_dirs" lineno="700">
+<summary>
+Manage cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cgroup_files" lineno="720">
+<summary>
+Read cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_write_cgroup_files" lineno="740">
+<summary>
+Write cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_cgroup_files" lineno="759">
+<summary>
+Read and write cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_rw_cgroup_files" lineno="781">
+<summary>
+Do not audit attempts to open,
+get attributes, read and write
+cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cgroup_files" lineno="799">
+<summary>
+Manage cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_cgroup" lineno="819">
+<summary>
+Mount on cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_cifs_dirs" lineno="838">
+<summary>
+Do not audit attempts to read
+dirs on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_cifs" lineno="856">
+<summary>
+Mount a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_cifs" lineno="875">
+<summary>
+Remount a CIFS or SMB network filesystem.
+This allows some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_cifs" lineno="893">
+<summary>
+Unmount a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_cifs" lineno="913">
+<summary>
+Get the attributes of a CIFS or
+SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_search_cifs" lineno="931">
+<summary>
+Search directories on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_cifs" lineno="950">
+<summary>
+List the contents of directories on a
+CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_cifs" lineno="969">
+<summary>
+Do not audit attempts to list the contents
+of directories on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_cifs" lineno="987">
+<summary>
+Mounton a CIFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cifs_files" lineno="1006">
+<summary>
+Read files on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_getattr_noxattr_fs" lineno="1027">
+<summary>
+Get the attributes of filesystems that
+do not have extended attribute support.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_list_noxattr_fs" lineno="1045">
+<summary>
+Read all noxattrfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_noxattr_fs" lineno="1064">
+<summary>
+Do not audit attempts to list all
+noxattrfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_noxattr_fs_dirs" lineno="1082">
+<summary>
+Create, read, write, and delete all noxattrfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_noxattr_fs_files" lineno="1100">
+<summary>
+Read all noxattrfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1119">
+<summary>
+Do not audit attempts to read all
+noxattrfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1137">
+<summary>
+Dont audit attempts to write to noxattrfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_noxattr_fs_files" lineno="1155">
+<summary>
+Create, read, write, and delete all noxattrfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_noxattr_fs_symlinks" lineno="1173">
+<summary>
+Read all noxattrfs symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabelfrom_noxattr_fs" lineno="1192">
+<summary>
+Relabel all objets from filesystems that
+do not support extended attributes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_cifs_files" lineno="1218">
+<summary>
+Do not audit attempts to read
+files on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_append_cifs_files" lineno="1238">
+<summary>
+Append files
+on a CIFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_append_cifs_files" lineno="1258">
+<summary>
+dontaudit Append files
+on a CIFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_rw_cifs_files" lineno="1277">
+<summary>
+Do not audit attempts to read or
+write files on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cifs_symlinks" lineno="1295">
+<summary>
+Read symbolic links on a CIFS or SMB filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cifs_named_pipes" lineno="1315">
+<summary>
+Read named pipes
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cifs_named_sockets" lineno="1334">
+<summary>
+Read named pipes
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_exec_cifs_files" lineno="1355">
+<summary>
+Execute files on a CIFS or SMB
+network filesystem, in the caller
+domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_manage_cifs_dirs" lineno="1376">
+<summary>
+Create, read, write, and delete directories
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1396">
+<summary>
+Do not audit attempts to create, read,
+write, and delete directories
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cifs_files" lineno="1416">
+<summary>
+Create, read, write, and delete files
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_cifs_files" lineno="1436">
+<summary>
+Do not audit attempts to create, read,
+write, and delete files
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cifs_symlinks" lineno="1455">
+<summary>
+Create, read, write, and delete symbolic links
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cifs_named_pipes" lineno="1474">
+<summary>
+Create, read, write, and delete named pipes
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_cifs_named_sockets" lineno="1493">
+<summary>
+Create, read, write, and delete named sockets
+on a CIFS or SMB network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_cifs_domtrans" lineno="1536">
+<summary>
+Execute a file on a CIFS or SMB filesystem
+in the specified domain.
+</summary>
+<desc>
+<p>
+Execute a file on a CIFS or SMB filesystem
+in the specified domain. This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain. This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+home directories on CIFS/SMB filesystems,
+in particular used by the ssh-agent policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_configfs_dirs" lineno="1556">
+<summary>
+Create, read, write, and delete dirs
+on a configfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_configfs_files" lineno="1575">
+<summary>
+Create, read, write, and delete files
+on a configfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_dos_fs" lineno="1594">
+<summary>
+Mount a DOS filesystem, such as
+FAT32 or NTFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_dos_fs" lineno="1614">
+<summary>
+Remount a DOS filesystem, such as
+FAT32 or NTFS. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_dos_fs" lineno="1633">
+<summary>
+Unmount a DOS filesystem, such as
+FAT32 or NTFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_dos_fs" lineno="1653">
+<summary>
+Get the attributes of a DOS
+filesystem, such as FAT32 or NTFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_relabelfrom_dos_fs" lineno="1672">
+<summary>
+Allow changing of the label of a
+DOS filesystem using the context= mount option.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_dos" lineno="1690">
+<summary>
+Search dosfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_dos" lineno="1708">
+<summary>
+List dirs DOS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_dos_dirs" lineno="1727">
+<summary>
+Create, read, write, and delete dirs
+on a DOS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_dos_files" lineno="1745">
+<summary>
+Read files on a DOS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_dos_files" lineno="1764">
+<summary>
+Create, read, write, and delete files
+on a DOS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_eventpollfs" lineno="1792">
+<summary>
+Read eventpollfs files.
+</summary>
+<desc>
+<p>
+Read eventpollfs files
+</p>
+<p>
+This interface has been deprecated, and will
+be removed in the future.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_fusefs" lineno="1806">
+<summary>
+Mount a FUSE filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_fusefs" lineno="1824">
+<summary>
+Unmount a FUSE filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_fusefs" lineno="1842">
+<summary>
+Mounton a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_fusefs" lineno="1862">
+<summary>
+Search directories
+on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_list_fusefs" lineno="1881">
+<summary>
+Do not audit attempts to list the contents
+of directories on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_fusefs_dirs" lineno="1901">
+<summary>
+Create, read, write, and delete directories
+on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="1921">
+<summary>
+Do not audit attempts to create, read,
+write, and delete directories
+on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_fusefs_files" lineno="1940">
+<summary>
+Read, a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_exec_fusefs_files" lineno="1959">
+<summary>
+Execute files on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_manage_fusefs_files" lineno="1979">
+<summary>
+Create, read, write, and delete files
+on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_fusefs_files" lineno="1999">
+<summary>
+Do not audit attempts to create,
+read, write, and delete files
+on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_fusefs_symlinks" lineno="2017">
+<summary>
+Read symbolic links on a FUSEFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_hugetlbfs" lineno="2037">
+<summary>
+Get the attributes of an hugetlbfs
+filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_hugetlbfs" lineno="2055">
+<summary>
+List hugetlbfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_hugetlbfs_dirs" lineno="2073">
+<summary>
+Manage hugetlbfs dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_hugetlbfs_files" lineno="2091">
+<summary>
+Read and write hugetlbfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate_hugetlbfs" lineno="2109">
+<summary>
+Allow the type to associate to hugetlbfs filesystems.
+</summary>
+<param name="type">
+<summary>
+The type of the object to be associated.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_inotifyfs" lineno="2127">
+<summary>
+Search inotifyfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_inotifyfs" lineno="2145">
+<summary>
+List inotifyfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_inotifyfs" lineno="2163">
+<summary>
+Dontaudit List inotifyfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_hugetlbfs_filetrans" lineno="2192">
+<summary>
+Create an object in a hugetlbfs filesystem, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_iso9660_fs" lineno="2212">
+<summary>
+Mount an iso9660 filesystem, which
+is usually used on CDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_iso9660_fs" lineno="2232">
+<summary>
+Remount an iso9660 filesystem, which
+is usually used on CDs. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_iso9660_fs" lineno="2251">
+<summary>
+Unmount an iso9660 filesystem, which
+is usually used on CDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_iso9660_fs" lineno="2271">
+<summary>
+Get the attributes of an iso9660
+filesystem, which is usually used on CDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_getattr_iso9660_files" lineno="2290">
+<summary>
+Read files on an iso9660 filesystem, which
+is usually used on CDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_iso9660_files" lineno="2310">
+<summary>
+Read files on an iso9660 filesystem, which
+is usually used on CDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_nfs" lineno="2330">
+<summary>
+Mount a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_nfs" lineno="2349">
+<summary>
+Remount a NFS filesystem. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_nfs" lineno="2367">
+<summary>
+Unmount a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_nfs" lineno="2386">
+<summary>
+Get the attributes of a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_search_nfs" lineno="2404">
+<summary>
+Search directories on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_nfs" lineno="2422">
+<summary>
+List NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_nfs" lineno="2441">
+<summary>
+Do not audit attempts to list the contents
+of directories on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_nfs" lineno="2459">
+<summary>
+Mounton a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_nfs_files" lineno="2478">
+<summary>
+Read files on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_read_nfs_files" lineno="2498">
+<summary>
+Do not audit attempts to read
+files on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_write_nfs_files" lineno="2516">
+<summary>
+Read files on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_exec_nfs_files" lineno="2536">
+<summary>
+Execute files on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_append_nfs_files" lineno="2557">
+<summary>
+Append files
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_append_nfs_files" lineno="2577">
+<summary>
+dontaudit Append files
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_rw_nfs_files" lineno="2596">
+<summary>
+Do not audit attempts to read or
+write files on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_nfs_symlinks" lineno="2614">
+<summary>
+Read symbolic links on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_nfs_symlinks" lineno="2633">
+<summary>
+Dontaudit read symbolic links on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_nfs_named_sockets" lineno="2651">
+<summary>
+Read named sockets on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_nfs_named_pipes" lineno="2670">
+<summary>
+Read named pipes on a NFS network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_getattr_rpc_dirs" lineno="2688">
+<summary>
+Read directories of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_rpc" lineno="2707">
+<summary>
+Search directories of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_removable" lineno="2725">
+<summary>
+Search removable storage directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_removable" lineno="2743">
+<summary>
+Do not audit attempts to list removable storage directories.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_removable_files" lineno="2761">
+<summary>
+Read removable storage files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_removable_files" lineno="2779">
+<summary>
+Do not audit attempts to read removable storage files.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_write_removable_files" lineno="2797">
+<summary>
+Do not audit attempts to write removable storage files.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_removable_symlinks" lineno="2815">
+<summary>
+Read removable storage symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_removable_blk_files" lineno="2833">
+<summary>
+Read block nodes on removable filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_removable_blk_files" lineno="2852">
+<summary>
+Read and write block nodes on removable filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_rpc" lineno="2871">
+<summary>
+Read directories of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_rpc_files" lineno="2889">
+<summary>
+Read files of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_rpc_symlinks" lineno="2907">
+<summary>
+Read symbolic links of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_rpc_sockets" lineno="2925">
+<summary>
+Read sockets of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_rpc_sockets" lineno="2943">
+<summary>
+Read and write sockets of RPC file system pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_nfs_dirs" lineno="2963">
+<summary>
+Create, read, write, and delete directories
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_nfs_dirs" lineno="2983">
+<summary>
+Do not audit attempts to create, read,
+write, and delete directories
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_nfs_files" lineno="3003">
+<summary>
+Create, read, write, and delete files
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_nfs_files" lineno="3023">
+<summary>
+Do not audit attempts to create,
+read, write, and delete files
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_nfs_symlinks" lineno="3043">
+<summary>
+Create, read, write, and delete symbolic links
+on a NFS network filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_manage_nfs_named_pipes" lineno="3062">
+<summary>
+Create, read, write, and delete named pipes
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_nfs_named_sockets" lineno="3081">
+<summary>
+Create, read, write, and delete named sockets
+on a NFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_nfs_domtrans" lineno="3124">
+<summary>
+Execute a file on a NFS filesystem
+in the specified domain.
+</summary>
+<desc>
+<p>
+Execute a file on a NFS filesystem
+in the specified domain. This allows
+the specified domain to execute any file
+on a NFS filesystem in the specified
+domain. This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+home directories on NFS filesystems,
+in particular used by the ssh-agent policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_nfsd_fs" lineno="3143">
+<summary>
+Mount a NFS server pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_nfsd_fs" lineno="3162">
+<summary>
+Mount a NFS server pseudo filesystem.
+This allows some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_nfsd_fs" lineno="3180">
+<summary>
+Unmount a NFS server pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_nfsd_fs" lineno="3199">
+<summary>
+Get the attributes of a NFS server
+pseudo filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_nfsd_fs" lineno="3217">
+<summary>
+Search NFS server directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_nfsd_fs" lineno="3235">
+<summary>
+List NFS server directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_nfsd_files" lineno="3253">
+<summary>
+Getattr files on an nfsd filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_nfsd_fs" lineno="3271">
+<summary>
+Read and write NFS server files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate_ramfs" lineno="3289">
+<summary>
+Allow the type to associate to ramfs filesystems.
+</summary>
+<param name="type">
+<summary>
+The type of the object to be associated.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_ramfs" lineno="3307">
+<summary>
+Mount a RAM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_ramfs" lineno="3326">
+<summary>
+Remount a RAM filesystem. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_ramfs" lineno="3344">
+<summary>
+Unmount a RAM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_ramfs" lineno="3362">
+<summary>
+Get the attributes of a RAM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_ramfs" lineno="3380">
+<summary>
+Search directories on a ramfs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_search_ramfs" lineno="3398">
+<summary>
+Dontaudit Search directories on a ramfs
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_ramfs_dirs" lineno="3417">
+<summary>
+Create, read, write, and delete
+directories on a ramfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_ramfs_files" lineno="3435">
+<summary>
+Dontaudit read on a ramfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_read_ramfs_pipes" lineno="3453">
+<summary>
+Dontaudit read on a ramfs fifo_files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_ramfs_files" lineno="3472">
+<summary>
+Create, read, write, and delete
+files on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_write_ramfs_pipes" lineno="3490">
+<summary>
+Write to named pipe on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_write_ramfs_pipes" lineno="3509">
+<summary>
+Do not audit attempts to write to named
+pipes on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_ramfs_pipes" lineno="3527">
+<summary>
+Read and write a named pipe on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_ramfs_pipes" lineno="3546">
+<summary>
+Create, read, write, and delete
+named pipes on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_write_ramfs_sockets" lineno="3564">
+<summary>
+Write to named socket on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_ramfs_sockets" lineno="3583">
+<summary>
+Create, read, write, and delete
+named sockets on a ramfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_romfs" lineno="3601">
+<summary>
+Mount a ROM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_romfs" lineno="3620">
+<summary>
+Remount a ROM filesystem. This allows
+some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_romfs" lineno="3638">
+<summary>
+Unmount a ROM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_romfs" lineno="3657">
+<summary>
+Get the attributes of a ROM
+filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_rpc_pipefs" lineno="3675">
+<summary>
+Mount a RPC pipe filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_rpc_pipefs" lineno="3694">
+<summary>
+Remount a RPC pipe filesystem. This
+allows some mount option to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_rpc_pipefs" lineno="3712">
+<summary>
+Unmount a RPC pipe filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_rpc_pipefs" lineno="3731">
+<summary>
+Get the attributes of a RPC pipe
+filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_rpc_named_pipes" lineno="3749">
+<summary>
+Read and write RPC pipe filesystem named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_tmpfs" lineno="3767">
+<summary>
+Mount a tmpfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_tmpfs" lineno="3785">
+<summary>
+Remount a tmpfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_tmpfs" lineno="3803">
+<summary>
+Unmount a tmpfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tmpfs" lineno="3823">
+<summary>
+Get the attributes of a tmpfs
+filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_associate_tmpfs" lineno="3841">
+<summary>
+Allow the type to associate to tmpfs filesystems.
+</summary>
+<param name="type">
+<summary>
+The type of the object to be associated.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tmpfs_dirs" lineno="3859">
+<summary>
+Get the attributes of tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="3878">
+<summary>
+Do not audit attempts to get the attributes
+of tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_setattr_tmpfs_dirs" lineno="3896">
+<summary>
+Set the attributes of tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_tmpfs" lineno="3914">
+<summary>
+Search tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_tmpfs" lineno="3932">
+<summary>
+List the contents of generic tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_tmpfs" lineno="3951">
+<summary>
+Do not audit attempts to list the
+contents of generic tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_dirs" lineno="3970">
+<summary>
+Create, read, write, and delete
+tmpfs directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="3989">
+<summary>
+Do not audit attempts to write
+tmpfs directories
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_tmpfs_filetrans" lineno="4018">
+<summary>
+Create an object in a tmpfs filesystem, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="4038">
+<summary>
+Do not audit attempts to getattr
+generic tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_rw_tmpfs_files" lineno="4057">
+<summary>
+Do not audit attempts to read or write
+generic tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_auto_mountpoints" lineno="4076">
+<summary>
+Create, read, write, and delete
+auto moutpoints.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_tmpfs_files" lineno="4094">
+<summary>
+Read generic tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_tmpfs_files" lineno="4112">
+<summary>
+Read and write generic tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_tmpfs_symlinks" lineno="4130">
+<summary>
+Read tmpfs link files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_tmpfs_chr_files" lineno="4148">
+<summary>
+Read and write character nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="4167">
+<summary>
+dontaudit Read and write character nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabel_tmpfs_chr_file" lineno="4186">
+<summary>
+Relabel character nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_tmpfs_blk_files" lineno="4205">
+<summary>
+Read and write block nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabel_tmpfs_blk_file" lineno="4224">
+<summary>
+Relabel block nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_files" lineno="4244">
+<summary>
+Read and write, create and delete generic
+files on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_symlinks" lineno="4263">
+<summary>
+Read and write, create and delete symbolic
+links on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_sockets" lineno="4282">
+<summary>
+Read and write, create and delete socket
+files on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_chr_files" lineno="4301">
+<summary>
+Read and write, create and delete character
+nodes on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_tmpfs_blk_files" lineno="4320">
+<summary>
+Read and write, create and delete block nodes
+on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_xenfs" lineno="4338">
+<summary>
+Mount a XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_xenfs" lineno="4356">
+<summary>
+Search the XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_xenfs_dirs" lineno="4376">
+<summary>
+Create, read, write, and delete directories
+on a XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="4396">
+<summary>
+Do not audit attempts to create, read,
+write, and delete directories
+on a XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_xenfs_files" lineno="4416">
+<summary>
+Create, read, write, and delete files
+on a XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_manage_xenfs_files" lineno="4436">
+<summary>
+Do not audit attempts to create,
+read, write, and delete files
+on a XENFS filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_all_fs" lineno="4454">
+<summary>
+Mount all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_remount_all_fs" lineno="4473">
+<summary>
+Remount all filesystems. This
+allows some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_all_fs" lineno="4491">
+<summary>
+Unmount all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_fs" lineno="4523">
+<summary>
+Get the attributes of all filesystems.
+</summary>
+<desc>
+<p>
+Allow the specified domain to
+et the attributes of all filesystems.
+Example attributes:
+</p>
+<ul>
+<li>Type of the file system (e.g., ext3)</li>
+<li>Size of the file system</li>
+<li>Available space on the file system</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+<rolecap/>
+</interface>
+<interface name="fs_dontaudit_getattr_all_fs" lineno="4543">
+<summary>
+Do not audit attempts to get the attributes
+all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_get_all_fs_quotas" lineno="4562">
+<summary>
+Get the quotas of all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_set_all_quotas" lineno="4581">
+<summary>
+Set the quotas of all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_relabelfrom_all_fs" lineno="4599">
+<summary>
+Relabelfrom all filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_dirs" lineno="4618">
+<summary>
+Get the attributes of all directories
+with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_all" lineno="4636">
+<summary>
+Search all directories with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_list_all" lineno="4654">
+<summary>
+List all directories with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_files" lineno="4673">
+<summary>
+Get the attributes of all files with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_all_files" lineno="4692">
+<summary>
+Do not audit attempts to get the attributes
+of all files with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_symlinks" lineno="4711">
+<summary>
+Get the attributes of all symbolic links with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_all_symlinks" lineno="4730">
+<summary>
+Do not audit attempts to get the attributes
+of all symbolic links with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_pipes" lineno="4749">
+<summary>
+Get the attributes of all named pipes with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_all_pipes" lineno="4768">
+<summary>
+Do not audit attempts to get the attributes
+of all named pipes with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_sockets" lineno="4787">
+<summary>
+Get the attributes of all named sockets with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_getattr_all_sockets" lineno="4806">
+<summary>
+Do not audit attempts to get the attributes
+of all named sockets with a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_blk_files" lineno="4825">
+<summary>
+Get the attributes of all block device nodes with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_chr_files" lineno="4844">
+<summary>
+Get the attributes of all character device nodes with
+a filesystem type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unconfined" lineno="4862">
+<summary>
+Unconfined access to filesystems
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="kernel" filename="policy/modules/kernel/kernel.if">
+<summary>
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
+</summary>
+<required val="true">
+This module has initial SIDs.
+</required>
+<interface name="kernel_domtrans_to" lineno="25">
+<summary>
+Allows to start userland processes
+by transitioning to the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The process type entered by kernel.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The executable type for the entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="kernel_ranged_domtrans_to" lineno="55">
+<summary>
+Allows to start userland processes
+by transitioning to the specified domain,
+with a range transition.
+</summary>
+<param name="domain">
+<summary>
+The process type entered by kernel.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The executable type for the entrypoint.
+</summary>
+</param>
+<param name="range">
+<summary>
+Range for the domain.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rootfs_mountpoint" lineno="83">
+<summary>
+Allows the kernel to mount filesystems on
+the specified directory type.
+</summary>
+<param name="directory_type">
+<summary>
+The type of the directory to use as a mountpoint.
+</summary>
+</param>
+</interface>
+<interface name="kernel_setpgid" lineno="101">
+<summary>
+Set the process group of kernel threads.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_setsched" lineno="119">
+<summary>
+Set the priority of kernel threads.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sigchld" lineno="137">
+<summary>
+Send a SIGCHLD signal to kernel threads.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_kill" lineno="155">
+<summary>
+Send a kill signal to kernel threads.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_signal" lineno="173">
+<summary>
+Send a generic signal to kernel threads.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_share_state" lineno="192">
+<summary>
+Allows the kernel to share state information with
+the caller.
+</summary>
+<param name="domain">
+<summary>
+The type of the process with which to share state information.
+</summary>
+</param>
+</interface>
+<interface name="kernel_use_fds" lineno="210">
+<summary>
+Permits caller to use kernel file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_use_fds" lineno="229">
+<summary>
+Do not audit attempts to use
+kernel file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_pipes" lineno="247">
+<summary>
+Read and write kernel unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_unix_dgram_sockets" lineno="265">
+<summary>
+Read and write kernel unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dgram_send" lineno="283">
+<summary>
+Send messages to kernel unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_tcp_recvfrom" lineno="301">
+<summary>
+Receive messages from kernel TCP sockets. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_udp_send" lineno="315">
+<summary>
+Send UDP network traffic to the kernel. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_udp_recvfrom" lineno="329">
+<summary>
+Receive messages from kernel UDP sockets. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_load_module" lineno="343">
+<summary>
+Allows caller to load kernel modules
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_search_key" lineno="361">
+<summary>
+Allow search the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_key" lineno="379">
+<summary>
+dontaudit search the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_link_key" lineno="397">
+<summary>
+Allow link to the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_link_key" lineno="415">
+<summary>
+dontaudit link to the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_ring_buffer" lineno="434">
+<summary>
+Allows caller to read the ring buffer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_read_ring_buffer" lineno="453">
+<summary>
+Do not audit attempts to read the ring buffer.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_change_ring_buffer_level" lineno="472">
+<summary>
+Change the level of kernel messages logged to the console.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_clear_ring_buffer" lineno="500">
+<summary>
+Allows the caller to clear the ring buffer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_request_load_module" lineno="540">
+<summary>
+Allows caller to request the kernel to load a module
+</summary>
+<desc>
+<p>
+Allow the specified domain to request that the kernel
+load a kernel module. An example of this is the
+auto-loading of network drivers when doing an
+ioctl() on a network interface.
+</p>
+<p>
+In the specific case of a module loading request
+on a network interface, the domain will also
+need the net_admin capability.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_request_load_module" lineno="558">
+<summary>
+Do not audit requests to the kernel to load a module.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_get_sysvipc_info" lineno="576">
+<summary>
+Get information on all System V IPC objects.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_debugfs" lineno="594">
+<summary>
+Get the attributes of a kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_mount_debugfs" lineno="612">
+<summary>
+Mount a kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_unmount_debugfs" lineno="630">
+<summary>
+Unmount a kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_remount_debugfs" lineno="648">
+<summary>
+Remount a kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_search_debugfs" lineno="666">
+<summary>
+Search the contents of a kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_debugfs" lineno="684">
+<summary>
+Do not audit attempts to search the kernel debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_debugfs" lineno="702">
+<summary>
+Read information from the debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_write_debugfs_dirs" lineno="722">
+<summary>
+Do not audit attempts to write kernel debugging filesystem dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_debugfs" lineno="740">
+<summary>
+Manage information from the debugging filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_mount_kvmfs" lineno="760">
+<summary>
+Mount a kernel VM filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_unmount_proc" lineno="778">
+<summary>
+Unmount the proc filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_proc" lineno="796">
+<summary>
+Get the attributes of the proc filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_setattr_proc_dirs" lineno="815">
+<summary>
+Do not audit attempts to set the
+attributes of directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_search_proc" lineno="833">
+<summary>
+Search directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_list_proc" lineno="851">
+<summary>
+List the contents of directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_list_proc" lineno="870">
+<summary>
+Do not audit attempts to list the
+contents of directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_write_proc_dirs" lineno="889">
+<summary>
+Do not audit attempts to write the
+directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_proc_files" lineno="907">
+<summary>
+Get the attributes of files in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_proc_symlinks" lineno="934">
+<summary>
+Read generic symbolic links in /proc.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read (follow) generic
+symbolic links (symlinks) in the proc filesystem (/proc).
+This interface does not include access to the targets of
+these links. An example symlink is /proc/self.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="kernel_read_system_state" lineno="973">
+<summary>
+Allows caller to read system state information in /proc.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read general system
+state information from the proc filesystem (/proc).
+</p>
+<p>
+Generally it should be safe to allow this access. Some
+example files that can be read based on this interface:
+</p>
+<ul>
+<li>/proc/cpuinfo</li>
+<li>/proc/meminfo</li>
+<li>/proc/uptime</li>
+</ul>
+<p>
+This does not allow access to sysctl entries (/proc/sys/*)
+nor process state information (/proc/pid).
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+<rolecap/>
+</interface>
+<interface name="kernel_write_proc_files" lineno="999">
+<summary>
+Write to generic proc entries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_read_system_state" lineno="1018">
+<summary>
+Do not audit attempts by caller to
+read system state information in proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1037">
+<summary>
+Do not audit attempts by caller to
+read system state information in proc.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_afs_state" lineno="1056">
+<summary>
+Allow caller to read and write state information for AFS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_software_raid_state" lineno="1076">
+<summary>
+Allow caller to read the state information for software raid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_software_raid_state" lineno="1096">
+<summary>
+Allow caller to read and set the state information for software raid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_core_if" lineno="1116">
+<summary>
+Allows caller to get attribues of core kernel interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_core_if" lineno="1137">
+<summary>
+Do not audit attempts to get the attributes of
+core kernel interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_core_if" lineno="1155">
+<summary>
+Allows caller to read the core kernel interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_messages" lineno="1179">
+<summary>
+Allow caller to read kernel messages
+using the /proc/kmsg interface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_message_if" lineno="1201">
+<summary>
+Allow caller to get the attributes of kernel message
+interface (/proc/kmsg).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_message_if" lineno="1220">
+<summary>
+Do not audit attempts by caller to get the attributes of kernel
+message interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_network_state" lineno="1240">
+<summary>
+Do not audit attempts to search the network
+state directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_search_network_state" lineno="1259">
+<summary>
+Allow searching of network state directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_read_network_state" lineno="1289">
+<summary>
+Read the network state information.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read the networking
+state information. This includes several pieces
+of networking information, such as network interface
+names, netfilter (iptables) statistics, protocol
+information, routes, and remote procedure call (RPC)
+information.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+<rolecap/>
+</interface>
+<interface name="kernel_read_network_state_symlinks" lineno="1310">
+<summary>
+Allow caller to read the network state symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_search_xen_state" lineno="1331">
+<summary>
+Allow searching of xen state directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_dontaudit_search_xen_state" lineno="1351">
+<summary>
+Do not audit attempts to search the xen
+state directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_read_xen_state" lineno="1370">
+<summary>
+Allow caller to read the xen state information.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_read_xen_state_symlinks" lineno="1392">
+<summary>
+Allow caller to read the xen state symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_write_xen_state" lineno="1413">
+<summary>
+Allow caller to write xen state information.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_list_all_proc" lineno="1431">
+<summary>
+Allow attempts to list all proc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_list_all_proc" lineno="1450">
+<summary>
+Do not audit attempts to list all proc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_sysctl" lineno="1471">
+<summary>
+Do not audit attempts by caller to search
+the base directory of sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_read_sysctl" lineno="1490">
+<summary>
+Allow access to read sysctl directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="kernel_read_device_sysctls" lineno="1510">
+<summary>
+Allow caller to read the device sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_device_sysctls" lineno="1531">
+<summary>
+Read and write device sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_search_vm_sysctl" lineno="1551">
+<summary>
+Allow caller to search virtual memory sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_vm_sysctls" lineno="1570">
+<summary>
+Allow caller to read virtual memory sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_vm_sysctls" lineno="1591">
+<summary>
+Read and write virtual memory sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_search_network_sysctl" lineno="1613">
+<summary>
+Search network sysctl directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_network_sysctl" lineno="1631">
+<summary>
+Do not audit attempts by caller to search network sysctl directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_net_sysctls" lineno="1650">
+<summary>
+Allow caller to read network sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_net_sysctls" lineno="1671">
+<summary>
+Allow caller to modiry contents of sysctl network files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_unix_sysctls" lineno="1693">
+<summary>
+Allow caller to read unix domain
+socket sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_unix_sysctls" lineno="1715">
+<summary>
+Read and write unix domain
+socket sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_hotplug_sysctls" lineno="1736">
+<summary>
+Read the hotplug sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_hotplug_sysctls" lineno="1757">
+<summary>
+Read and write the hotplug sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_modprobe_sysctls" lineno="1778">
+<summary>
+Read the modprobe sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_modprobe_sysctls" lineno="1799">
+<summary>
+Read and write the modprobe sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="1819">
+<summary>
+Do not audit attempts to search generic kernel sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_crypto_sysctls" lineno="1837">
+<summary>
+Read generic crypto sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_kernel_sysctls" lineno="1878">
+<summary>
+Read general kernel sysctls.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read general
+kernel sysctl settings. These settings are typically
+read using the sysctl program. The settings
+that are included by this interface are prefixed
+with "kernel.", for example, kernel.sysrq.
+</p>
+<p>
+This does not include access to the hotplug
+handler setting (kernel.hotplug)
+nor the module installer handler setting
+(kernel.modprobe).
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>kernel_rw_kernel_sysctl()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="1898">
+<summary>
+Do not audit attempts to write generic kernel sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_kernel_sysctl" lineno="1917">
+<summary>
+Read and write generic kernel sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_fs_sysctls" lineno="1938">
+<summary>
+Read filesystem sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_fs_sysctls" lineno="1959">
+<summary>
+Read and write fileystem sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_irq_sysctls" lineno="1980">
+<summary>
+Read IRQ sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_irq_sysctls" lineno="2001">
+<summary>
+Read and write IRQ sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_rpc_sysctls" lineno="2022">
+<summary>
+Read RPC sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_rpc_sysctls" lineno="2043">
+<summary>
+Read and write RPC sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_list_all_sysctls" lineno="2063">
+<summary>
+Do not audit attempts to list all sysctl directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_all_sysctls" lineno="2083">
+<summary>
+Allow caller to read all sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_all_sysctls" lineno="2106">
+<summary>
+Read and write all sysctls.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_kill_unlabeled" lineno="2130">
+<summary>
+Send a kill signal to unlabeled processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_mount_unlabeled" lineno="2148">
+<summary>
+Mount a kernel unlabeled filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_unmount_unlabeled" lineno="2166">
+<summary>
+Unmount a kernel unlabeled filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_signal_unlabeled" lineno="2184">
+<summary>
+Send general signals to unlabeled processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_signull_unlabeled" lineno="2202">
+<summary>
+Send a null signal to unlabeled processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sigstop_unlabeled" lineno="2220">
+<summary>
+Send a stop signal to unlabeled processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sigchld_unlabeled" lineno="2238">
+<summary>
+Send a child terminated signal to unlabeled processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_list_unlabeled" lineno="2256">
+<summary>
+List unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_unlabeled_state" lineno="2274">
+<summary>
+Read the process state (/proc/pid) of all unlabeled_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_list_unlabeled" lineno="2294">
+<summary>
+Do not audit attempts to list unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_unlabeled_dirs" lineno="2312">
+<summary>
+Read and write unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_unlabeled_files" lineno="2330">
+<summary>
+Read and write unlabeled files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2349">
+<summary>
+Do not audit attempts by caller to get the
+attributes of an unlabeled file.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2368">
+<summary>
+Do not audit attempts by caller to
+read an unlabeled file.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2387">
+<summary>
+Do not audit attempts by caller to get the
+attributes of unlabeled symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2406">
+<summary>
+Do not audit attempts by caller to get the
+attributes of unlabeled named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2425">
+<summary>
+Do not audit attempts by caller to get the
+attributes of unlabeled named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="2444">
+<summary>
+Do not audit attempts by caller to get attributes for
+unlabeled block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_unlabeled_blk_files" lineno="2462">
+<summary>
+Read and write unlabeled block device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="2481">
+<summary>
+Do not audit attempts by caller to get attributes for
+unlabeled character devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="2499">
+<summary>
+Allow caller to relabel unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_files" lineno="2517">
+<summary>
+Allow caller to relabel unlabeled files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="2536">
+<summary>
+Allow caller to relabel unlabeled symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="2555">
+<summary>
+Allow caller to relabel unlabeled named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="2574">
+<summary>
+Allow caller to relabel unlabeled named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sendrecv_unlabeled_association" lineno="2608">
+<summary>
+Send and receive messages from an
+unlabeled IPSEC association.
+</summary>
+<desc>
+<p>
+Send and receive messages from an
+unlabeled IPSEC association. Network
+connections that are not protected
+by IPSEC have use an unlabeled
+assocation.
+</p>
+<p>
+The corenetwork interface
+corenet_non_ipsec_sendrecv() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="2644">
+<summary>
+Do not audit attempts to send and receive messages
+from an unlabeled IPSEC association.
+</summary>
+<desc>
+<p>
+Do not audit attempts to send and receive messages
+from an unlabeled IPSEC association. Network
+connections that are not protected
+by IPSEC have use an unlabeled
+assocation.
+</p>
+<p>
+The corenetwork interface
+corenet_dontaudit_non_ipsec_sendrecv() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_tcp_recvfrom_unlabeled" lineno="2671">
+<summary>
+Receive TCP packets from an unlabeled connection.
+</summary>
+<desc>
+<p>
+Receive TCP packets from an unlabeled connection.
+</p>
+<p>
+The corenetwork interface corenet_tcp_recv_unlabeled() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="2700">
+<summary>
+Do not audit attempts to receive TCP packets from an unlabeled
+connection.
+</summary>
+<desc>
+<p>
+Do not audit attempts to receive TCP packets from an unlabeled
+connection.
+</p>
+<p>
+The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
+should be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_udp_recvfrom_unlabeled" lineno="2727">
+<summary>
+Receive UDP packets from an unlabeled connection.
+</summary>
+<desc>
+<p>
+Receive UDP packets from an unlabeled connection.
+</p>
+<p>
+The corenetwork interface corenet_udp_recv_unlabeled() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="2756">
+<summary>
+Do not audit attempts to receive UDP packets from an unlabeled
+connection.
+</summary>
+<desc>
+<p>
+Do not audit attempts to receive UDP packets from an unlabeled
+connection.
+</p>
+<p>
+The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
+should be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_raw_recvfrom_unlabeled" lineno="2783">
+<summary>
+Receive Raw IP packets from an unlabeled connection.
+</summary>
+<desc>
+<p>
+Receive Raw IP packets from an unlabeled connection.
+</p>
+<p>
+The corenetwork interface corenet_raw_recv_unlabeled() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="2812">
+<summary>
+Do not audit attempts to receive Raw IP packets from an unlabeled
+connection.
+</summary>
+<desc>
+<p>
+Do not audit attempts to receive Raw IP packets from an unlabeled
+connection.
+</p>
+<p>
+The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
+should be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sendrecv_unlabeled_packets" lineno="2842">
+<summary>
+Send and receive unlabeled packets.
+</summary>
+<desc>
+<p>
+Send and receive unlabeled packets.
+These packets do not match any netfilter
+SECMARK rules.
+</p>
+<p>
+The corenetwork interface
+corenet_sendrecv_unlabeled_packets() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_recvfrom_unlabeled_peer" lineno="2870">
+<summary>
+Receive packets from an unlabeled peer.
+</summary>
+<desc>
+<p>
+Receive packets from an unlabeled peer, these packets do not have any
+peer labeling information present.
+</p>
+<p>
+The corenetwork interface corenet_recvfrom_unlabeled_peer() should
+be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="2898">
+<summary>
+Do not audit attempts to receive packets from an unlabeled peer.
+</summary>
+<desc>
+<p>
+Do not audit attempts to receive packets from an unlabeled peer,
+these packets do not have any peer labeling information present.
+</p>
+<p>
+The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
+should be used instead of this one.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_database" lineno="2916">
+<summary>
+Relabel from unlabeled database objects.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_unconfined" lineno="2953">
+<summary>
+Unconfined access to kernel module resources.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<bool name="secure_mode_insmod" dftval="false">
+<desc>
+<p>
+Disable kernel module loading.
+</p>
+</desc>
+</bool>
+</module>
+<module name="mcs" filename="policy/modules/kernel/mcs.if">
+<summary>Multicategory security policy</summary>
+<required val="true">
+Contains attributes used in MCS policy.
+</required>
+<interface name="mcs_file_read_all" lineno="18">
+<summary>
+This domain is allowed to read files and directories
+regardless of their MCS category set.
+</summary>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mcs_file_write_all" lineno="38">
+<summary>
+This domain is allowed to write files and directories
+regardless of their MCS category set.
+</summary>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mcs_killall" lineno="58">
+<summary>
+This domain is allowed to sigkill and sigstop
+all domains regardless of their MCS category set.
+</summary>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mcs_ptrace_all" lineno="78">
+<summary>
+This domain is allowed to ptrace
+all domains regardless of their MCS
+category set.
+</summary>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+</interface>
+<interface name="mcs_process_set_categories" lineno="98">
+<summary>
+Make specified domain MCS trusted
+for setting any category set for
+the processes it executes.
+</summary>
+<param name="domain">
+<summary>
+Domain target for user exemption.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mls" filename="policy/modules/kernel/mls.if">
+<summary>Multilevel security policy</summary>
+<desc>
+<p>
+This module contains interfaces for handling multilevel
+security. The interfaces allow the specified subjects
+and objects to be allowed certain privileges in the
+MLS rules.
+</p>
+</desc>
+<required val="true">
+Contains attributes used in MLS policy.
+</required>
+<interface name="mls_file_read_to_clearance" lineno="26">
+<summary>
+Make specified domain MLS trusted
+for reading from files up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_read_up" lineno="55">
+<summary>
+Make specified domain MLS trusted
+for reading from files at all levels. (Deprecated)
+</summary>
+<desc>
+<p>
+Make specified domain MLS trusted
+for reading from files at all levels.
+</p>
+<p>
+This interface has been deprecated, please use
+mls_file_read_all_levels() instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_file_read_all_levels" lineno="72">
+<summary>
+Make specified domain MLS trusted
+for reading from files at all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_write_to_clearance" lineno="92">
+<summary>
+Make specified domain MLS trusted
+for write to files up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_write_down" lineno="121">
+<summary>
+Make specified domain MLS trusted
+for writing to files at all levels. (Deprecated)
+</summary>
+<desc>
+<p>
+Make specified domain MLS trusted
+for writing to files at all levels.
+</p>
+<p>
+This interface has been deprecated, please use
+mls_file_write_all_levels() instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_file_write_all_levels" lineno="138">
+<summary>
+Make specified domain MLS trusted
+for writing to files at all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_upgrade" lineno="158">
+<summary>
+Make specified domain MLS trusted
+for raising the level of files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_downgrade" lineno="178">
+<summary>
+Make specified domain MLS trusted
+for lowering the level of files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_file_write_within_range" lineno="200">
+<summary>
+Make specified domain trusted to
+be written to within its MLS range.
+The subject's MLS range must be a
+proper subset of the object's MLS range.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_socket_read_all_levels" lineno="220">
+<summary>
+Make specified domain MLS trusted
+for reading from sockets at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_socket_read_to_clearance" lineno="241">
+<summary>
+Make specified domain MLS trusted
+for reading from sockets at any level
+that is dominated by the process clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_socket_write_to_clearance" lineno="262">
+<summary>
+Make specified domain MLS trusted
+for writing to sockets up to
+its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_socket_write_all_levels" lineno="282">
+<summary>
+Make specified domain MLS trusted
+for writing to sockets at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_net_receive_all_levels" lineno="303">
+<summary>
+Make specified domain MLS trusted
+for receiving network data from
+network interfaces or hosts at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_net_write_within_range" lineno="325">
+<summary>
+Make specified domain trusted to
+write to network objects within its MLS range.
+The subject's MLS range must be a
+proper subset of the object's MLS range.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_net_inbound_all_levels" lineno="346">
+<summary>
+Make specified domain trusted to
+write inbound packets regardless of the
+network's or node's MLS range.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_net_outbound_all_levels" lineno="367">
+<summary>
+Make specified domain trusted to
+write outbound packets regardless of the
+network's or node's MLS range.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_sysvipc_read_to_clearance" lineno="388">
+<summary>
+Make specified domain MLS trusted
+for reading from System V IPC objects
+up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_sysvipc_read_all_levels" lineno="409">
+<summary>
+Make specified domain MLS trusted
+for reading from System V IPC objects
+at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_sysvipc_write_to_clearance" lineno="430">
+<summary>
+Make specified domain MLS trusted
+for writing to System V IPC objects
+up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_sysvipc_write_all_levels" lineno="451">
+<summary>
+Make specified domain MLS trusted
+for writing to System V IPC objects
+at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_rangetrans_source" lineno="471">
+<summary>
+Allow the specified domain to do a MLS
+range transition that changes
+the current level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_rangetrans_target" lineno="491">
+<summary>
+Make specified domain a target domain
+for MLS range transitions that change
+the current level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_process_read_to_clearance" lineno="512">
+<summary>
+Make specified domain MLS trusted
+for reading from processes up to
+its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_process_read_up" lineno="541">
+<summary>
+Make specified domain MLS trusted
+for reading from processes at all levels. (Deprecated)
+</summary>
+<desc>
+<p>
+Make specified domain MLS trusted
+for reading from processes at all levels.
+</p>
+<p>
+This interface has been deprecated, please use
+mls_process_read_all_levels() instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_process_read_all_levels" lineno="558">
+<summary>
+Make specified domain MLS trusted
+for reading from processes at all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_process_write_to_clearance" lineno="579">
+<summary>
+Make specified domain MLS trusted
+for writing to processes up to
+its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_process_write_down" lineno="608">
+<summary>
+Make specified domain MLS trusted
+for writing to processes at all levels. (Deprecated)
+</summary>
+<desc>
+<p>
+Make specified domain MLS trusted
+for writing to processes at all levels.
+</p>
+<p>
+This interface has been deprecated, please use
+mls_process_write_all_levels() instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mls_process_write_all_levels" lineno="625">
+<summary>
+Make specified domain MLS trusted
+for writing to processes at all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_process_set_level" lineno="646">
+<summary>
+Make specified domain MLS trusted
+for setting the level of processes
+it executes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_xwin_read_to_clearance" lineno="666">
+<summary>
+Make specified domain MLS trusted
+for reading from X objects up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_xwin_read_all_levels" lineno="686">
+<summary>
+Make specified domain MLS trusted
+for reading from X objects at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_xwin_write_to_clearance" lineno="706">
+<summary>
+Make specified domain MLS trusted
+for write to X objects up to its clearance.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_xwin_write_all_levels" lineno="726">
+<summary>
+Make specified domain MLS trusted
+for writing to X objects at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_colormap_read_all_levels" lineno="746">
+<summary>
+Make specified domain MLS trusted
+for reading from X colormaps at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_colormap_write_all_levels" lineno="766">
+<summary>
+Make specified domain MLS trusted
+for writing to X colormaps at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_trusted_object" lineno="795">
+<summary>
+Make specified object MLS trusted.
+</summary>
+<desc>
+<p>
+Make specified object MLS trusted. This
+allows all levels to read and write the
+object.
+</p>
+<p>
+This currently only applies to filesystem
+objects, for example, files and directories.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type of the object.
+</summary>
+</param>
+</interface>
+<interface name="mls_fd_use_all_levels" lineno="816">
+<summary>
+Make the specified domain trusted
+to inherit and use file descriptors
+from all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_fd_share_all_levels" lineno="837">
+<summary>
+Make the file descriptors from the
+specifed domain inheritable by
+all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_context_translate_all_levels" lineno="857">
+<summary>
+Make specified domain MLS trusted
+for translating contexts at all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_db_read_all_levels" lineno="877">
+<summary>
+Make specified domain MLS trusted
+for reading from databases at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_db_write_all_levels" lineno="897">
+<summary>
+Make specified domain MLS trusted
+for writing to databases at any level.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_db_upgrade" lineno="917">
+<summary>
+Make specified domain MLS trusted
+for raising the level of databases.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_db_downgrade" lineno="937">
+<summary>
+Make specified domain MLS trusted
+for lowering the level of databases.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_dbus_send_all_levels" lineno="957">
+<summary>
+Make specified domain MLS trusted
+for sending dbus messages to
+all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mls_dbus_recv_all_levels" lineno="978">
+<summary>
+Make specified domain MLS trusted
+for receiving dbus messages from
+all levels.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="selinux" filename="policy/modules/kernel/selinux.if">
+<summary>
+Policy for kernel security interface, in particular, selinuxfs.
+</summary>
+<required val="true">
+Contains the policy for the kernel SELinux security interface.
+</required>
+<interface name="selinux_labeled_boolean" lineno="34">
+<summary>
+Make the specified type used for labeling SELinux Booleans.
+This interface is only usable in the base module.
+</summary>
+<desc>
+<p>
+Make the specified type used for labeling SELinux Booleans.
+</p>
+<p>
+This makes use of genfscon statements, which are only
+available in the base module. Thus any module which calls this
+interface must be included in the base module.
+</p>
+</desc>
+<param name="type">
+<summary>
+Type used for labeling a Boolean.
+</summary>
+</param>
+<param name="boolean">
+<summary>
+Name of the Boolean.
+</summary>
+</param>
+</interface>
+<interface name="selinux_get_fs_mount" lineno="56">
+<summary>
+Get the mountpoint of the selinuxfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_get_fs_mount" lineno="82">
+<summary>
+Do not audit attempts to get the mountpoint
+of the selinuxfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_mount_fs" lineno="107">
+<summary>
+Mount the selinuxfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_remount_fs" lineno="126">
+<summary>
+Remount the selinuxfs filesystem.
+This allows some mount options to be changed.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_unmount_fs" lineno="144">
+<summary>
+Unmount the selinuxfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_getattr_fs" lineno="162">
+<summary>
+Get the attributes of the selinuxfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_getattr_fs" lineno="181">
+<summary>
+Do not audit attempts to get the
+attributes of the selinuxfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_getattr_dir" lineno="200">
+<summary>
+Do not audit attempts to get the
+attributes of the selinuxfs directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_search_fs" lineno="218">
+<summary>
+Search selinuxfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_search_fs" lineno="236">
+<summary>
+Do not audit attempts to search selinuxfs.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_read_fs" lineno="255">
+<summary>
+Do not audit attempts to read
+generic selinuxfs entries
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_get_enforce_mode" lineno="276">
+<summary>
+Allows the caller to get the mode of policy enforcement
+(enforcing or permissive mode).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_set_enforce_mode" lineno="307">
+<summary>
+Allow caller to set the mode of policy enforcement
+(enforcing or permissive mode).
+</summary>
+<desc>
+<p>
+Allow caller to set the mode of policy enforcement
+(enforcing or permissive mode).
+</p>
+<p>
+Since this is a security event, this action is
+always audited.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_load_policy" lineno="338">
+<summary>
+Allow caller to load the policy into the kernel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_read_policy" lineno="369">
+<summary>
+Allow caller to read the policy from the kernel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_set_boolean" lineno="406">
+<summary>
+Allow caller to set the state of Booleans to
+enable or disable conditional portions of the policy. (Deprecated)
+</summary>
+<desc>
+<p>
+Allow caller to set the state of Booleans to
+enable or disable conditional portions of the policy.
+</p>
+<p>
+Since this is a security event, this action is
+always audited.
+</p>
+<p>
+This interface has been deprecated. Please use
+selinux_set_generic_booleans() or selinux_set_all_booleans()
+instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_set_generic_booleans" lineno="433">
+<summary>
+Allow caller to set the state of generic Booleans to
+enable or disable conditional portions of the policy.
+</summary>
+<desc>
+<p>
+Allow caller to set the state of generic Booleans to
+enable or disable conditional portions of the policy.
+</p>
+<p>
+Since this is a security event, this action is
+always audited.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_set_all_booleans" lineno="471">
+<summary>
+Allow caller to set the state of all Booleans to
+enable or disable conditional portions of the policy.
+</summary>
+<desc>
+<p>
+Allow caller to set the state of all Booleans to
+enable or disable conditional portions of the policy.
+</p>
+<p>
+Since this is a security event, this action is
+always audited.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_set_parameters" lineno="516">
+<summary>
+Allow caller to set SELinux access vector cache parameters.
+</summary>
+<desc>
+<p>
+Allow caller to set SELinux access vector cache parameters.
+The allows the domain to set performance related parameters
+of the AVC, such as cache threshold.
+</p>
+<p>
+Since this is a security event, this action is
+always audited.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_validate_context" lineno="540">
+<summary>
+Allows caller to validate security contexts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_dontaudit_validate_context" lineno="561">
+<summary>
+Do not audit attempts to validate security contexts.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_compute_access_vector" lineno="582">
+<summary>
+Allows caller to compute an access vector.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_compute_create_context" lineno="603">
+<summary>
+Calculate the default type for object creation.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="selinux_compute_member" lineno="624">
+<summary>
+Allows caller to compute polyinstatntiated
+directory members.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_compute_relabel_context" lineno="653">
+<summary>
+Calculate the context for relabeling objects.
+</summary>
+<desc>
+<p>
+Calculate the context for relabeling objects.
+This is determined by using the type_change
+rules in the policy, and is generally used
+for determining the context for relabeling
+a terminal when a user logs in.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_compute_user_contexts" lineno="673">
+<summary>
+Allows caller to compute possible contexts for a user.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_unconfined" lineno="693">
+<summary>
+Unconfined access to the SELinux kernel security server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<bool name="secure_mode_policyload" dftval="false">
+<desc>
+<p>
+Boolean to determine whether the system permits loading policy, setting
+enforcing mode, and changing boolean values. Set this to true and you
+have to reboot to set it back.
+</p>
+</desc>
+</bool>
+</module>
+<module name="storage" filename="policy/modules/kernel/storage.if">
+<summary>Policy controlling access to storage devices</summary>
+<interface name="storage_getattr_fixed_disk_dev" lineno="14">
+<summary>
+Allow the caller to get the attributes of fixed disk
+device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_getattr_fixed_disk_dev" lineno="34">
+<summary>
+Do not audit attempts made by the caller to get
+the attributes of fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_setattr_fixed_disk_dev" lineno="54">
+<summary>
+Allow the caller to set the attributes of fixed disk
+device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_setattr_fixed_disk_dev" lineno="74">
+<summary>
+Do not audit attempts made by the caller to set
+the attributes of fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_raw_read_fixed_disk" lineno="95">
+<summary>
+Allow the caller to directly read from a fixed disk.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_read_fixed_disk" lineno="118">
+<summary>
+Do not audit attempts made by the caller to read
+fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_raw_write_fixed_disk" lineno="141">
+<summary>
+Allow the caller to directly write to a fixed disk.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_write_fixed_disk" lineno="164">
+<summary>
+Do not audit attempts made by the caller to write
+fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_raw_rw_fixed_disk" lineno="186">
+<summary>
+Allow the caller to directly read and write to a fixed disk.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_create_fixed_disk_dev" lineno="201">
+<summary>
+Allow the caller to create fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_delete_fixed_disk_dev" lineno="221">
+<summary>
+Allow the caller to create fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_manage_fixed_disk" lineno="240">
+<summary>
+Create, read, write, and delete fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dev_filetrans_fixed_disk" lineno="264">
+<summary>
+Create block devices in /dev with the fixed disk type
+via an automatic type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="283">
+<summary>
+Create block devices in on a tmpfs filesystem with the
+fixed disk type via an automatic type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_relabel_fixed_disk" lineno="301">
+<summary>
+Relabel fixed disk device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_swapon_fixed_disk" lineno="320">
+<summary>
+Enable a fixed disk device as swap space
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_getattr_fuse_dev" lineno="340">
+<summary>
+Allow the caller to get the attributes
+of device nodes of fuse devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_rw_fuse" lineno="359">
+<summary>
+read or write fuse device interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_rw_fuse" lineno="378">
+<summary>
+Do not audit attempts to read or write
+fuse device interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_getattr_scsi_generic_dev" lineno="397">
+<summary>
+Allow the caller to get the attributes of
+the generic SCSI interface device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_setattr_scsi_generic_dev" lineno="417">
+<summary>
+Allow the caller to set the attributes of
+the generic SCSI interface device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_read_scsi_generic" lineno="440">
+<summary>
+Allow the caller to directly read, in a
+generic fashion, from any SCSI device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_write_scsi_generic" lineno="465">
+<summary>
+Allow the caller to directly write, in a
+generic fashion, from any SCSI device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_setattr_scsi_generic_dev_dev" lineno="487">
+<summary>
+Set attributes of the device nodes
+for the SCSI generic inerface.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_rw_scsi_generic" lineno="507">
+<summary>
+Do not audit attempts to read or write
+SCSI generic device interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_getattr_removable_dev" lineno="526">
+<summary>
+Allow the caller to get the attributes of removable
+devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_getattr_removable_dev" lineno="546">
+<summary>
+Do not audit attempts made by the caller to get
+the attributes of removable devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_read_removable_device" lineno="565">
+<summary>
+Do not audit attempts made by the caller to read
+removable devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_write_removable_device" lineno="585">
+<summary>
+Do not audit attempts made by the caller to write
+removable devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_setattr_removable_dev" lineno="604">
+<summary>
+Allow the caller to set the attributes of removable
+devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_setattr_removable_dev" lineno="624">
+<summary>
+Do not audit attempts made by the caller to set
+the attributes of removable devices device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_raw_read_removable_device" lineno="646">
+<summary>
+Allow the caller to directly read from
+a removable device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_raw_read_removable_device" lineno="665">
+<summary>
+Do not audit attempts to directly read removable devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_raw_write_removable_device" lineno="687">
+<summary>
+Allow the caller to directly write to
+a removable device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_dontaudit_raw_write_removable_device" lineno="706">
+<summary>
+Do not audit attempts to directly write removable devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="storage_read_tape" lineno="725">
+<summary>
+Allow the caller to directly read
+a tape device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_write_tape" lineno="745">
+<summary>
+Allow the caller to directly read
+a tape device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_getattr_tape_dev" lineno="765">
+<summary>
+Allow the caller to get the attributes
+of device nodes of tape devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_setattr_tape_dev" lineno="785">
+<summary>
+Allow the caller to set the attributes
+of device nodes of tape devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="storage_unconfined" lineno="804">
+<summary>
+Unconfined access to storage devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="terminal" filename="policy/modules/kernel/terminal.if">
+<summary>Policy for terminals.</summary>
+<required val="true">
+Depended on by other required modules.
+</required>
+<interface name="term_pty" lineno="16">
+<summary>
+Transform specified type into a pty type.
+</summary>
+<param name="pty_type">
+<summary>
+An object type that will applied to a pty.
+</summary>
+</param>
+</interface>
+<interface name="term_user_pty" lineno="45">
+<summary>
+Transform specified type into an user
+pty type. This allows it to be relabeled via
+type change by login programs such as ssh.
+</summary>
+<param name="userdomain">
+<summary>
+The type of the user domain associated with
+this pty.
+</summary>
+</param>
+<param name="object_type">
+<summary>
+An object type that will applied to a pty.
+</summary>
+</param>
+</interface>
+<interface name="term_login_pty" lineno="65">
+<summary>
+Transform specified type into a pty type
+used by login programs, such as sshd.
+</summary>
+<param name="pty_type">
+<summary>
+An object type that will applied to a pty.
+</summary>
+</param>
+</interface>
+<interface name="term_tty" lineno="84">
+<summary>
+Transform specified type into a tty type.
+</summary>
+<param name="tty_type">
+<summary>
+An object type that will applied to a tty.
+</summary>
+</param>
+</interface>
+<interface name="term_user_tty" lineno="110">
+<summary>
+Transform specified type into a user tty type.
+</summary>
+<param name="domain">
+<summary>
+User domain that is related to this tty.
+</summary>
+</param>
+<param name="tty_type">
+<summary>
+An object type that will applied to a tty.
+</summary>
+</param>
+</interface>
+<interface name="term_create_pty" lineno="149">
+<summary>
+Create a pty in the /dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+The type of the process creating the pty.
+</summary>
+</param>
+<param name="pty_type">
+<summary>
+The type of the pty.
+</summary>
+</param>
+</interface>
+<interface name="term_write_all_terms" lineno="175">
+<summary>
+Write the console, all
+ttys and all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_use_all_terms" lineno="198">
+<summary>
+Read and write the console, all
+ttys and all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_write_console" lineno="220">
+<summary>
+Write to the console.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_read_console" lineno="240">
+<summary>
+Read from the console.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_read_console" lineno="260">
+<summary>
+Do not audit attempts to read from the console.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_use_console" lineno="279">
+<summary>
+Read from and write to the console.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_console" lineno="299">
+<summary>
+Do not audit attemtps to read from
+or write to the console.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_console" lineno="319">
+<summary>
+Set the attributes of the console
+device node.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_relabel_console" lineno="338">
+<summary>
+Relabel from and to the console type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_create_console_dev" lineno="357">
+<summary>
+Create the console device (/dev/console).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_pty_fs" lineno="377">
+<summary>
+Get the attributes of a pty filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_getattr_pty_dirs" lineno="396">
+<summary>
+Do not audit attempts to get the
+attributes of the /dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_search_ptys" lineno="414">
+<summary>
+Search the contents of the /dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_search_ptys" lineno="434">
+<summary>
+Do not audit attempts to search the
+contents of the /dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_list_ptys" lineno="454">
+<summary>
+Read the /dev/pts directory to
+list all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_list_ptys" lineno="474">
+<summary>
+Do not audit attempts to read the
+/dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_manage_pty_dirs" lineno="493">
+<summary>
+Do not audit attempts to create, read,
+write, or delete the /dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_getattr_generic_ptys" lineno="512">
+<summary>
+Do not audit attempts to get the attributes
+of generic pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_ioctl_generic_ptys" lineno="530">
+<summary>
+ioctl of generic pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_generic_ptys" lineno="552">
+<summary>
+Allow setting the attributes of
+generic pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_setattr_generic_ptys" lineno="572">
+<summary>
+Dontaudit setting the attributes of
+generic pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_use_generic_ptys" lineno="592">
+<summary>
+Read and write the generic pty
+type. This is generally only used in
+the targeted policy.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_use_generic_ptys" lineno="614">
+<summary>
+Dot not audit attempts to read and
+write the generic pty type. This is
+generally only used in the targeted policy.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_controlling_term" lineno="632">
+<summary>
+Set the attributes of the tty device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_controlling_term" lineno="652">
+<summary>
+Read and write the controlling
+terminal (/dev/tty).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_ptmx" lineno="671">
+<summary>
+Get the attributes of the pty multiplexor (/dev/ptmx).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_getattr_ptmx" lineno="690">
+<summary>
+Do not audit attempts to get attributes
+on the pty multiplexor (/dev/ptmx).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_use_ptmx" lineno="708">
+<summary>
+Read and write the pty multiplexor (/dev/ptmx).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_use_ptmx" lineno="728">
+<summary>
+Do not audit attempts to read and
+write the pty multiplexor (/dev/ptmx).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_all_ptys" lineno="748">
+<summary>
+Get the attributes of all
+pty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_getattr_all_ptys" lineno="771">
+<summary>
+Do not audit attempts to get the
+attributes of any pty
+device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_all_ptys" lineno="791">
+<summary>
+Set the attributes of all
+pty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_relabelto_all_ptys" lineno="812">
+<summary>
+Relabel to all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_write_all_ptys" lineno="830">
+<summary>
+Write to all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_all_ptys" lineno="850">
+<summary>
+Read and write all ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_all_ptys" lineno="871">
+<summary>
+Do not audit attempts to read or write any ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_relabel_all_ptys" lineno="889">
+<summary>
+Relabel from and to all pty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_all_user_ptys" lineno="911">
+<summary>
+Get the attributes of all user
+pty device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_getattr_all_user_ptys" lineno="928">
+<summary>
+Do not audit attempts to get the
+attributes of any user pty
+device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_all_user_ptys" lineno="945">
+<summary>
+Set the attributes of all user
+pty device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_relabelto_all_user_ptys" lineno="960">
+<summary>
+Relabel to all user ptys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_write_all_user_ptys" lineno="975">
+<summary>
+Write to all user ptys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_all_user_ptys" lineno="991">
+<summary>
+Read and write all user ptys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_all_user_ptys" lineno="1007">
+<summary>
+Do not audit attempts to read any
+user ptys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_relabel_all_user_ptys" lineno="1023">
+<summary>
+Relabel from and to all user
+user pty device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_unallocated_ttys" lineno="1040">
+<summary>
+Get the attributes of all unallocated
+tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1060">
+<summary>
+Do not audit attempts to get the attributes
+of all unallocated tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_unallocated_ttys" lineno="1080">
+<summary>
+Set the attributes of all unallocated
+tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1100">
+<summary>
+Do not audit attempts to set the attributes
+of unallocated tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1119">
+<summary>
+Do not audit attempts to ioctl
+unallocated tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_relabel_unallocated_ttys" lineno="1138">
+<summary>
+Relabel from and to the unallocated
+tty type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_reset_tty_labels" lineno="1158">
+<summary>
+Relabel from all user tty types to
+the unallocated tty type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_append_unallocated_ttys" lineno="1179">
+<summary>
+Append to unallocated ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_write_unallocated_ttys" lineno="1198">
+<summary>
+Write to unallocated ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_unallocated_ttys" lineno="1218">
+<summary>
+Read and write unallocated ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_unallocated_ttys" lineno="1238">
+<summary>
+Do not audit attempts to read or
+write unallocated ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_all_ttys" lineno="1257">
+<summary>
+Get the attributes of all tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_getattr_all_ttys" lineno="1277">
+<summary>
+Do not audit attempts to get the
+attributes of any tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_all_ttys" lineno="1297">
+<summary>
+Set the attributes of all tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_relabel_all_ttys" lineno="1316">
+<summary>
+Relabel from and to all tty device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_write_all_ttys" lineno="1335">
+<summary>
+Write to all ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_all_ttys" lineno="1355">
+<summary>
+Read and write all ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_all_ttys" lineno="1375">
+<summary>
+Do not audit attempts to read or write
+any ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_all_user_ttys" lineno="1395">
+<summary>
+Get the attributes of all user tty
+device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_getattr_all_user_ttys" lineno="1412">
+<summary>
+Do not audit attempts to get the
+attributes of any user tty
+device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="term_setattr_all_user_ttys" lineno="1429">
+<summary>
+Set the attributes of all user tty
+device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_relabel_all_user_ttys" lineno="1445">
+<summary>
+Relabel from and to all user
+user tty device nodes. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_write_all_user_ttys" lineno="1460">
+<summary>
+Write to all user ttys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_use_all_user_ttys" lineno="1476">
+<summary>
+Read and write all user to all user ttys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="term_dontaudit_use_all_user_ttys" lineno="1492">
+<summary>
+Do not audit attempts to read or write
+any user ttys. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ubac" filename="policy/modules/kernel/ubac.if">
+<summary>User-based access control policy</summary>
+<required val="true">
+Contains attributes used in UBAC policy.
+</required>
+<interface name="ubac_constrained" lineno="29">
+<summary>
+Constrain by user-based access control (UBAC).
+</summary>
+<desc>
+<p>
+Constrain the specified type by user-based
+access control (UBAC). Typically, these are
+user processes or user files that need to be
+differentiated by SELinux user. Normally this
+does not include administrative or privileged
+programs. For the UBAC rules to be enforced,
+both the subject (source) type and the object
+(target) types must be UBAC constrained.
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be constrained by UBAC.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="ubac_file_exempt" lineno="47">
+<summary>
+Exempt user-based access control for files.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_process_exempt" lineno="65">
+<summary>
+Exempt user-based access control for processes.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_fd_exempt" lineno="83">
+<summary>
+Exempt user-based access control for file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_socket_exempt" lineno="101">
+<summary>
+Exempt user-based access control for sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_sysvipc_exempt" lineno="119">
+<summary>
+Exempt user-based access control for SysV IPC.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_xwin_exempt" lineno="137">
+<summary>
+Exempt user-based access control for X Windows.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_dbus_exempt" lineno="155">
+<summary>
+Exempt user-based access control for dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_key_exempt" lineno="173">
+<summary>
+Exempt user-based access control for keys.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+<interface name="ubac_db_exempt" lineno="191">
+<summary>
+Exempt user-based access control for databases.
+</summary>
+<param name="domain">
+<summary>
+Domain to be exempted.
+</summary>
+</param>
+</interface>
+</module>
+</layer>
+<layer name="roles">
+<summary>Policy modules for user roles.</summary>
+<module name="auditadm" filename="policy/modules/roles/auditadm.if">
+<summary>Audit administrator role</summary>
+<interface name="auditadm_role_change" lineno="14">
+<summary>
+Change to the audit administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auditadm_role_change_to" lineno="44">
+<summary>
+Change from the audit administrator role.
+</summary>
+<desc>
+<p>
+Change from the audit administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="logadm" filename="policy/modules/roles/logadm.if">
+<summary>Log administrator role</summary>
+<interface name="logadm_role_change" lineno="14">
+<summary>
+Change to the log administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logadm_role_change_to" lineno="44">
+<summary>
+Change from the log administrator role.
+</summary>
+<desc>
+<p>
+Change from the log administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="secadm" filename="policy/modules/roles/secadm.if">
+<summary>Security administrator role</summary>
+<interface name="secadm_role_change" lineno="14">
+<summary>
+Change to the security administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="secadm_role_change_to_template" lineno="44">
+<summary>
+Change from the security administrator role.
+</summary>
+<desc>
+<p>
+Change from the security administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="staff" filename="policy/modules/roles/staff.if">
+<summary>Administrator's unprivileged user role</summary>
+<interface name="staff_role_change" lineno="14">
+<summary>
+Change to the staff role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="staff_role_change_to" lineno="44">
+<summary>
+Change from the staff role.
+</summary>
+<desc>
+<p>
+Change from the staff role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="sysadm" filename="policy/modules/roles/sysadm.if">
+<summary>General system administration role</summary>
+<interface name="sysadm_role_change" lineno="14">
+<summary>
+Change to the system administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysadm_role_change_to" lineno="44">
+<summary>
+Change from the system administrator role.
+</summary>
+<desc>
+<p>
+Change from the system administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysadm_shell_domtrans" lineno="62">
+<summary>
+Execute a shell in the sysadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_bin_spec_domtrans" lineno="83">
+<summary>
+Execute a generic bin program in the sysadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_entry_spec_domtrans" lineno="106">
+<summary>
+Execute all entrypoint files in the sysadm domain. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_entry_spec_domtrans_to" lineno="141">
+<summary>
+Allow sysadm to execute all entrypoint files in
+a specified domain. This is an explicit transition,
+requiring the caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Allow sysadm to execute all entrypoint files in
+a specified domain. This is an explicit transition,
+requiring the caller to use setexeccon().
+</p>
+<p>
+This is a interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_bin_spec_domtrans_to" lineno="175">
+<summary>
+Allow sysadm to execute a generic bin program in
+a specified domain. This is an explicit transition,
+requiring the caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Allow sysadm to execute a generic bin program in
+a specified domain.
+</p>
+<p>
+This is a interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to execute in.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_sigchld" lineno="196">
+<summary>
+Send a SIGCHLD signal to sysadm users.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_use_fds" lineno="214">
+<summary>
+Inherit and use sysadm file descriptors
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysadm_rw_pipes" lineno="232">
+<summary>
+Read and write sysadm user unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_ptrace" dftval="false">
+<desc>
+<p>
+Allow sysadm to debug or ptrace all processes.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="unprivuser" filename="policy/modules/roles/unprivuser.if">
+<summary>Generic unprivileged user role</summary>
+<interface name="unprivuser_role_change" lineno="14">
+<summary>
+Change to the generic user role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="unprivuser_role_change_to" lineno="44">
+<summary>
+Change from the generic user role.
+</summary>
+<desc>
+<p>
+Change from the generic user role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+</layer>
+<layer name="services">
+<summary>
+ Policy modules for system services, like cron, and network services,
+ like sshd.
+</summary>
+<module name="postgresql" filename="policy/modules/services/postgresql.if">
+<summary>PostgreSQL relational database</summary>
+<interface name="postgresql_role" lineno="18">
+<summary>
+Role access for SE-PostgreSQL.
+</summary>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_loadable_module" lineno="103">
+<summary>
+Marks as a SE-PostgreSQL loadable shared library module
+</summary>
+<param name="type">
+<summary>
+Type marked as a database object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_database_object" lineno="121">
+<summary>
+Marks as a SE-PostgreSQL database object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a database object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_schema_object" lineno="139">
+<summary>
+Marks as a SE-PostgreSQL schema object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a schema object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_table_object" lineno="157">
+<summary>
+Marks as a SE-PostgreSQL table/column/tuple object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a table/column/tuple object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_system_table_object" lineno="175">
+<summary>
+Marks as a SE-PostgreSQL system table/column/tuple object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a table/column/tuple object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_sequence_object" lineno="194">
+<summary>
+Marks as a SE-PostgreSQL sequence type
+</summary>
+<param name="type">
+<summary>
+Type marked as a sequence type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_view_object" lineno="212">
+<summary>
+Marks as a SE-PostgreSQL view object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a view object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_procedure_object" lineno="230">
+<summary>
+Marks as a SE-PostgreSQL procedure object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a database object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_language_object" lineno="248">
+<summary>
+Marks as a SE-PostgreSQL procedural language object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a procedural language object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_blob_object" lineno="266">
+<summary>
+Marks as a SE-PostgreSQL binary large object type
+</summary>
+<param name="type">
+<summary>
+Type marked as a database binary large object type.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_search_db" lineno="284">
+<summary>
+Allow the specified domain to search postgresql's database directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_manage_db" lineno="301">
+<summary>
+Allow the specified domain to manage postgresql's database.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_domtrans" lineno="321">
+<summary>
+Execute postgresql in the postgresql domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_signal" lineno="339">
+<summary>
+Allow domain to signal postgresql
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_read_config" lineno="357">
+<summary>
+Allow the specified domain to read postgresql's etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postgresql_tcp_connect" lineno="378">
+<summary>
+Allow the specified domain to connect to postgresql with a tcp socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_stream_connect" lineno="400">
+<summary>
+Allow the specified domain to connect to postgresql with a unix socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postgresql_unpriv_client" lineno="423">
+<summary>
+Allow the specified domain unprivileged accesses to unifined database objects
+managed by SE-PostgreSQL,
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_unconfined" lineno="508">
+<summary>
+Allow the specified domain unconfined accesses to any database objects
+managed by SE-PostgreSQL,
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgresql_admin" lineno="532">
+<summary>
+All of the rules required to administrate an postgresql environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the postgresql domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="sepgsql_enable_users_ddl" dftval="true">
+<desc>
+<p>
+Allow unprived users to execute DDL statement
+</p>
+</desc>
+</tunable>
+<tunable name="sepgsql_unconfined_dbadm" dftval="true">
+<desc>
+<p>
+Allow database admins to execute DML statement
+</p>
+</desc>
+</tunable>
+</module>
+<module name="ssh" filename="policy/modules/services/ssh.if">
+<summary>Secure shell client and server policy.</summary>
+<template name="ssh_basic_client_template" lineno="34">
+<summary>
+Basic SSH client template.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for ssh client sessions. A derived
+type is also created to protect the user ssh keys.
+</p>
+<p>
+This template was added for NX.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the domain.
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+</template>
+<template name="ssh_server_template" lineno="171">
+<summary>
+The template to define a ssh server.
+</summary>
+<desc>
+<p>
+This template creates a domains to be used for
+creating a ssh server. This is typically done
+to have multiple ssh servers of different sensitivities,
+such as for an internal network-facing ssh server, and
+a external network-facing ssh server.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the server domain (e.g., sshd
+is the prefix for sshd_t).
+</summary>
+</param>
+</template>
+<template name="ssh_role_template" lineno="296">
+<summary>
+Role access for ssh
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</template>
+<interface name="ssh_sigchld" lineno="440">
+<summary>
+Send a SIGCHLD signal to the ssh server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_signal" lineno="458">
+<summary>
+Send a generic signal to the ssh server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_signull" lineno="476">
+<summary>
+Send a null signal to sshd processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_read_pipes" lineno="494">
+<summary>
+Read a ssh server unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_rw_pipes" lineno="511">
+<summary>
+Read and write a ssh server unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_rw_stream_sockets" lineno="529">
+<summary>
+Read and write ssh server unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_rw_tcp_sockets" lineno="547">
+<summary>
+Read and write ssh server TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="566">
+<summary>
+Do not audit attempts to read and write
+ssh server TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ssh_tcp_connect" lineno="584">
+<summary>
+Connect to SSH daemons over TCP sockets. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_domtrans" lineno="598">
+<summary>
+Execute the ssh daemon sshd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ssh_exec" lineno="616">
+<summary>
+Execute the ssh client in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_setattr_key_files" lineno="635">
+<summary>
+Set the attributes of sshd key files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_agent_exec" lineno="654">
+<summary>
+Execute the ssh agent client in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_read_user_home_files" lineno="673">
+<summary>
+Read ssh home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_domtrans_keygen" lineno="694">
+<summary>
+Execute the ssh key generator in the ssh keygen domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ssh_dontaudit_read_server_keys" lineno="712">
+<summary>
+Read ssh server keys
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ssh_manage_home_files" lineno="730">
+<summary>
+Manage ssh home directory content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ssh_delete_tmp" lineno="749">
+<summary>
+Delete from the ssh temp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_ssh_keysign" dftval="false">
+<desc>
+<p>
+allow host key based authentication
+</p>
+</desc>
+</tunable>
+<tunable name="ssh_sysadm_login" dftval="false">
+<desc>
+<p>
+Allow ssh logins as sysadm_r:sysadm_t
+</p>
+</desc>
+</tunable>
+</module>
+<module name="xserver" filename="policy/modules/services/xserver.if">
+<summary>X Windows Server</summary>
+<interface name="xserver_restricted_role" lineno="19">
+<summary>
+Rules required for using the X Windows server
+and environment, for restricted users.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_role" lineno="133">
+<summary>
+Rules required for using the X Windows server
+and environment.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_ro_session" lineno="185">
+<summary>
+Create sessions on the X server, with read-only
+access to the X server shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="tmpfs_type">
+<summary>
+The type of the domain SYSV tmpfs files.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_session" lineno="225">
+<summary>
+Create sessions on the X server, with read and write
+access to the X server shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="tmpfs_type">
+<summary>
+The type of the domain SYSV tmpfs files.
+</summary>
+</param>
+</interface>
+<interface name="xserver_non_drawing_client" lineno="245">
+<summary>
+Create non-drawing client sessions on an X server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_user_client" lineno="282">
+<summary>
+Create full client sessions
+on a user X server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="tmpfs_type">
+<summary>
+The type of the domain SYSV tmpfs files.
+</summary>
+</param>
+</interface>
+<template name="xserver_common_x_domain_template" lineno="343">
+<summary>
+Interface to provide X object permissions on a given X server to
+an X client domain. Provides the minimal set required by a basic
+X client application.
+</summary>
+<param name="prefix">
+<summary>
+The prefix of the X client domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Client domain allowed access.
+</summary>
+</param>
+</template>
+<template name="xserver_object_types_template" lineno="403">
+<summary>
+Template for creating the set of types used
+in an X windows domain.
+</summary>
+<param name="prefix">
+<summary>
+The prefix of the X client domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="xserver_user_x_domain_template" lineno="445">
+<summary>
+Interface to provide X object permissions on a given X server to
+an X client domain. Provides the minimal set required by a basic
+X client application.
+</summary>
+<param name="prefix">
+<summary>
+The prefix of the X client domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Client domain allowed access.
+</summary>
+</param>
+<param name="tmpfs_type">
+<summary>
+The type of the domain SYSV tmpfs files.
+</summary>
+</param>
+</template>
+<interface name="xserver_use_user_fonts" lineno="512">
+<summary>
+Read user fonts, user font configuration,
+and manage the user font cache.
+</summary>
+<desc>
+<p>
+Read user fonts, user font configuration,
+and manage the user font cache.
+</p>
+<p>
+This is a templated interface, and should only
+be called from a per-userdomain template.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_domtrans_xauth" lineno="542">
+<summary>
+Transition to the Xauthority domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="560">
+<summary>
+Create a Xauthority file in the user home directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_use_all_users_fonts" lineno="579">
+<summary>
+Read all users fonts, user font configurations,
+and manage all users font caches.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_user_xauth" lineno="594">
+<summary>
+Read all users .Xauthority.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_setattr_console_pipes" lineno="613">
+<summary>
+Set the attributes of the X windows console named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_console" lineno="631">
+<summary>
+Read and write the X windows console named pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_use_xdm_fds" lineno="649">
+<summary>
+Use file descriptors for xdm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_use_xdm_fds" lineno="668">
+<summary>
+Do not audit attempts to inherit
+XDM file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_xdm_pipes" lineno="686">
+<summary>
+Read and write XDM unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="705">
+<summary>
+Do not audit attempts to read and write
+XDM unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_stream_connect_xdm" lineno="725">
+<summary>
+Connect to XDM over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_rw_config" lineno="744">
+<summary>
+Read xdm-writable configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_setattr_xdm_tmp_dirs" lineno="763">
+<summary>
+Set the attributes of XDM temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_create_xdm_tmp_sockets" lineno="782">
+<summary>
+Create a named socket in a XDM
+temporary directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_pid" lineno="802">
+<summary>
+Read XDM pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_lib_files" lineno="821">
+<summary>
+Read XDM var lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_xsession_entry_type" lineno="839">
+<summary>
+Make an X session script an entrypoint for the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The domain for which the shell is an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="xserver_xsession_spec_domtrans" lineno="876">
+<summary>
+Execute an X session in the target domain. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Execute an Xsession in the target domain. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the shell process.
+</summary>
+</param>
+</interface>
+<interface name="xserver_getattr_log" lineno="894">
+<summary>
+Get the attributes of X server logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_write_log" lineno="914">
+<summary>
+Do not audit attempts to write the X server
+log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_delete_log" lineno="932">
+<summary>
+Delete X server log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xkb_libs" lineno="953">
+<summary>
+Read X keyboard extension libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_tmp_files" lineno="974">
+<summary>
+Read xdm temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="993">
+<summary>
+Do not audit attempts to read xdm temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_xdm_tmp_files" lineno="1012">
+<summary>
+Read write xdm temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_manage_xdm_tmp_files" lineno="1031">
+<summary>
+Create, read, write, and delete xdm temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1050">
+<summary>
+Do not audit attempts to get the attributes of
+xdm temporary named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_domtrans" lineno="1068">
+<summary>
+Execute the X server in the X server domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xserver_signal" lineno="1087">
+<summary>
+Signal X servers
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_kill" lineno="1105">
+<summary>
+Kill X servers
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_shm" lineno="1124">
+<summary>
+Read and write X server Sys V Shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1143">
+<summary>
+Do not audit attempts to read and write to
+X server sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1162">
+<summary>
+Do not audit attempts to read and write X server
+unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xserver_stream_connect" lineno="1181">
+<summary>
+Connect to the X server over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_tmp_files" lineno="1200">
+<summary>
+Read X server temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_manage_core_devices" lineno="1221">
+<summary>
+Interface to provide X object permissions on a given X server to
+an X client domain. Gives the domain permission to read the
+virtual core keyboard and virtual core pointer devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_unconfined" lineno="1244">
+<summary>
+Interface to provide X object permissions on a given X server to
+an X client domain. Gives the domain complete control over the
+display.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_write_xshm" dftval="false">
+<desc>
+<p>
+Allows clients to write to the X server shared
+memory segments.
+</p>
+</desc>
+</tunable>
+<tunable name="xdm_sysadm_login" dftval="false">
+<desc>
+<p>
+Allow xdm logins as sysadm
+</p>
+</desc>
+</tunable>
+<tunable name="xserver_object_manager" dftval="false">
+<desc>
+<p>
+Support X userspace object manager
+</p>
+</desc>
+</tunable>
+</module>
+</layer>
+<layer name="system">
+<summary>
+ Policy modules for system functions from init to multi-user login.
+</summary>
+<module name="application" filename="policy/modules/system/application.if">
+<summary>Policy for user executable applications.</summary>
+<interface name="application_type" lineno="13">
+<summary>
+Make the specified type usable as an application domain.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a domain type.
+</summary>
+</param>
+</interface>
+<interface name="application_executable_file" lineno="36">
+<summary>
+Make the specified type usable for files
+that are exectuables, such as binary programs.
+This does not include shared libraries.
+</summary>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+</interface>
+<interface name="application_exec" lineno="56">
+<summary>
+Execute application executables in the caller domain.
+</summary>
+<param name="type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="application_exec_all" lineno="75">
+<summary>
+Execute all executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="application_domain" lineno="110">
+<summary>
+Create a domain for applications.
+</summary>
+<desc>
+<p>
+Create a domain for applications. Typically these are
+programs that are run interactively.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as an application domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="application_signull" lineno="126">
+<summary>
+Send null signals to all application domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="application_dontaudit_signull" lineno="145">
+<summary>
+Do not audit attempts to send null signals
+to all application domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="application_signal" lineno="163">
+<summary>
+Send general signals to all application domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="application_dontaudit_signal" lineno="182">
+<summary>
+Do not audit attempts to send general signals
+to all application domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="application_dontaudit_sigkill" lineno="201">
+<summary>
+Do not audit attempts to send kill signals
+to all application domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+</module>
+<module name="authlogin" filename="policy/modules/system/authlogin.if">
+<summary>Common policy for authentication and user login.</summary>
+<interface name="auth_role" lineno="18">
+<summary>
+Role access for password authentication.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_use_pam" lineno="43">
+<summary>
+Use PAM for authentication.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_login_pgm_domain" lineno="95">
+<summary>
+Make the specified domain used for a login program.
+</summary>
+<param name="domain">
+<summary>
+Domain type used for a login program domain.
+</summary>
+</param>
+</interface>
+<interface name="auth_login_entry_type" lineno="173">
+<summary>
+Use the login program as an entry point program.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_file" lineno="203">
+<summary>
+Make the specified type usable as a
+login file.
+</summary>
+<desc>
+<p>
+Make the specified type usable as a login file,
+This type has restricted modification capabilities when used with
+other interfaces that permit files_type access.
+The default type has properties similar to that of the shadow file.
+This will also make the type usable as a security file, making
+calls to files_security_file() redundant.
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used as a login file.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="auth_domtrans_login_program" lineno="227">
+<summary>
+Execute a login_program in the target domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the login_program process.
+</summary>
+</param>
+</interface>
+<interface name="auth_ranged_domtrans_login_program" lineno="257">
+<summary>
+Execute a login_program in the target domain,
+with a range transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the login_program process.
+</summary>
+</param>
+<param name="range">
+<summary>
+Range of the login program.
+</summary>
+</param>
+</interface>
+<interface name="auth_search_cache" lineno="283">
+<summary>
+Search authentication cache
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_cache" lineno="301">
+<summary>
+Read authentication cache
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_cache" lineno="319">
+<summary>
+Read/Write authentication cache
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_cache" lineno="337">
+<summary>
+Manage authentication cache
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_var_filetrans_cache" lineno="356">
+<summary>
+Automatic transition from cache_t to cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_chk_passwd" lineno="374">
+<summary>
+Run unix_chkpwd to check a password.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_chkpwd" lineno="422">
+<summary>
+Run unix_chkpwd to check a password.
+Stripped down version to be called within boolean
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_run_chk_passwd" lineno="448">
+<summary>
+Execute chkpwd programs in the chkpwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the chkpwd domain.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_upd_passwd" lineno="467">
+<summary>
+Execute a domain transition to run unix_update.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_run_upd_passwd" lineno="492">
+<summary>
+Execute updpwd programs in the updpwd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the updpwd domain.
+</summary>
+</param>
+</interface>
+<interface name="auth_getattr_shadow" lineno="511">
+<summary>
+Get the attributes of the shadow passwords file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_dontaudit_getattr_shadow" lineno="531">
+<summary>
+Do not audit attempts to get the attributes
+of the shadow passwords file.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_shadow" lineno="553">
+<summary>
+Read the shadow passwords file (/etc/shadow)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_can_read_shadow_passwords" lineno="577">
+<summary>
+Pass shadow assertion for reading.
+</summary>
+<desc>
+<p>
+Pass shadow assertion for reading.
+This should only be used with
+auth_tunable_read_shadow(), and
+only exists because typeattribute
+does not work in conditionals.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_tunable_read_shadow" lineno="603">
+<summary>
+Read the shadow password file.
+</summary>
+<desc>
+<p>
+Read the shadow password file. This
+should only be used in a conditional;
+it does not pass the reading shadow
+assertion.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_dontaudit_read_shadow" lineno="623">
+<summary>
+Do not audit attempts to read the shadow
+password file (/etc/shadow).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_shadow" lineno="641">
+<summary>
+Read and write the shadow password file (/etc/shadow).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_shadow" lineno="663">
+<summary>
+Create, read, write, and delete the shadow
+password file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_etc_filetrans_shadow" lineno="683">
+<summary>
+Automatic transition from etc to shadow.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabelto_shadow" lineno="702">
+<summary>
+Relabel to the shadow
+password file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabel_shadow" lineno="724">
+<summary>
+Relabel from and to the shadow
+password file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_append_faillog" lineno="745">
+<summary>
+Append to the login failure log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_faillog" lineno="764">
+<summary>
+Read and write the login failure log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_lastlog" lineno="784">
+<summary>
+Read the last logins log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auth_append_lastlog" lineno="803">
+<summary>
+Append only to the last logins log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_lastlog" lineno="822">
+<summary>
+Read and write to the last logins log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_pam" lineno="841">
+<summary>
+Execute pam programs in the pam domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_signal_pam" lineno="859">
+<summary>
+Send generic signals to pam processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_run_pam" lineno="882">
+<summary>
+Execute pam programs in the PAM domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the PAM domain.
+</summary>
+</param>
+</interface>
+<interface name="auth_exec_pam" lineno="901">
+<summary>
+Execute the pam program.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_var_auth" lineno="920">
+<summary>
+Read var auth files. Used by various other applications
+and pam applets etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_var_auth" lineno="940">
+<summary>
+Read and write var auth files. Used by various other applications
+and pam applets etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_var_auth" lineno="960">
+<summary>
+Manage var auth files. Used by various other applications
+and pam applets etc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_pam_pid" lineno="981">
+<summary>
+Read PAM PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_dontaudit_read_pam_pid" lineno="1001">
+<summary>
+Do not audit attemps to read PAM PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="auth_delete_pam_pid" lineno="1019">
+<summary>
+Delete pam PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_pam_pid" lineno="1039">
+<summary>
+Manage pam PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_pam_console" lineno="1059">
+<summary>
+Execute pam_console with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_search_pam_console_data" lineno="1078">
+<summary>
+Search the contents of the
+pam_console data directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_list_pam_console_data" lineno="1098">
+<summary>
+List the contents of the pam_console
+data directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabel_pam_console_data_dirs" lineno="1117">
+<summary>
+Relabel pam_console data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_pam_console_data" lineno="1135">
+<summary>
+Read pam_console data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_pam_console_data" lineno="1156">
+<summary>
+Create, read, write, and delete
+pam_console data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_delete_pam_console_data" lineno="1176">
+<summary>
+Delete pam_console data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_all_dirs_except_auth_files" lineno="1203">
+<summary>
+Read all directories on the filesystem, except
+login files and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_all_dirs_except_shadow" lineno="1228">
+<summary>
+Read all directories on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_all_files_except_auth_files" lineno="1251">
+<summary>
+Read all files on the filesystem, except
+login files and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auth_read_all_files_except_shadow" lineno="1277">
+<summary>
+Read all files on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auth_read_all_symlinks_except_auth_files" lineno="1299">
+<summary>
+Read all symbolic links on the filesystem, except
+login files and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_all_symlinks_except_shadow" lineno="1324">
+<summary>
+Read all symbolic links on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabel_all_files_except_auth_files" lineno="1346">
+<summary>
+Relabel all files on the filesystem, except
+login files and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabel_all_files_except_shadow" lineno="1371">
+<summary>
+Relabel all files on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_all_files_except_auth_files" lineno="1393">
+<summary>
+Read and write all files on the filesystem, except
+login files and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_all_files_except_shadow" lineno="1418">
+<summary>
+Read and write all files on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_all_files_except_auth_files" lineno="1440">
+<summary>
+Manage all files on the filesystem, except
+login files passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_all_files_except_shadow" lineno="1465">
+<summary>
+Manage all files on the filesystem, except
+the shadow passwords and listed exceptions.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="exception_types" optional="true">
+<summary>
+The types to be excluded. Each type or attribute
+must be negated by the caller.
+</summary>
+</param>
+</interface>
+<interface name="auth_domtrans_utempter" lineno="1480">
+<summary>
+Execute utempter programs in the utempter domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="auth_run_utempter" lineno="1503">
+<summary>
+Execute utempter programs in the utempter domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the utempter domain.
+</summary>
+</param>
+</interface>
+<interface name="auth_dontaudit_exec_utempter" lineno="1522">
+<summary>
+Do not audit attemps to execute utempter executable.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="auth_setattr_login_records" lineno="1540">
+<summary>
+Set the attributes of login record files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_read_login_records" lineno="1560">
+<summary>
+Read login records files (/var/log/wtmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auth_dontaudit_read_login_records" lineno="1581">
+<summary>
+Do not audit attempts to read login records
+files (/var/log/wtmp).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="auth_dontaudit_write_login_records" lineno="1600">
+<summary>
+Do not audit attempts to write to
+login records files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="auth_append_login_records" lineno="1618">
+<summary>
+Append to login records (wtmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_write_login_records" lineno="1637">
+<summary>
+Write to login records (wtmp).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_rw_login_records" lineno="1655">
+<summary>
+Read and write login records.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_log_filetrans_login_records" lineno="1675">
+<summary>
+Create a login records in the log directory
+using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_manage_login_records" lineno="1694">
+<summary>
+Create, read, write, and delete login
+records files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_relabel_login_records" lineno="1713">
+<summary>
+Relabel login record files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="auth_use_nsswitch" lineno="1741">
+<summary>
+Use nsswitch to look up user, password, group, or
+host information.
+</summary>
+<desc>
+<p>
+Allow the specified domain to look up user, password,
+group, or host information using the name service.
+The most common use of this interface is for services
+that do host name resolution (usually DNS resolution).
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="auth_unconfined" lineno="1812">
+<summary>
+Unconfined access to the authlogin module.
+</summary>
+<desc>
+<p>
+Unconfined access to the authlogin module.
+</p>
+<p>
+Currently, this only allows assertions for
+the shadow passwords file (/etc/shadow) to
+be passed. No access is granted yet.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="clock" filename="policy/modules/system/clock.if">
+<summary>Policy for reading and setting the hardware clock.</summary>
+<interface name="clock_domtrans" lineno="13">
+<summary>
+Execute hwclock in the clock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clock_run" lineno="38">
+<summary>
+Execute hwclock in the clock domain, and
+allow the specified role the hwclock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="clock_exec" lineno="57">
+<summary>
+Execute hwclock in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clock_dontaudit_write_adjtime" lineno="75">
+<summary>
+Do not audit attempts to write clock drift adjustments.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="clock_rw_adjtime" lineno="93">
+<summary>
+Read and write clock drift adjustments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="fstools" filename="policy/modules/system/fstools.if">
+<summary>Tools for filesystem management, such as mkfs and fsck.</summary>
+<interface name="fstools_domtrans" lineno="13">
+<summary>
+Execute fs tools in the fstools domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fstools_run" lineno="39">
+<summary>
+Execute fs tools in the fstools domain, and
+allow the specified role the fs tools domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fstools_exec" lineno="58">
+<summary>
+Execute fsadm in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_signal" lineno="76">
+<summary>
+Send signal to fsadm process
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_read_pipes" lineno="94">
+<summary>
+Read fstools unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_relabelto_entry_files" lineno="113">
+<summary>
+Relabel a file to the type used by the
+filesystem tools programs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_manage_entry_files" lineno="132">
+<summary>
+Create, read, write, and delete a file used by the
+filesystem tools programs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_getattr_swap_files" lineno="150">
+<summary>
+Getattr swapfile
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="getty" filename="policy/modules/system/getty.if">
+<summary>Policy for getty.</summary>
+<interface name="getty_domtrans" lineno="13">
+<summary>
+Execute gettys in the getty domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="getty_use_fds" lineno="32">
+<summary>
+Inherit and use getty file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="getty_read_log" lineno="51">
+<summary>
+Allow process to read getty log file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="getty_read_config" lineno="71">
+<summary>
+Allow process to read getty config file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="getty_rw_config" lineno="91">
+<summary>
+Allow process to edit getty config file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hostname" filename="policy/modules/system/hostname.if">
+<summary>Policy for changing the system host name.</summary>
+<interface name="hostname_domtrans" lineno="13">
+<summary>
+Execute hostname in the hostname domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hostname_run" lineno="38">
+<summary>
+Execute hostname in the hostname domain, and
+allow the specified role the hostname domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hostname_exec" lineno="58">
+<summary>
+Execute hostname in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hotplug" filename="policy/modules/system/hotplug.if">
+<summary>
+Policy for hotplug system, for supporting the
+connection and disconnection of devices at runtime.
+</summary>
+<interface name="hotplug_domtrans" lineno="16">
+<summary>
+Execute hotplug with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_exec" lineno="35">
+<summary>
+Execute hotplug in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_use_fds" lineno="54">
+<summary>
+Inherit and use hotplug file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_dontaudit_use_fds" lineno="73">
+<summary>
+Do not audit attempts to inherit
+hotplug file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_dontaudit_search_config" lineno="92">
+<summary>
+Do not audit attempts to search the
+hotplug configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_getattr_config_dirs" lineno="110">
+<summary>
+Get the attributes of the hotplug configuration directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_search_config" lineno="128">
+<summary>
+Search the hotplug configuration directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hotplug_read_config" lineno="147">
+<summary>
+Read the configuration files for hotplug.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="hotplug_search_pids" lineno="168">
+<summary>
+Search the hotplug PIDs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="init" filename="policy/modules/system/init.if">
+<summary>System initialization programs (init and init scripts).</summary>
+<interface name="init_script_file" lineno="32">
+<summary>
+Create a file type used for init scripts.
+</summary>
+<desc>
+<p>
+Create a file type used for init scripts. It can not be
+used in conjunction with init_script_domain(). These
+script files are typically stored in the /etc/init.d directory.
+</p>
+<p>
+Typically this is used to constrain what services an
+admin can start/stop. For example, a policy writer may want
+to constrain a web administrator to only being able to
+restart the web server, not other services. This special type
+will help address that goal.
+</p>
+<p>
+This also makes the type usable for files; thus an
+explicit call to files_type() is redundant.
+</p>
+</desc>
+<param name="script_file">
+<summary>
+Type to be used for a script file.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="init_script_domain" lineno="67">
+<summary>
+Create a domain used for init scripts.
+</summary>
+<desc>
+<p>
+Create a domain used for init scripts.
+Can not be used in conjunction with
+init_script_file().
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as an init script domain.
+</summary>
+</param>
+<param name="script_file">
+<summary>
+Type of the script file used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="init_domain" lineno="97">
+<summary>
+Create a domain which can be started by init.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="init_ranged_domain" lineno="140">
+<summary>
+Create a domain which can be started by init,
+with a range transition.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<param name="range">
+<summary>
+Range for the domain.
+</summary>
+</param>
+</interface>
+<interface name="init_daemon_domain" lineno="192">
+<summary>
+Create a domain for long running processes
+(daemons/services) which are started by init scripts.
+</summary>
+<desc>
+<p>
+Create a domain for long running processes (daemons/services)
+which are started by init scripts. Short running processes
+should use the init_system_domain() interface instead.
+Typically all long running processes started by an init
+script (usually in /etc/init.d) will need to use this
+interface.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+<p>
+If the process must also run in a specific MLS/MCS level,
+the init_ranged_daemon_domain() should be used instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as a daemon domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="init_ranged_daemon_domain" lineno="283">
+<summary>
+Create a domain for long running processes
+(daemons/services) which are started by init scripts,
+running at a specified MLS/MCS range.
+</summary>
+<desc>
+<p>
+Create a domain for long running processes (daemons/services)
+which are started by init scripts, running at a specified
+MLS/MCS range. Short running processes
+should use the init_ranged_system_domain() interface instead.
+Typically all long running processes started by an init
+script (usually in /etc/init.d) will need to use this
+interface if they need to run in a specific MLS/MCS range.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+<p>
+If the policy build option TYPE is standard (MLS and MCS disabled),
+this interface has the same behavior as init_daemon_domain().
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as a daemon domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<param name="range">
+<summary>
+MLS/MCS range for the domain.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="init_system_domain" lineno="337">
+<summary>
+Create a domain for short running processes
+which are started by init scripts.
+</summary>
+<desc>
+<p>
+Create a domain for short running processes
+which are started by init scripts. These are generally applications that
+are used to initialize the system during boot.
+Long running processes, such as daemons/services
+should use the init_daemon_domain() interface instead.
+Typically all short running processes started by an init
+script (usually in /etc/init.d) will need to use this
+interface.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+<p>
+If the process must also run in a specific MLS/MCS level,
+the init_ranged_system_domain() should be used instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as a system domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="init_ranged_system_domain" lineno="401">
+<summary>
+Create a domain for short running processes
+which are started by init scripts.
+</summary>
+<desc>
+<p>
+Create a domain for long running processes (daemons/services)
+which are started by init scripts.
+These are generally applications that
+are used to initialize the system during boot.
+Long running processes
+should use the init_ranged_system_domain() interface instead.
+Typically all short running processes started by an init
+script (usually in /etc/init.d) will need to use this
+interface if they need to run in a specific MLS/MCS range.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+<p>
+If the policy build option TYPE is standard (MLS and MCS disabled),
+this interface has the same behavior as init_system_domain().
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as a system domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<param name="range">
+<summary>
+Range for the domain.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="init_domtrans" lineno="428">
+<summary>
+Execute init (/sbin/init) with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_exec" lineno="447">
+<summary>
+Execute the init program in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="init_exec_rc" lineno="477">
+<summary>
+Execute the rc application in the caller domain.
+</summary>
+<desc>
+<p>
+This is only applicable to Gentoo or distributions that use the OpenRC
+init system.
+</p>
+<p>
+The OpenRC /sbin/rc binary is used for both init scripts as well as
+management applications and tools. When used for management purposes,
+calling /sbin/rc should never cause a transition to initrc_t.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_getpgid" lineno="496">
+<summary>
+Get the process group of init.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_signull" lineno="514">
+<summary>
+Send init a null signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_sigchld" lineno="532">
+<summary>
+Send init a SIGCHLD signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_stream_connect" lineno="550">
+<summary>
+Connect to init with a unix socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_use_fds" lineno="608">
+<summary>
+Inherit and use file descriptors from init.
+</summary>
+<desc>
+<p>
+Allow the specified domain to inherit file
+descriptors from the init program (process ID 1).
+Typically the only file descriptors to be
+inherited from init are for the console.
+This does not allow the domain any access to
+the object to which the file descriptors references.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>init_dontaudit_use_fds()</li>
+<li>term_dontaudit_use_console()</li>
+<li>term_use_console()</li>
+</ul>
+<p>
+Example usage:
+</p>
+<p>
+init_use_fds(mydomain_t)
+term_use_console(mydomain_t)
+</p>
+<p>
+Normally, processes that can inherit these file
+descriptors (usually services) write messages to the
+system log instead of writing to the console.
+Therefore, in many cases, this access should
+dontaudited instead.
+</p>
+<p>
+Example dontaudit usage:
+</p>
+<p>
+init_dontaudit_use_fds(mydomain_t)
+term_dontaudit_use_console(mydomain_t)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="1"/>
+</interface>
+<interface name="init_dontaudit_use_fds" lineno="627">
+<summary>
+Do not audit attempts to inherit file
+descriptors from init.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_udp_send" lineno="645">
+<summary>
+Send UDP network traffic to init. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_initctl" lineno="659">
+<summary>
+Get the attributes of initctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_getattr_initctl" lineno="678">
+<summary>
+Do not audit attempts to get the
+attributes of initctl.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_write_initctl" lineno="696">
+<summary>
+Write to initctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_telinit" lineno="716">
+<summary>
+Use telinit (Read and write initctl).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="init_rw_initctl" lineno="747">
+<summary>
+Read and write initctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_rw_initctl" lineno="767">
+<summary>
+Do not audit attempts to read and
+write initctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_script_file_entry_type" lineno="786">
+<summary>
+Make init scripts an entry point for
+the specified domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_spec_domtrans_script" lineno="804">
+<summary>
+Execute init scripts with a specified domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_domtrans_script" lineno="839">
+<summary>
+Execute init scripts with an automatic domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_script_file_domtrans" lineno="881">
+<summary>
+Execute a init script in a specified domain.
+</summary>
+<desc>
+<p>
+Execute a init script in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="init_labeled_script_domtrans" lineno="906">
+<summary>
+Transition to the init script domain
+on a specified labeled init script.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="init_script_file">
+<summary>
+Labeled init script file.
+</summary>
+</param>
+</interface>
+<interface name="init_all_labeled_script_domtrans" lineno="926">
+<summary>
+Transition to the init script domain
+for all labeled init script types
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_run_daemon" lineno="956">
+<summary>
+Start and stop daemon programs directly.
+</summary>
+<desc>
+<p>
+Start and stop daemon programs directly
+in the traditional "/etc/init.d/daemon start"
+style, and do not require run_init.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be performing this action.
+</summary>
+</param>
+</interface>
+<interface name="init_read_state" lineno="976">
+<summary>
+Read the process state (/proc/pid) of init.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_ptrace" lineno="997">
+<summary>
+Ptrace init
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="init_write_script_pipes" lineno="1015">
+<summary>
+Write an init script unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_script_files" lineno="1033">
+<summary>
+Get the attribute of init script entrypoint files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_script_files" lineno="1052">
+<summary>
+Read init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_exec_script_files" lineno="1071">
+<summary>
+Execute init scripts in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_all_script_files" lineno="1090">
+<summary>
+Get the attribute of all init script entrypoint files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_all_script_files" lineno="1109">
+<summary>
+Read all init script files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_read_all_script_files" lineno="1128">
+<summary>
+Dontaudit read all init script files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_exec_all_script_files" lineno="1146">
+<summary>
+Execute all init scripts in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_script_state" lineno="1165">
+<summary>
+Read the process state (/proc/pid) of the init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_use_script_fds" lineno="1189">
+<summary>
+Inherit and use init script file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_use_script_fds" lineno="1208">
+<summary>
+Do not audit attempts to inherit
+init script file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_search_script_keys" lineno="1226">
+<summary>
+Search init script keys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_getpgid_script" lineno="1244">
+<summary>
+Get the process group ID of init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_sigchld_script" lineno="1262">
+<summary>
+Send SIGCHLD signals to init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_signal_script" lineno="1280">
+<summary>
+Send generic signals to init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_signull_script" lineno="1298">
+<summary>
+Send null signals to init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_script_pipes" lineno="1316">
+<summary>
+Read and write init script unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_udp_send_script" lineno="1334">
+<summary>
+Send UDP network traffic to init scripts. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_stream_connect_script" lineno="1349">
+<summary>
+Allow the specified domain to connect to
+init scripts with a unix socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_script_stream_sockets" lineno="1368">
+<summary>
+Allow the specified domain to read/write to
+init scripts with a unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_stream_connect_script" lineno="1387">
+<summary>
+Dont audit the specified domain connecting to
+init scripts with a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_dbus_send_script" lineno="1404">
+<summary>
+Send messages to init scripts over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dbus_chat_script" lineno="1424">
+<summary>
+Send and receive messages from
+init scripts over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_use_script_ptys" lineno="1453">
+<summary>
+Read and write the init script pty.
+</summary>
+<desc>
+<p>
+Read and write the init script pty. This
+pty is generally opened by the open_init_pty
+portion of the run_init program so that the
+daemon does not require direct access to
+the administrator terminal.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_use_script_ptys" lineno="1473">
+<summary>
+Do not audit attempts to read and
+write the init script pty.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_script_status_files" lineno="1492">
+<summary>
+Get the attributes of init script
+status files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_read_script_status_files" lineno="1511">
+<summary>
+Do not audit attempts to read init script
+status files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_read_script_tmp_files" lineno="1530">
+<summary>
+Read init script temporary data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_script_tmp_files" lineno="1549">
+<summary>
+Read and write init script temporary data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_script_tmp_filetrans" lineno="1579">
+<summary>
+Create files in a init script
+temporary data directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_utmp" lineno="1598">
+<summary>
+Get the attributes of init script process id files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_utmp" lineno="1616">
+<summary>
+Read utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_write_utmp" lineno="1635">
+<summary>
+Do not audit attempts to write utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_write_utmp" lineno="1653">
+<summary>
+Write to utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_lock_utmp" lineno="1673">
+<summary>
+Do not audit attempts to lock
+init script pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_utmp" lineno="1691">
+<summary>
+Read and write utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_rw_utmp" lineno="1710">
+<summary>
+Do not audit attempts to read and write utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_manage_utmp" lineno="1728">
+<summary>
+Create, read, write, and delete utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_pid_filetrans_utmp" lineno="1748">
+<summary>
+Create files in /var/run with the
+utmp file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_tcp_recvfrom_all_daemons" lineno="1766">
+<summary>
+Allow the specified domain to connect to daemon with a tcp socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_udp_recvfrom_all_daemons" lineno="1784">
+<summary>
+Allow the specified domain to connect to daemon with a udp socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="init_upstart" dftval="false">
+<desc>
+<p>
+Enable support for upstart as the init program.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="ipsec" filename="policy/modules/system/ipsec.if">
+<summary>TCP/IP encryption</summary>
+<interface name="ipsec_domtrans" lineno="13">
+<summary>
+Execute ipsec in the ipsec domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_stream_connect" lineno="31">
+<summary>
+Connect to IPSEC using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_domtrans_mgmt" lineno="50">
+<summary>
+Execute ipsec in the ipsec mgmt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_stream_connect_racoon" lineno="68">
+<summary>
+Connect to racoon using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_getattr_key_sockets" lineno="87">
+<summary>
+Get the attributes of an IPSEC key socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_exec_mgmt" lineno="105">
+<summary>
+Execute the IPSEC management program in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_signal_mgmt" lineno="124">
+<summary>
+Send ipsec mgmt a general signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_signull_mgmt" lineno="143">
+<summary>
+Send ipsec mgmt a null signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_kill_mgmt" lineno="162">
+<summary>
+Send ipsec mgmt a kill signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_mgmt_dbus_chat" lineno="181">
+<summary>
+Send and receive messages from
+ipsec-mgmt over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_read_config" lineno="202">
+<summary>
+Read the IPSEC configuration
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ipsec_match_default_spd" lineno="221">
+<summary>
+Match the default SPD entry.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_setcontext_default_spd" lineno="241">
+<summary>
+Set the context of a SPD entry to
+the default context.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_write_pid" lineno="259">
+<summary>
+write the ipsec_var_run_t files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_manage_pid" lineno="278">
+<summary>
+Create, read, write, and delete the IPSEC pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_domtrans_racoon" lineno="297">
+<summary>
+Execute racoon in the racoon domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_run_racoon" lineno="321">
+<summary>
+Execute racoon and allow the specified role the domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ipsec_domtrans_setkey" lineno="340">
+<summary>
+Execute setkey in the setkey domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ipsec_run_setkey" lineno="364">
+<summary>
+Execute setkey and allow the specified role the domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access..
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="racoon_read_shadow" dftval="false">
+<desc>
+<p>
+Allow racoon to read shadow
+</p>
+</desc>
+</tunable>
+</module>
+<module name="iptables" filename="policy/modules/system/iptables.if">
+<summary>Policy for iptables.</summary>
+<interface name="iptables_domtrans" lineno="13">
+<summary>
+Execute iptables in the iptables domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="iptables_run" lineno="43">
+<summary>
+Execute iptables in the iptables domain, and
+allow the specified role the iptables domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="iptables_exec" lineno="62">
+<summary>
+Execute iptables in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_initrc_domtrans" lineno="81">
+<summary>
+Execute iptables in the iptables domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="iptables_setattr_config" lineno="99">
+<summary>
+Set the attributes of iptables config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_read_config" lineno="118">
+<summary>
+Read iptables config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_etc_filetrans_config" lineno="139">
+<summary>
+Create files in /etc with the type used for
+the iptables config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_manage_config" lineno="157">
+<summary>
+Manage iptables config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="libraries" filename="policy/modules/system/libraries.if">
+<summary>Policy for system libraries.</summary>
+<interface name="libs_domtrans_ldconfig" lineno="13">
+<summary>
+Execute ldconfig in the ldconfig domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="libs_run_ldconfig" lineno="38">
+<summary>
+Execute ldconfig in the ldconfig domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the ldconfig domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="libs_exec_ldconfig" lineno="58">
+<summary>
+Execute ldconfig in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="libs_use_ld_so" lineno="78">
+<summary>
+Use the dynamic link/loader for automatic loading
+of shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_legacy_use_ld_so" lineno="103">
+<summary>
+Use the dynamic link/loader for automatic loading
+of shared libraries with legacy support.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_exec_ld_so" lineno="123">
+<summary>
+Execute the dynamic link/loader in the caller's domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_manage_ld_so" lineno="145">
+<summary>
+Create, read, write, and delete the
+dynamic link/loader.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_relabel_ld_so" lineno="165">
+<summary>
+Relabel to and from the type used for
+the dynamic link/loader.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_rw_ld_so_cache" lineno="184">
+<summary>
+Modify the dynamic link/loader's cached listing
+of shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_search_lib" lineno="203">
+<summary>
+Search library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_dontaudit_write_lib_dirs" lineno="228">
+<summary>
+Do not audit attempts to write to library directories.
+</summary>
+<desc>
+<p>
+Do not audit attempts to write to library directories.
+Typically this is used to quiet attempts to recompile
+python byte code.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="libs_manage_lib_dirs" lineno="246">
+<summary>
+Create, read, write, and delete library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_dontaudit_setattr_lib_files" lineno="264">
+<summary>
+dontaudit attempts to setattr on library files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="libs_read_lib_files" lineno="283">
+<summary>
+Read files in the library directories, such
+as static libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_exec_lib_files" lineno="304">
+<summary>
+Execute library scripts in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_use_lib_files" lineno="326">
+<summary>
+Load and execute functions from generic
+lib files as shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_manage_lib_files" lineno="343">
+<summary>
+Create, read, write, and delete generic
+files in library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_relabelto_lib_files" lineno="361">
+<summary>
+Relabel files to the type used in library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_relabel_lib_files" lineno="381">
+<summary>
+Relabel to and from the type used
+for generic lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_delete_lib_symlinks" lineno="400">
+<summary>
+Delete generic symlinks in library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_manage_shared_libs" lineno="419">
+<summary>
+Create, read, write, and delete shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_use_shared_libs" lineno="437">
+<summary>
+Load and execute functions from shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_legacy_use_shared_libs" lineno="460">
+<summary>
+Load and execute functions from shared libraries,
+with legacy support.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="libs_relabel_shared_libs" lineno="481">
+<summary>
+Relabel to and from the type used for
+shared libraries.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lib_filetrans_shared_lib" lineno="505">
+<summary>
+Create an object in lib directories, with
+the shared libraries type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="files_lib_filetrans_shared_lib" lineno="534">
+<summary>
+Create an object in lib directories, with
+the shared libraries type using a type transition. (Deprecated)
+</summary>
+<desc>
+<p>
+Create an object in lib directories, with
+the shared libraries type using a type transition. (Deprecated)
+</p>
+<p>
+lib_filetrans_shared_lib() should be used instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+</module>
+<module name="locallogin" filename="policy/modules/system/locallogin.if">
+<summary>Policy for local logins.</summary>
+<interface name="locallogin_domtrans" lineno="13">
+<summary>
+Execute local logins in the local login domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_use_fds" lineno="35">
+<summary>
+Allow processes to inherit local login file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_dontaudit_use_fds" lineno="53">
+<summary>
+Do not audit attempts to inherit local login file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_signull" lineno="71">
+<summary>
+Send a null signal to local login processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_search_keys" lineno="89">
+<summary>
+Search for key.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_link_keys" lineno="107">
+<summary>
+Allow link to the local_login key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_domtrans_sulogin" lineno="125">
+<summary>
+Execute local logins in the local login domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="logging" filename="policy/modules/system/logging.if">
+<summary>Policy for the kernel message logger and system logging daemon.</summary>
+<interface name="logging_log_file" lineno="41">
+<summary>
+Make the specified type usable for log files
+in a filesystem.
+</summary>
+<desc>
+<p>
+Make the specified type usable for log files in a filesystem.
+This will also make the type usable for files, making
+calls to files_type() redundant. Failure to use this interface
+for a log file type may result in problems with log
+rotation, log analysis, and log monitoring programs.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>logging_log_filetrans()</li>
+</ul>
+<p>
+Example usage with a domain that can create
+and append to a private log file stored in the
+general directories (e.g., /var/log):
+</p>
+<p>
+type mylogfile_t;
+logging_log_file(mylogfile_t)
+allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
+logging_log_filetrans(mydomain_t, mylogfile_t, file)
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="logging_send_audit_msgs" lineno="62">
+<summary>
+Send audit messages.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_dontaudit_send_audit_msgs" lineno="77">
+<summary>
+dontaudit attempts to send audit messages.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="logging_set_loginuid" lineno="92">
+<summary>
+Set login uid
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_set_tty_audit" lineno="107">
+<summary>
+Set tty auditing
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_set_audit_parameters" lineno="121">
+<summary>
+Set up audit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_read_audit_log" lineno="137">
+<summary>
+Read the audit log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_domtrans_auditctl" lineno="157">
+<summary>
+Execute auditctl in the auditctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logging_run_auditctl" lineno="182">
+<summary>
+Execute auditctl in the auditctl domain, and
+allow the specified role the auditctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_domtrans_auditd" lineno="201">
+<summary>
+Execute auditd in the auditd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logging_run_auditd" lineno="225">
+<summary>
+Execute auditd in the auditd domain, and
+allow the specified role the auditd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_stream_connect_auditd" lineno="244">
+<summary>
+Connect to auditdstored over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_domtrans_dispatcher" lineno="259">
+<summary>
+Execute a domain transition to run the audit dispatcher.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logging_signal_dispatcher" lineno="277">
+<summary>
+Signal the audit dispatcher.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_dispatcher_domain" lineno="301">
+<summary>
+Create a domain for processes
+which can be started by the system audit dispatcher
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="logging_stream_connect_dispatcher" lineno="329">
+<summary>
+Connect to the audit dispatcher over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_manage_audit_config" lineno="349">
+<summary>
+Manage the auditd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_manage_audit_log" lineno="369">
+<summary>
+Manage the audit log.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_domtrans_klog" lineno="389">
+<summary>
+Execute klogd in the klog domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logging_check_exec_syslog" lineno="408">
+<summary>
+Check if syslogd is executable.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_domtrans_syslog" lineno="428">
+<summary>
+Execute syslogd in the syslog domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="logging_log_filetrans" lineno="485">
+<summary>
+Create an object in the log directory, with a private type.
+</summary>
+<desc>
+<p>
+Allow the specified domain to create an object
+in the general system log directories (e.g., /var/log)
+with a private type. Typically this is used for creating
+private log files in /var/log with the private type instead
+of the general system log type. To accomplish this goal,
+either the program must be SELinux-aware, or use this interface.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>logging_log_file()</li>
+</ul>
+<p>
+Example usage with a domain that can create
+and append to a private log file stored in the
+general directories (e.g., /var/log):
+</p>
+<p>
+type mylogfile_t;
+logging_log_file(mylogfile_t)
+allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
+logging_log_filetrans(mydomain_t, mylogfile_t, file)
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="logging_send_syslog_msg" lineno="526">
+<summary>
+Send system log messages.
+</summary>
+<desc>
+<p>
+Allow the specified domain to connect to the
+system log service (syslog), to send messages be added to
+the system logs. Typically this is used by services
+that do not have their own log file in /var/log.
+</p>
+<p>
+This does not allow messages to be sent to
+the auditing system.
+</p>
+<p>
+Programs which use the libc function syslog() will
+require this access.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>logging_send_audit_msgs()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_read_audit_config" lineno="557">
+<summary>
+Read the auditd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_dontaudit_search_audit_config" lineno="578">
+<summary>
+dontaudit search of auditd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_read_syslog_config" lineno="597">
+<summary>
+Read syslog configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_search_logs" lineno="617">
+<summary>
+Allows the domain to open a file in the
+log directory, but does not allow the listing
+of the contents of the log directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_dontaudit_search_logs" lineno="636">
+<summary>
+Do not audit attempts to search the var log directory.
+</summary>
+<param name="domain">
+<summary>
+Domain not to audit.
+</summary>
+</param>
+</interface>
+<interface name="logging_list_logs" lineno="654">
+<summary>
+List the contents of the generic log directory (/var/log).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_rw_generic_log_dirs" lineno="673">
+<summary>
+Read and write the generic log directory (/var/log).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_setattr_all_log_dirs" lineno="693">
+<summary>
+Set attributes on all log dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_dontaudit_getattr_all_logs" lineno="712">
+<summary>
+Do not audit attempts to get the atttributes
+of any log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="logging_append_all_logs" lineno="730">
+<summary>
+Append to all log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_read_all_logs" lineno="751">
+<summary>
+Read all log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_exec_all_logs" lineno="773">
+<summary>
+Execute all log files in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_rw_all_logs" lineno="793">
+<summary>
+read/write to all log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_manage_all_logs" lineno="813">
+<summary>
+Create, read, write, and delete all log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_read_generic_logs" lineno="834">
+<summary>
+Read generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_write_generic_logs" lineno="854">
+<summary>
+Write generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_dontaudit_write_generic_logs" lineno="874">
+<summary>
+Dontaudit Write generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="logging_rw_generic_logs" lineno="892">
+<summary>
+Read and write generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_manage_generic_logs" lineno="914">
+<summary>
+Create, read, write, and delete
+generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_admin_audit" lineno="940">
+<summary>
+All of the rules required to administrate
+the audit environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+User role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_admin_syslog" lineno="984">
+<summary>
+All of the rules required to administrate
+the syslog environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+User role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_admin" lineno="1042">
+<summary>
+All of the rules required to administrate
+the logging environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+User role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="lvm" filename="policy/modules/system/lvm.if">
+<summary>Policy for logical volume management programs.</summary>
+<interface name="lvm_domtrans" lineno="13">
+<summary>
+Execute lvm programs in the lvm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="lvm_exec" lineno="32">
+<summary>
+Execute lvm programs in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lvm_run" lineno="57">
+<summary>
+Execute lvm programs in the lvm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the LVM domain.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lvm_read_config" lineno="77">
+<summary>
+Read LVM configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lvm_manage_config" lineno="98">
+<summary>
+Manage LVM configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lvm_domtrans_clvmd" lineno="118">
+<summary>
+Execute a domain transition to run clvmd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="miscfiles" filename="policy/modules/system/miscfiles.if">
+<summary>Miscelaneous files.</summary>
+<interface name="miscfiles_cert_type" lineno="38">
+<summary>
+Make the specified type usable as a cert file.
+</summary>
+<desc>
+<p>
+Make the specified type usable for cert files.
+This will also make the type usable for files, making
+calls to files_type() redundant. Failure to use this interface
+for a temporary file may result in problems with
+cert management tools.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_type()</li>
+</ul>
+<p>
+Example:
+</p>
+<p>
+type mycertfile_t;
+cert_type(mycertfile_t)
+allow mydomain_t mycertfile_t:file read_file_perms;
+files_search_etc(mydomain_t)
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="miscfiles_read_all_certs" lineno="58">
+<summary>
+Read all SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_read_generic_certs" lineno="79">
+<summary>
+Read generic SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_manage_generic_cert_dirs" lineno="99">
+<summary>
+Manage generic SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_generic_cert_files" lineno="118">
+<summary>
+Manage generic SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_read_certs" lineno="137">
+<summary>
+Read SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_cert_dirs" lineno="152">
+<summary>
+Manage SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_cert_files" lineno="167">
+<summary>
+Manage SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_fonts" lineno="183">
+<summary>
+Read fonts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_setattr_fonts_dirs" lineno="212">
+<summary>
+Set the attributes on a fonts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="232">
+<summary>
+Do not audit attempts to set the attributes
+on a fonts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_dontaudit_write_fonts" lineno="251">
+<summary>
+Do not audit attempts to write fonts.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_manage_fonts" lineno="271">
+<summary>
+Create, read, write, and delete fonts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="295">
+<summary>
+Set the attributes on a fonts cache directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="314">
+<summary>
+Do not audit attempts to set the attributes
+on a fonts cache directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_fonts_cache" lineno="333">
+<summary>
+Create, read, write, and delete fonts cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_read_hwdata" lineno="355">
+<summary>
+Read hardware identification data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_setattr_localization" lineno="375">
+<summary>
+Allow process to setattr localization info
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_localization" lineno="407">
+<summary>
+Allow process to read localization information.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read the localization files.
+This is typically for time zone configuration files, such as
+/etc/localtime and files in /usr/share/zoneinfo.
+Typically, any domain which needs to know the GMT/UTC
+offset of the current timezone will need access
+to these files. Generally, it should be safe for any
+domain to read these files.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="miscfiles_rw_localization" lineno="429">
+<summary>
+Allow process to write localization info
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_relabel_localization" lineno="449">
+<summary>
+Allow process to relabel localization info
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_legacy_read_localization" lineno="468">
+<summary>
+Allow process to read legacy time localization info
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_search_man_pages" lineno="487">
+<summary>
+Search man pages.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_dontaudit_search_man_pages" lineno="506">
+<summary>
+Do not audit attempts to search man pages.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_man_pages" lineno="525">
+<summary>
+Read man pages
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_delete_man_pages" lineno="547">
+<summary>
+Delete man pages
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_man_pages" lineno="572">
+<summary>
+Create, read, write, and delete man pages
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_public_files" lineno="595">
+<summary>
+Read public files used for file
+transfer services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_manage_public_files" lineno="617">
+<summary>
+Create, read, write, and delete public files
+and directories used for file transfer services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_read_tetex_data" lineno="637">
+<summary>
+Read TeX data
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_exec_tetex_data" lineno="661">
+<summary>
+Execute TeX data programs in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_domain_entry_test_files" lineno="686">
+<summary>
+Let test files be an entry point for
+a specified domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_test_files" lineno="704">
+<summary>
+Read test files and directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_exec_test_files" lineno="723">
+<summary>
+Execute test files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_etc_filetrans_localization" lineno="742">
+<summary>
+Execute test files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_localization" lineno="762">
+<summary>
+Create, read, write, and delete localization
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="modutils" filename="policy/modules/system/modutils.if">
+<summary>Policy for kernel module utilities</summary>
+<interface name="modutils_getattr_module_deps" lineno="13">
+<summary>
+Getattr the dependencies of kernel modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_read_module_deps" lineno="31">
+<summary>
+Read the dependencies of kernel modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_read_module_config" lineno="52">
+<summary>
+Read the configuration options used when
+loading modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="modutils_rename_module_config" lineno="77">
+<summary>
+Rename a file with the configuration options used when
+loading modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_delete_module_config" lineno="96">
+<summary>
+Unlink a file with the configuration options used when
+loading modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_manage_module_config" lineno="115">
+<summary>
+Manage files with the configuration options used when
+loading modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_domtrans_insmod_uncond" lineno="135">
+<summary>
+Unconditionally execute insmod in the insmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modutils_domtrans_insmod" lineno="154">
+<summary>
+Execute insmod in the insmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modutils_run_insmod" lineno="182">
+<summary>
+Execute insmod in the insmod domain, and
+allow the specified role the insmod domain,
+and use the caller's terminal. Has a sigchld
+backchannel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="modutils_exec_insmod" lineno="201">
+<summary>
+Execute insmod in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_domtrans_depmod" lineno="220">
+<summary>
+Execute depmod in the depmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modutils_run_depmod" lineno="245">
+<summary>
+Execute depmod in the depmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="modutils_exec_depmod" lineno="264">
+<summary>
+Execute depmod in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_domtrans_update_mods" lineno="283">
+<summary>
+Execute depmod in the depmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modutils_run_update_mods" lineno="308">
+<summary>
+Execute update_modules in the update_modules domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="modutils_exec_update_mods" lineno="327">
+<summary>
+Execute update_modules in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mount" filename="policy/modules/system/mount.if">
+<summary>Policy for mount.</summary>
+<interface name="mount_domtrans" lineno="13">
+<summary>
+Execute mount in the mount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mount_run" lineno="39">
+<summary>
+Execute mount in the mount domain, and
+allow the specified role the mount domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mount_exec" lineno="58">
+<summary>
+Execute mount in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_signal" lineno="80">
+<summary>
+Send a generic signal to mount.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_use_fds" lineno="98">
+<summary>
+Use file descriptors for mount.
+</summary>
+<param name="domain">
+<summary>
+The type of the process performing this action.
+</summary>
+</param>
+</interface>
+<interface name="mount_send_nfs_client_request" lineno="128">
+<summary>
+Allow the mount domain to send nfs requests for mounting
+network drives
+</summary>
+<desc>
+<p>
+Allow the mount domain to send nfs requests for mounting
+network drives
+</p>
+<p>
+This interface has been deprecated as these rules were
+a side effect of leaked mount file descriptors. This
+interface has no effect.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_domtrans_unconfined" lineno="142">
+<summary>
+Execute mount in the unconfined mount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mount_run_unconfined" lineno="168">
+<summary>
+Execute mount in the unconfined mount domain, and
+allow the specified role the unconfined mount domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_mount_anyfile" dftval="false">
+<desc>
+<p>
+Allow the mount command to mount any directory or file.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="netlabel" filename="policy/modules/system/netlabel.if">
+<summary>NetLabel/CIPSO labeled networking management</summary>
+<interface name="netlabel_domtrans_mgmt" lineno="13">
+<summary>
+Execute netlabel_mgmt in the netlabel_mgmt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="netlabel_run_mgmt" lineno="39">
+<summary>
+Execute netlabel_mgmt in the netlabel_mgmt domain, and
+allow the specified role the netlabel_mgmt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="selinuxutil" filename="policy/modules/system/selinuxutil.if">
+<summary>Policy for SELinux policy and userland applications.</summary>
+<interface name="seutil_domtrans_checkpolicy" lineno="13">
+<summary>
+Execute checkpolicy in the checkpolicy domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_checkpolicy" lineno="41">
+<summary>
+Execute checkpolicy in the checkpolicy domain, and
+allow the specified role the checkpolicy domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_exec_checkpolicy" lineno="61">
+<summary>
+Execute checkpolicy in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_domtrans_loadpolicy" lineno="81">
+<summary>
+Execute load_policy in the load_policy domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_loadpolicy" lineno="108">
+<summary>
+Execute load_policy in the load_policy domain, and
+allow the specified role the load_policy domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_exec_loadpolicy" lineno="127">
+<summary>
+Execute load_policy in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_read_loadpolicy" lineno="146">
+<summary>
+Read the load_policy program file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_domtrans_newrole" lineno="165">
+<summary>
+Execute newrole in the newole domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_newrole" lineno="193">
+<summary>
+Execute newrole in the newrole domain, and
+allow the specified role the newrole domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_exec_newrole" lineno="212">
+<summary>
+Execute newrole in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_dontaudit_signal_newrole" lineno="233">
+<summary>
+Do not audit the caller attempts to send
+a signal to newrole.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="seutil_sigchld_newrole" lineno="261">
+<summary>
+Send a SIGCHLD signal to newrole.
+</summary>
+<desc>
+<p>
+Allow the specified domain to send a SIGCHLD
+signal to newrole. This signal is automatically
+sent from a process that is terminating to
+its parent. This may be needed by domains
+that are executed from newrole.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="1"/>
+</interface>
+<interface name="seutil_use_newrole_fds" lineno="279">
+<summary>
+Inherit and use newrole file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_dontaudit_use_newrole_fds" lineno="298">
+<summary>
+Do not audit attempts to inherit and use
+newrole file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="seutil_domtrans_restorecon" lineno="316">
+<summary>
+Execute restorecon in the restorecon domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_restorecon" lineno="339">
+<summary>
+Execute restorecon in the restorecon domain, and
+allow the specified role the restorecon domain,
+and use the caller's terminal. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_exec_restorecon" lineno="355">
+<summary>
+Execute restorecon in the caller domain. (Deprecated)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_domtrans_runinit" lineno="370">
+<summary>
+Execute run_init in the run_init domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_init_script_domtrans_runinit" lineno="396">
+<summary>
+Execute init scripts in the run_init domain.
+</summary>
+<desc>
+<p>
+Execute init scripts in the run_init domain.
+This is used for the Gentoo integrated run_init.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_runinit" lineno="426">
+<summary>
+Execute run_init in the run_init domain, and
+allow the specified role the run_init domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_init_script_run_runinit" lineno="462">
+<summary>
+Execute init scripts in the run_init domain, and
+allow the specified role the run_init domain,
+and use the caller's terminal.
+</summary>
+<desc>
+<p>
+Execute init scripts in the run_init domain, and
+allow the specified role the run_init domain,
+and use the caller's terminal.
+</p>
+<p>
+This is used for the Gentoo integrated run_init.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_use_runinit_fds" lineno="481">
+<summary>
+Inherit and use run_init file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_domtrans_setfiles" lineno="499">
+<summary>
+Execute setfiles in the setfiles domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_setfiles" lineno="527">
+<summary>
+Execute setfiles in the setfiles domain, and
+allow the specified role the setfiles domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_exec_setfiles" lineno="546">
+<summary>
+Execute setfiles in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_dontaudit_search_config" lineno="567">
+<summary>
+Do not audit attempts to search the SELinux
+configuration directory (/etc/selinux).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="seutil_dontaudit_read_config" lineno="586">
+<summary>
+Do not audit attempts to read the SELinux
+userland configuration (/etc/selinux).
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="seutil_read_config" lineno="606">
+<summary>
+Read the general SELinux configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_rw_config" lineno="628">
+<summary>
+Read and write the general SELinux configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_manage_selinux_config" lineno="660">
+<summary>
+Create, read, write, and delete
+the general selinux configuration files. (Deprecated)
+</summary>
+<desc>
+<p>
+Create, read, write, and delete
+the general selinux configuration files.
+</p>
+<p>
+This interface has been deprecated, please
+use the seutil_manage_config() interface instead.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_manage_config" lineno="677">
+<summary>
+Create, read, write, and delete
+the general selinux configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_manage_config_dirs" lineno="699">
+<summary>
+Create, read, write, and delete
+the general selinux configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_search_default_contexts" lineno="718">
+<summary>
+Search the policy directory with default_context files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_read_default_contexts" lineno="738">
+<summary>
+Read the default_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_manage_default_contexts" lineno="759">
+<summary>
+Create, read, write, and delete the default_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_read_file_contexts" lineno="780">
+<summary>
+Read the file_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_dontaudit_read_file_contexts" lineno="801">
+<summary>
+Do not audit attempts to read the file_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_rw_file_contexts" lineno="820">
+<summary>
+Read and write the file_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_manage_file_contexts" lineno="841">
+<summary>
+Create, read, write, and delete the file_contexts files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_read_bin_policy" lineno="861">
+<summary>
+Read the SELinux binary policy.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_create_bin_policy" lineno="881">
+<summary>
+Create the SELinux binary policy.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_relabelto_bin_policy" lineno="904">
+<summary>
+Allow the caller to relabel a file to the binary policy type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_manage_bin_policy" lineno="925">
+<summary>
+Create, read, write, and delete the SELinux
+binary policy.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_read_src_policy" lineno="947">
+<summary>
+Read SELinux policy source files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_manage_src_policy" lineno="969">
+<summary>
+Create, read, write, and delete SELinux
+policy source files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_domtrans_semanage" lineno="990">
+<summary>
+Execute a domain transition to run semanage.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="seutil_run_semanage" lineno="1018">
+<summary>
+Execute semanage in the semanage domain, and
+allow the specified role the semanage domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="seutil_manage_module_store" lineno="1038">
+<summary>
+Full management of the semanage
+module store.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_get_semanage_read_lock" lineno="1059">
+<summary>
+Get read lock on module store
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_get_semanage_trans_lock" lineno="1078">
+<summary>
+Get trans lock on module store
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_libselinux_linked" lineno="1106">
+<summary>
+SELinux-enabled program access for
+libselinux-linked programs.
+</summary>
+<desc>
+<p>
+SELinux-enabled programs are typically
+linked to the libselinux library. This
+interface will allow access required for
+the libselinux constructor to function.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_dontaudit_libselinux_linked" lineno="1136">
+<summary>
+Do not audit SELinux-enabled program access for
+libselinux-linked programs.
+</summary>
+<desc>
+<p>
+SELinux-enabled programs are typically
+linked to the libselinux library. This
+interface will dontaudit access required for
+the libselinux constructor to function.
+</p>
+<p>
+Generally this should not be used on anything
+but simple SELinux-enabled programs that do not
+rely on data initialized by the libselinux
+constructor.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+</module>
+<module name="setrans" filename="policy/modules/system/setrans.if">
+<summary>SELinux MLS/MCS label translation service.</summary>
+<interface name="setrans_initrc_domtrans" lineno="14">
+<summary>
+Execute setrans server in the setrans domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="setrans_translate_context" lineno="32">
+<summary>
+Allow a domain to translate contexts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="sysnetwork" filename="policy/modules/system/sysnetwork.if">
+<summary>Policy for network configuration: ifconfig and dhcp client.</summary>
+<interface name="sysnet_domtrans_dhcpc" lineno="13">
+<summary>
+Execute dhcp client in dhcpc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_run_dhcpc" lineno="39">
+<summary>
+Execute DHCP clients in the dhcpc domain, and
+allow the specified role the dhcpc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_dontaudit_use_dhcpc_fds" lineno="59">
+<summary>
+Do not audit attempts to use
+the dhcp file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_sigchld_dhcpc" lineno="77">
+<summary>
+Send a SIGCHLD signal to the dhcp client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_kill_dhcpc" lineno="96">
+<summary>
+Send a kill signal to the dhcp client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_sigstop_dhcpc" lineno="114">
+<summary>
+Send a SIGSTOP signal to the dhcp client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_signull_dhcpc" lineno="132">
+<summary>
+Send a null signal to the dhcp client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_signal_dhcpc" lineno="151">
+<summary>
+Send a generic signal to the dhcp client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_dbus_chat_dhcpc" lineno="170">
+<summary>
+Send and receive messages from
+dhcpc over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_rw_dhcp_config" lineno="190">
+<summary>
+Read and write dhcp configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_search_dhcpc_state" lineno="210">
+<summary>
+Search the DHCP client state
+directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_read_dhcpc_state" lineno="229">
+<summary>
+Read dhcp client state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_delete_dhcpc_state" lineno="247">
+<summary>
+Delete the dhcp client state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_setattr_config" lineno="265">
+<summary>
+Set the attributes of network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_read_config" lineno="305">
+<summary>
+Read network config files.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read the
+general network configuration files. A
+common example of this is the
+/etc/resolv.conf file, which has domain
+name system (DNS) server IP addresses.
+Typically, most networking processes will
+require the access provided by this interface.
+</p>
+<p>
+Higher-level interfaces which involve
+networking will generally call this interface,
+for example:
+</p>
+<ul>
+<li>sysnet_dns_name_resolve()</li>
+<li>sysnet_use_ldap()</li>
+<li>sysnet_use_portmap()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dontaudit_read_config" lineno="329">
+<summary>
+Do not audit attempts to read network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_write_config" lineno="347">
+<summary>
+Write network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_create_config" lineno="366">
+<summary>
+Create network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_etc_filetrans_config" lineno="386">
+<summary>
+Create files in /etc with the type used for
+the network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_manage_config" lineno="404">
+<summary>
+Create, read, write, and delete network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_read_dhcpc_pid" lineno="426">
+<summary>
+Read the dhcp client pid file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_delete_dhcpc_pid" lineno="445">
+<summary>
+Delete the dhcp client pid file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_domtrans_ifconfig" lineno="463">
+<summary>
+Execute ifconfig in the ifconfig domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_run_ifconfig" lineno="490">
+<summary>
+Execute ifconfig in the ifconfig domain, and
+allow the specified role the ifconfig domain,
+and use the caller's terminal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_exec_ifconfig" lineno="510">
+<summary>
+Execute ifconfig in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_signal_ifconfig" lineno="530">
+<summary>
+Send a generic signal to ifconfig.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_read_dhcp_config" lineno="548">
+<summary>
+Read the DHCP configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_search_dhcp_state" lineno="568">
+<summary>
+Search the DHCP state data directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dhcp_state_filetrans" lineno="607">
+<summary>
+Create DHCP state data.
+</summary>
+<desc>
+<p>
+Create DHCP state data.
+</p>
+<p>
+This is added for DHCP server, as
+the server and client put their state
+files in the same directory.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dns_name_resolve" lineno="627">
+<summary>
+Perform a DNS name resolution.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_use_ldap" lineno="668">
+<summary>
+Connect and use a LDAP server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_use_portmap" lineno="700">
+<summary>
+Connect and use remote port mappers.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="udev" filename="policy/modules/system/udev.if">
+<summary>Policy for udev.</summary>
+<interface name="udev_signal" lineno="13">
+<summary>
+Send generic signals to udev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_domtrans" lineno="31">
+<summary>
+Execute udev in the udev domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="udev_exec" lineno="49">
+<summary>
+Execute udev in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_helper_domtrans" lineno="67">
+<summary>
+Execute a udev helper in the udev domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="udev_read_state" lineno="85">
+<summary>
+Allow process to read udev process state.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_dontaudit_use_fds" lineno="106">
+<summary>
+Do not audit attempts to inherit a
+udev file descriptor.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="udev_dontaudit_rw_dgram_sockets" lineno="125">
+<summary>
+Do not audit attempts to read or write
+to a udev unix datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="udev_manage_rules_files" lineno="143">
+<summary>
+Manage udev rules files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_dontaudit_search_db" lineno="161">
+<summary>
+Do not audit search of udev database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="udev_read_db" lineno="185">
+<summary>
+Read the udev device table.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read the udev device table.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="udev_rw_db" lineno="206">
+<summary>
+Allow process to modify list of devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_manage_pid_files" lineno="226">
+<summary>
+Create, read, write, and delete
+udev pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="unconfined" filename="policy/modules/system/unconfined.if">
+<summary>The unconfined domain.</summary>
+<interface name="unconfined_domain_noaudit" lineno="13">
+<summary>
+Make the specified domain unconfined.
+</summary>
+<param name="domain">
+<summary>
+Domain to make unconfined.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_domain" lineno="124">
+<summary>
+Make the specified domain unconfined and
+audit executable heap usage.
+</summary>
+<desc>
+<p>
+Make the specified domain unconfined and
+audit executable heap usage. With exception
+of memory protections, usage of this interface
+will result in the level of access the domain has
+is like SELinux was not being used.
+</p>
+<p>
+Only completely trusted domains should use this interface.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to make unconfined.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_alias_domain" lineno="152">
+<summary>
+Add an alias type to the unconfined domain. (Deprecated)
+</summary>
+<desc>
+<p>
+Add an alias type to the unconfined domain. (Deprecated)
+</p>
+<p>
+This is added to support targeted policy. Its
+use should be limited. It has no effect
+on the strict policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+New alias of the unconfined domain.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_execmem_alias_program" lineno="178">
+<summary>
+Add an alias type to the unconfined execmem
+program file type. (Deprecated)
+</summary>
+<desc>
+<p>
+Add an alias type to the unconfined execmem
+program file type. (Deprecated)
+</p>
+<p>
+This is added to support targeted policy. Its
+use should be limited. It has no effect
+on the strict policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+New alias of the unconfined execmem program type.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_domtrans" lineno="192">
+<summary>
+Transition to the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_run" lineno="215">
+<summary>
+Execute specified programs in the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to allow the unconfined domain.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_shell_domtrans" lineno="234">
+<summary>
+Transition to the unconfined domain by executing a shell.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_domtrans_to" lineno="272">
+<summary>
+Allow unconfined to execute the specified program in
+the specified domain.
+</summary>
+<desc>
+<p>
+Allow unconfined to execute the specified program in
+the specified domain.
+</p>
+<p>
+This is a interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to execute in.
+</summary>
+</param>
+<param name="entry_file">
+<summary>
+Domain entry point file.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_run_to" lineno="309">
+<summary>
+Allow unconfined to execute the specified program in
+the specified domain. Allow the specified domain the
+unconfined role and use of unconfined user terminals.
+</summary>
+<desc>
+<p>
+Allow unconfined to execute the specified program in
+the specified domain. Allow the specified domain the
+unconfined role and use of unconfined user terminals.
+</p>
+<p>
+This is a interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to execute in.
+</summary>
+</param>
+<param name="entry_file">
+<summary>
+Domain entry point file.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_use_fds" lineno="330">
+<summary>
+Inherit file descriptors from the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_sigchld" lineno="348">
+<summary>
+Send a SIGCHLD signal to the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_signull" lineno="366">
+<summary>
+Send a SIGNULL signal to the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_signal" lineno="384">
+<summary>
+Send generic signals to the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_read_pipes" lineno="402">
+<summary>
+Read unconfined domain unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dontaudit_read_pipes" lineno="420">
+<summary>
+Do not audit attempts to read unconfined domain unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_rw_pipes" lineno="438">
+<summary>
+Read and write unconfined domain unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dontaudit_rw_pipes" lineno="457">
+<summary>
+Do not audit attempts to read and write
+unconfined domain unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_stream_connect" lineno="476">
+<summary>
+Connect to the unconfined domain using
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="505">
+<summary>
+Do not audit attempts to read or write
+unconfined domain tcp sockets.
+</summary>
+<desc>
+<p>
+Do not audit attempts to read or write
+unconfined domain tcp sockets.
+</p>
+<p>
+This interface was added due to a broken
+symptom in ldconfig.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_create_keys" lineno="523">
+<summary>
+Create keys for the unconfined domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dbus_send" lineno="541">
+<summary>
+Send messages to the unconfined domain over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dbus_chat" lineno="561">
+<summary>
+Send and receive messages from
+unconfined_t over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dbus_connect" lineno="582">
+<summary>
+Connect to the the unconfined DBUS
+for service (acquire_svc).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="userdomain" filename="policy/modules/system/userdomain.if">
+<summary>Policy for user domains</summary>
+<template name="userdom_base_user_template" lineno="24">
+<summary>
+The template containing the most basic rules common to all users.
+</summary>
+<desc>
+<p>
+The template containing the most basic rules common to all users.
+</p>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty and pty.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<rolebase/>
+</template>
+<interface name="userdom_ro_home_role" lineno="148">
+<summary>
+Allow a home directory for which the
+role has read-only access.
+</summary>
+<desc>
+<p>
+Allow a home directory for which the
+role has read-only access.
+</p>
+<p>
+This does not allow execute access.
+</p>
+</desc>
+<param name="role">
+<summary>
+The user role
+</summary>
+</param>
+<param name="userdomain">
+<summary>
+The user domain
+</summary>
+</param>
+<rolebase/>
+</interface>
+<interface name="userdom_manage_home_role" lineno="219">
+<summary>
+Allow a home directory for which the
+role has full access.
+</summary>
+<desc>
+<p>
+Allow a home directory for which the
+role has full access.
+</p>
+<p>
+This does not allow execute access.
+</p>
+</desc>
+<param name="role">
+<summary>
+The user role
+</summary>
+</param>
+<param name="userdomain">
+<summary>
+The user domain
+</summary>
+</param>
+<rolebase/>
+</interface>
+<interface name="userdom_manage_tmp_role" lineno="288">
+<summary>
+Manage user temporary files
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolebase/>
+</interface>
+<interface name="userdom_exec_user_tmp_files" lineno="314">
+<summary>
+The execute access user temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolebase/>
+</interface>
+<interface name="userdom_manage_tmpfs_role" lineno="349">
+<summary>
+Role access for the user tmpfs type
+that the user has full access.
+</summary>
+<desc>
+<p>
+Role access for the user tmpfs type
+that the user has full access.
+</p>
+<p>
+This does not allow execute access.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<template name="userdom_basic_networking_template" lineno="375">
+<summary>
+The template allowing the user basic
+network permissions
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<rolebase/>
+</template>
+<template name="userdom_xwindows_client_template" lineno="418">
+<summary>
+The template for creating a user xwindows client. (Deprecated)
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<rolebase/>
+</template>
+<template name="userdom_change_password_template" lineno="459">
+<summary>
+The template for allowing the user to change passwords.
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<rolebase/>
+</template>
+<template name="userdom_common_user_template" lineno="489">
+<summary>
+The template containing rules common to unprivileged
+users and administrative users.
+</summary>
+<desc>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, tmp, and tmpfs files.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="userdom_login_user_template" lineno="709">
+<summary>
+The template for creating a login user.
+</summary>
+<desc>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, home directories,
+tmp, and tmpfs files.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="userdom_restricted_user_template" lineno="827">
+<summary>
+The template for creating a unprivileged login user.
+</summary>
+<desc>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, home directories,
+tmp, and tmpfs files.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="userdom_restricted_xwindows_user_template" lineno="868">
+<summary>
+The template for creating a unprivileged xwindows login user.
+</summary>
+<desc>
+<p>
+The template for creating a unprivileged xwindows login user.
+</p>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, home directories,
+tmp, and tmpfs files.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="userdom_unpriv_user_template" lineno="943">
+<summary>
+The template for creating a unprivileged user roughly
+equivalent to a regular linux user.
+</summary>
+<desc>
+<p>
+The template for creating a unprivileged user roughly
+equivalent to a regular linux user.
+</p>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, home directories,
+tmp, and tmpfs files.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+</template>
+<template name="userdom_admin_user_template" lineno="1040">
+<summary>
+The template for creating an administrative user.
+</summary>
+<desc>
+<p>
+This template creates a user domain, types, and
+rules for the user's tty, pty, home directories,
+tmp, and tmpfs files.
+</p>
+<p>
+The privileges given to administrative users are:
+<ul>
+<li>Raw disk access</li>
+<li>Set all sysctls</li>
+<li>All kernel ring buffer controls</li>
+<li>Create, read, write, and delete all files but shadow</li>
+<li>Manage source and binary format SELinux policy</li>
+<li>Run insmod</li>
+</ul>
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., sysadm
+is the prefix for sysadm_t).
+</summary>
+</param>
+</template>
+<template name="userdom_security_admin_template" lineno="1204">
+<summary>
+Allow user to run as a secadm
+</summary>
+<desc>
+<p>
+Create objects in a user home directory
+with an automatic type transition to
+a specified private type.
+</p>
+<p>
+This is a templated interface, and should only
+be called from a per-userdomain template.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role of the object to create.
+</summary>
+</param>
+</template>
+<interface name="userdom_user_application_type" lineno="1279">
+<summary>
+Make the specified type usable as
+a user application domain type.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a user application domain.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_application_domain" lineno="1300">
+<summary>
+Make the specified type usable as
+a user application domain.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a user application domain.
+</summary>
+</param>
+<param name="type">
+<summary>
+Type to be used as the domain entry point.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_content" lineno="1317">
+<summary>
+Make the specified type usable in a
+user home directory.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a file in the
+user home directory.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_tmp_file" lineno="1340">
+<summary>
+Make the specified type usable as a
+user temporary file.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a file in the
+temporary directories.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_tmpfs_file" lineno="1357">
+<summary>
+Make the specified type usable as a
+user tmpfs file.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a file in
+tmpfs directories.
+</summary>
+</param>
+</interface>
+<interface name="userdom_attach_admin_tun_iface" lineno="1372">
+<summary>
+Allow domain to attach to TUN devices created by administrative users.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_setattr_user_ptys" lineno="1391">
+<summary>
+Set the attributes of a user pty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_create_user_pty" lineno="1409">
+<summary>
+Create a user pty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_getattr_user_home_dirs" lineno="1427">
+<summary>
+Get the attributes of user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="1446">
+<summary>
+Do not audit attempts to get the attributes of user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_search_user_home_dirs" lineno="1464">
+<summary>
+Search user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_search_user_home_dirs" lineno="1491">
+<summary>
+Do not audit attempts to search user home directories.
+</summary>
+<desc>
+<p>
+Do not audit attempts to search user home directories.
+This will supress SELinux denial messages when the specified
+domain is denied the permission to search these directories.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="userdom_list_user_home_dirs" lineno="1509">
+<summary>
+List user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_list_user_home_dirs" lineno="1528">
+<summary>
+Do not audit attempts to list user home subdirectories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_create_user_home_dirs" lineno="1546">
+<summary>
+Create user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_dirs" lineno="1564">
+<summary>
+Create user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabelto_user_home_dirs" lineno="1582">
+<summary>
+Relabel to user home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_home_filetrans_user_home_dir" lineno="1601">
+<summary>
+Create directories in the home dir root with
+the user home directory type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_domtrans" lineno="1638">
+<summary>
+Do a domain transition to the specified
+domain when executing a program in the
+user home directory.
+</summary>
+<desc>
+<p>
+Do a domain transition to the specified
+domain when executing a program in the
+user home directory.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_search_user_home_content" lineno="1658">
+<summary>
+Do not audit attempts to search user home content directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_list_user_home_content" lineno="1676">
+<summary>
+List contents of users home directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_content_dirs" lineno="1695">
+<summary>
+Create, read, write, and delete directories
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_dirs" lineno="1714">
+<summary>
+Delete directories in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="1733">
+<summary>
+Do not audit attempts to set the
+attributes of user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_mmap_user_home_content_files" lineno="1751">
+<summary>
+Mmap user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_user_home_content_files" lineno="1770">
+<summary>
+Read user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_read_user_home_content_files" lineno="1789">
+<summary>
+Do not audit attempts to read user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_append_user_home_content_files" lineno="1808">
+<summary>
+Do not audit attempts to append user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_write_user_home_content_files" lineno="1826">
+<summary>
+Do not audit attempts to write user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_files" lineno="1844">
+<summary>
+Delete files in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="1862">
+<summary>
+Do not audit attempts to write user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_user_home_content_symlinks" lineno="1880">
+<summary>
+Read user home subdirectory symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_exec_user_home_content_files" lineno="1900">
+<summary>
+Execute user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="1927">
+<summary>
+Do not audit attempts to execute user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_content_files" lineno="1946">
+<summary>
+Create, read, write, and delete files
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="1967">
+<summary>
+Do not audit attempts to create, read, write, and delete directories
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_content_symlinks" lineno="1986">
+<summary>
+Create, read, write, and delete symbolic links
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_symlinks" lineno="2006">
+<summary>
+Delete symbolic links in a user home directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_content_pipes" lineno="2025">
+<summary>
+Create, read, write, and delete named pipes
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_home_content_sockets" lineno="2046">
+<summary>
+Create, read, write, and delete named sockets
+in a user home subdirectory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_dir_filetrans" lineno="2078">
+<summary>
+Create objects in a user home directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_content_filetrans" lineno="2109">
+<summary>
+Create objects in a user home directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="2136">
+<summary>
+Create objects in a user home directory
+with an automatic type transition to
+the user home file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_write_user_tmp_sockets" lineno="2155">
+<summary>
+Write to user temporary named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_list_user_tmp" lineno="2174">
+<summary>
+List user temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_list_user_tmp" lineno="2194">
+<summary>
+Do not audit attempts to list user
+temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2213">
+<summary>
+Do not audit attempts to manage users
+temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_user_tmp_files" lineno="2231">
+<summary>
+Read user temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_read_user_tmp_files" lineno="2252">
+<summary>
+Do not audit attempts to read users
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_append_user_tmp_files" lineno="2271">
+<summary>
+Do not audit attempts to append users
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_user_tmp_files" lineno="2289">
+<summary>
+Read and write user temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="2310">
+<summary>
+Do not audit attempts to manage users
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_user_tmp_symlinks" lineno="2328">
+<summary>
+Read user temporary symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmp_dirs" lineno="2349">
+<summary>
+Create, read, write, and delete user
+temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmp_files" lineno="2369">
+<summary>
+Create, read, write, and delete user
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmp_symlinks" lineno="2389">
+<summary>
+Create, read, write, and delete user
+temporary symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmp_pipes" lineno="2409">
+<summary>
+Create, read, write, and delete user
+temporary named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmp_sockets" lineno="2429">
+<summary>
+Create, read, write, and delete user
+temporary named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_tmp_filetrans" lineno="2460">
+<summary>
+Create objects in a user temporary directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_tmp_filetrans_user_tmp" lineno="2486">
+<summary>
+Create objects in the temporary directory
+with an automatic type transition to
+the user temporary type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_user_tmpfs_files" lineno="2504">
+<summary>
+Read user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_user_tmpfs_files" lineno="2524">
+<summary>
+Read user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmpfs_files" lineno="2545">
+<summary>
+Create, read, write, and delete user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_getattr_user_ttys" lineno="2565">
+<summary>
+Get the attributes of a user domain tty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_getattr_user_ttys" lineno="2583">
+<summary>
+Do not audit attempts to get the attributes of a user domain tty.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_setattr_user_ttys" lineno="2601">
+<summary>
+Set the attributes of a user domain tty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_setattr_user_ttys" lineno="2619">
+<summary>
+Do not audit attempts to set the attributes of a user domain tty.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_use_user_ttys" lineno="2637">
+<summary>
+Read and write a user domain tty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_use_user_ptys" lineno="2655">
+<summary>
+Read and write a user domain pty.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_use_user_terminals" lineno="2689">
+<summary>
+Read and write a user TTYs and PTYs.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read and write user
+TTYs and PTYs. This will allow the domain to
+interact with the user via the terminal. Typically
+all interactive applications will require this
+access.
+</p>
+<p>
+However, this also allows the applications to spy
+on user sessions or inject information into the
+user session. Thus, this access should likely
+not be allowed for non-interactive domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="userdom_dontaudit_use_user_terminals" lineno="2710">
+<summary>
+Do not audit attempts to read and write
+a user domain tty and pty.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_spec_domtrans_all_users" lineno="2731">
+<summary>
+Execute a shell in all user domains. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="userdom_xsession_spec_domtrans_all_users" lineno="2754">
+<summary>
+Execute an Xserver session in all unprivileged user domains. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="userdom_spec_domtrans_unpriv_users" lineno="2777">
+<summary>
+Execute a shell in all unprivileged user domains. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="2800">
+<summary>
+Execute an Xserver session in all unprivileged user domains. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_unpriv_user_semaphores" lineno="2821">
+<summary>
+Read and write unpriviledged user SysV sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_unpriv_user_semaphores" lineno="2839">
+<summary>
+Manage unpriviledged user SysV sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_unpriv_user_shared_mem" lineno="2858">
+<summary>
+Read and write unpriviledged user SysV shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_unpriv_user_shared_mem" lineno="2877">
+<summary>
+Manage unpriviledged user SysV shared
+memory segments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="2897">
+<summary>
+Execute bin_t in the unprivileged user domains. This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="2920">
+<summary>
+Execute all entrypoint files in unprivileged user
+domains. This is an explicit transition, requiring the
+caller to use setexeccon().
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_search_user_home_content" lineno="2941">
+<summary>
+Search users home directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_signull_unpriv_users" lineno="2960">
+<summary>
+Send signull to unprivileged user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_signal_unpriv_users" lineno="2978">
+<summary>
+Send general signals to unprivileged user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_use_unpriv_users_fds" lineno="2996">
+<summary>
+Inherit the file descriptors from unprivileged user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="3024">
+<summary>
+Do not audit attempts to inherit the file descriptors
+from unprivileged user domains.
+</summary>
+<desc>
+<p>
+Do not audit attempts to inherit the file descriptors
+from unprivileged user domains. This will supress
+SELinux denial messages when the specified domain is denied
+the permission to inherit these file descriptors.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="userdom_dontaudit_use_user_ptys" lineno="3042">
+<summary>
+Do not audit attempts to use user ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabelto_user_ptys" lineno="3060">
+<summary>
+Relabel files to unprivileged user pty types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="3079">
+<summary>
+Do not audit attempts to relabel files from
+user pty types.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_write_user_tmp_files" lineno="3097">
+<summary>
+Write all users files in /tmp
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_use_user_ttys" lineno="3115">
+<summary>
+Do not audit attempts to use user ttys.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_read_all_users_state" lineno="3133">
+<summary>
+Read the process state of all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_getattr_all_users" lineno="3152">
+<summary>
+Get the attributes of all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_use_all_users_fds" lineno="3170">
+<summary>
+Inherit the file descriptors from all user domains
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_use_all_users_fds" lineno="3189">
+<summary>
+Do not audit attempts to inherit the file
+descriptors from any user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_signal_all_users" lineno="3207">
+<summary>
+Send general signals to all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_sigchld_all_users" lineno="3225">
+<summary>
+Send a SIGCHLD signal to all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_create_all_users_keys" lineno="3243">
+<summary>
+Create keys for all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dbus_send_all_users" lineno="3261">
+<summary>
+Send a dbus message to all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="allow_user_mysql_connect" dftval="false">
+<desc>
+<p>
+Allow users to connect to mysql
+</p>
+</desc>
+</tunable>
+<tunable name="allow_user_postgresql_connect" dftval="false">
+<desc>
+<p>
+Allow users to connect to PostgreSQL
+</p>
+</desc>
+</tunable>
+<tunable name="user_direct_mouse" dftval="false">
+<desc>
+<p>
+Allow regular users direct mouse access
+</p>
+</desc>
+</tunable>
+<tunable name="user_dmesg" dftval="false">
+<desc>
+<p>
+Allow users to read system messages.
+</p>
+</desc>
+</tunable>
+<tunable name="user_rw_noexattrfile" dftval="false">
+<desc>
+<p>
+Allow user to r/w files on filesystems
+that do not have extended attributes (FAT, CDROM, FLOPPY)
+</p>
+</desc>
+</tunable>
+<tunable name="user_ttyfile_stat" dftval="false">
+<desc>
+<p>
+Allow w to display everyone
+</p>
+</desc>
+</tunable>
+</module>
+</layer>
+<tunable name="allow_execheap" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execmem" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execmod" dftval="false">
+<desc>
+<p>
+Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_execstack" dftval="false">
+<desc>
+<p>
+Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+</p>
+</desc>
+</tunable>
+<tunable name="allow_polyinstantiation" dftval="false">
+<desc>
+<p>
+Enable polyinstantiated directory support.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ypbind" dftval="false">
+<desc>
+<p>
+Allow system to run with NIS
+</p>
+</desc>
+</tunable>
+<tunable name="console_login" dftval="true">
+<desc>
+<p>
+Allow logging in and using the system from /dev/console.
+</p>
+</desc>
+</tunable>
+<tunable name="global_ssp" dftval="false">
+<desc>
+<p>
+Enable reading of urandom for all domains.
+</p>
+<p>
+This should be enabled when all programs
+are compiled with ProPolice/SSP
+stack smashing protection. All domains will
+be allowed to read from /dev/urandom.
+</p>
+</desc>
+</tunable>
+<tunable name="mail_read_content" dftval="false">
+<desc>
+<p>
+Allow email client to various content.
+nfs, samba, removable devices, and user temp
+files
+</p>
+</desc>
+</tunable>
+<tunable name="nfs_export_all_rw" dftval="false">
+<desc>
+<p>
+Allow any files/directories to be exported read/write via NFS.
+</p>
+</desc>
+</tunable>
+<tunable name="nfs_export_all_ro" dftval="false">
+<desc>
+<p>
+Allow any files/directories to be exported read/only via NFS.
+</p>
+</desc>
+</tunable>
+<tunable name="use_nfs_home_dirs" dftval="false">
+<desc>
+<p>
+Support NFS home directories
+</p>
+</desc>
+</tunable>
+<tunable name="use_samba_home_dirs" dftval="false">
+<desc>
+<p>
+Support SAMBA home directories
+</p>
+</desc>
+</tunable>
+<tunable name="user_tcp_server" dftval="false">
+<desc>
+<p>
+Allow users to run TCP servers (bind to ports and accept connection from
+the same domain and outside users) disabling this forces FTP passive mode
+and may change other protocols.
+</p>
+</desc>
+</tunable>
+<bool name="secure_mode" dftval="false">
+<desc>
+<p>
+Enabling secure mode disallows programs, such as
+newrole, from transitioning to administrative
+user domains.
+</p>
+</desc>
+</bool>
+</policy>
diff --git a/doc/templates/bool_list.html b/doc/templates/bool_list.html
new file mode 100644
index 00000000..2d852da4
--- /dev/null
+++ b/doc/templates/bool_list.html
@@ -0,0 +1,23 @@
+<h3>Master boolean index:</h3>
+
+[[for bool in booleans]]
+<div id="interfacesmall">
+[[if bool.has_key('mod_layer')]]
+Module: <a href='[[bool['mod_layer']+ "_" + bool['mod_name'] + ".html#link_" + bool['bool_name']]]'>
+[[bool['mod_name']]]</a><p/>
+Layer: <a href='[[bool['mod_layer']]].html'>
+[[bool['mod_layer']]]</a><p/>
+[[else]]
+Global
+[[end]]
+<div id="codeblock">
+[[bool['bool_name']]]
+<small>(Default: [[bool['def_val']]])</small>
+</div>
+[[if bool['desc']]]
+<div id="description">
+[[bool['desc']]]
+</div>
+[[end]]
+</div>
+[[end]]
diff --git a/doc/templates/boolean.html b/doc/templates/boolean.html
new file mode 100644
index 00000000..ea5a2604
--- /dev/null
+++ b/doc/templates/boolean.html
@@ -0,0 +1,13 @@
+[[for bool in booleans]]
+<a name="link_[[bool['bool_name']]]"></a>
+<div id="interface">
+<div id="codeblock">[[bool['bool_name']]]</div>
+<div id="description">
+<h5>Default value</h5>
+<p>[[bool['def_val']]]</p>
+[[if bool['desc']]]
+<h5>Description</h5>
+[[bool['desc']]]
+[[end]]
+</div></div>
+[[end]]
diff --git a/doc/templates/global_bool_list.html b/doc/templates/global_bool_list.html
new file mode 100644
index 00000000..a8065af8
--- /dev/null
+++ b/doc/templates/global_bool_list.html
@@ -0,0 +1,14 @@
+<h3>Global booleans:</h3>
+
+[[for bool in booleans]]
+<div id="interface">
+<div id="codeblock">[[bool['bool_name']]]</div>
+<div id="description">
+<h5>Default value</h5>
+<p>[[bool['def_val']]]</p>
+[[if bool['desc']]]
+<h5>Description</h5>
+[[bool['desc']]]
+[[end]]
+</div></div>
+[[end]]
diff --git a/doc/templates/global_tun_list.html b/doc/templates/global_tun_list.html
new file mode 100644
index 00000000..6ed80133
--- /dev/null
+++ b/doc/templates/global_tun_list.html
@@ -0,0 +1,14 @@
+<h3>Global tunables:</h3>
+
+[[for tun in tunables]]
+<div id="interface">
+<div id="codeblock">[[tun['tun_name']]]</div>
+<div id="description">
+<h5>Default value</h5>
+<p>[[tun['def_val']]]</p>
+[[if tun['desc']]]
+<h5>Description</h5>
+[[tun['desc']]]
+[[end]]
+</div></div>
+[[end]]
diff --git a/doc/templates/header.html b/doc/templates/header.html
new file mode 100644
index 00000000..9ef487cf
--- /dev/null
+++ b/doc/templates/header.html
@@ -0,0 +1,15 @@
+<html>
+<head>
+<title>
+ Security Enhanced Linux Reference Policy
+ </title>
+<style type="text/css" media="all">@import "style.css";</style>
+</head>
+<body>
+<div id="Header">Security Enhanced Linux Reference Policy</div>
+[[menu]]
+<div id="Content">
+[[content]]
+</div>
+</body>
+</html>
diff --git a/doc/templates/int_list.html b/doc/templates/int_list.html
new file mode 100644
index 00000000..b95c3435
--- /dev/null
+++ b/doc/templates/int_list.html
@@ -0,0 +1,33 @@
+<h3>Master interface index:</h3>
+
+[[for int in interfaces]]
+<div id="interfacesmall">
+Module: <a href='[[int['mod_layer']+ "_" + int['mod_name'] + ".html#link_" + int['interface_name']]]'>
+[[int['mod_name']]]</a><p/>
+Layer: <a href='[[int['mod_layer']]].html'>
+[[int['mod_layer']]]</a><p/>
+<div id="codeblock">
+[[exec i = 0]]
+<b>[[int['interface_name']]]</b>(
+ [[for arg in int['interface_parameters']]]
+ [[if i != 0]]
+ ,
+ [[end]]
+ [[exec i = 1]]
+ [[if arg['optional'] == 'yes']]
+ [
+ [[end]]
+ [[arg['name']]]
+ [[if arg['optional'] == 'yes']]
+ ]
+ [[end]]
+ [[end]]
+ )<br>
+</div>
+[[if int['interface_summary']]]
+<div id="description">
+[[int['interface_summary']]]
+</div>
+[[end]]
+</div>
+[[end]]
diff --git a/doc/templates/interface.html b/doc/templates/interface.html
new file mode 100644
index 00000000..90eb4369
--- /dev/null
+++ b/doc/templates/interface.html
@@ -0,0 +1,50 @@
+[[for int in interfaces]]
+<a name="link_[[int['interface_name']]]"></a>
+<div id="interface">
+[[if int.has_key("mod_layer")]]
+ Layer: [[mod_layer]]<br>
+[[end]]
+[[if int.has_key("mod_name")]]
+ Module: [[mod_name]]<br>
+[[end]]
+<div id="codeblock">
+[[exec i = 0]]
+<b>[[int['interface_name']]]</b>(
+ [[for arg in int['interface_parameters']]]
+ [[if i != 0]]
+ ,
+ [[end]]
+ [[exec i = 1]]
+ [[if arg['optional'] == 'yes']]
+ [
+ [[end]]
+ [[arg['name']]]
+ [[if arg['optional'] == 'yes']]
+ ]
+ [[end]]
+ [[end]]
+ )<br>
+</div>
+<div id="description">
+[[if int['interface_summary']]]
+<h5>Summary</h5>
+[[int['interface_summary']]]
+[[end]]
+[[if int['interface_desc']]]
+<h5>Description</h5>
+[[int['interface_desc']]]
+[[end]]
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="65%">
+<tr><th >Parameter:</th><th >Description:</th></tr>
+[[for arg in int['interface_parameters']]]
+<tr><td>
+[[arg['name']]]
+</td><td>
+[[arg['desc']]]
+</td></tr>
+[[end]]
+</table>
+</div>
+</div>
+[[end]]
diff --git a/doc/templates/menu.html b/doc/templates/menu.html
new file mode 100644
index 00000000..9472b2c3
--- /dev/null
+++ b/doc/templates/menu.html
@@ -0,0 +1,26 @@
+<div id='Menu'>
+ [[for layer_name, layer_mods in menulist]]
+ <a href="[[layer_name]].html">+&nbsp;
+ [[layer_name]]</a></br/>
+ <div id='subitem'>
+ [[for module, s in layer_mods]]
+ &nbsp;&nbsp;&nbsp;-&nbsp;<a href='[[layer_name + "_" + module]].html'>
+ [[module]]</a><br/>
+ [[end]]
+ </div>
+ [[end]]
+ <br/><p/>
+ <a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
+ <br/><p/>
+ <a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
+ <p/><br/><p/>
+ <a href="index.html">*&nbsp;Layer Index</a>
+ <br/><p/>
+ <a href="booleans.html">*&nbsp;Boolean&nbsp;Index</a>
+ <br/><p/>
+ <a href="tunables.html">*&nbsp;Tunable&nbsp;Index</a>
+ <br/><p/>
+ <a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
+ <br/><p/>
+ <a href="templates.html">*&nbsp;Template&nbsp;Index</a>
+</div>
diff --git a/doc/templates/module.html b/doc/templates/module.html
new file mode 100644
index 00000000..a8d008a8
--- /dev/null
+++ b/doc/templates/module.html
@@ -0,0 +1,52 @@
+<a name="top":></a>
+<h1>Layer: [[mod_layer]]</h1><p/>
+<h2>Module: [[mod_name]]</h2><p/>
+[[if booleans]]
+<a href=#booleans>Booleans</a>
+[[end]]
+[[if tunables]]
+<a href=#tunables>Tunables</a>
+[[end]]
+[[if interfaces]]
+<a href=#interfaces>Interfaces</a>
+[[end]]
+[[if templates]]
+<a href=#templates>Templates</a>
+[[end]]
+<h3>Description:</h3>
+[[if mod_desc]]
+<p>[[mod_desc]]</p>
+[[else]]
+<p>[[mod_summary]]</p>
+[[end]]
+[[if mod_req]]
+<p>This module is required to be included in all policies.</p>
+[[end]]
+<hr>
+[[if booleans]]
+<a name="booleans"></a>
+<h3>Booleans: </h3>
+[[booleans]]
+<a href=#top>Return</a>
+[[end]]
+[[if tunables]]
+<a name="tunables"></a>
+<h3>Tunables: </h3>
+[[tunables]]
+<a href=#top>Return</a>
+[[end]]
+[[if interfaces]]
+<a name="interfaces"></a>
+<h3>Interfaces: </h3>
+[[interfaces]]
+<a href=#top>Return</a>
+[[end]]
+[[if templates]]
+<a name="templates"></a>
+<h3>Templates: </h3>
+[[templates]]
+<a href=#top>Return</a>
+[[end]]
+[[if not templates and not interfaces and not tunables]]
+<h3>No booleans, tunables, interfaces, or templates.</h3>
+[[end]]
diff --git a/doc/templates/module_list.html b/doc/templates/module_list.html
new file mode 100644
index 00000000..7317a6be
--- /dev/null
+++ b/doc/templates/module_list.html
@@ -0,0 +1,19 @@
+[[if mod_layer]]
+<h1>Layer: [[mod_layer]]</h1><p/>
+[[if layer_summary]]
+<p>[[layer_summary]]</p><br/>
+[[end]]
+[[end]]
+<table border="1" cellspacing="0" cellpadding="3" width="75%">
+<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
+ [[for layer_name, layer_mods in menulist]]
+ [[for module, s in layer_mods]]
+ <tr><td>
+ <a href='[[layer_name + "_" + module]].html'>
+ [[module]]</a></td>
+ <td>[[s]]</td>
+ [[end]]
+ </td></tr>
+ [[end]]
+</table>
+<p/><br/><br/>
diff --git a/doc/templates/style.css b/doc/templates/style.css
new file mode 100644
index 00000000..9bac0d96
--- /dev/null
+++ b/doc/templates/style.css
@@ -0,0 +1,216 @@
+body {
+ margin:0px;
+ padding:0px;
+ font-family:verdana, arial, helvetica, sans-serif;
+ color:#333;
+ background-color:white;
+ }
+h1 {
+ margin:0px 0px 5px 0px;
+ padding:0px;
+ font-size:150%
+ line-height:28px;
+ font-weight:900;
+ color:#ccc;
+ }
+h2 {
+ font-size:125%;
+ margin:0px;
+ padding:5px 0px 10px 0px;
+ }
+h3 {
+ font-size:110%;
+ margin:0px;
+ padding:5px 0px 10px 5px;
+ }
+h4 {
+ font-size:100%;
+ margin:0px;
+ padding:5px 0px 10px 5px;
+ }
+h5 {
+ font-size:100%;
+ margin:0px;
+ font-weight:600;
+ padding:0px 0px 5px 0px;
+ margin:0px 0px 0px 5px;
+}
+li {
+ font:11px/20px verdana, arial, helvetica, sans-serif;
+ margin:0px 0px 0px 10px;
+ padding:0px;
+ }
+p {
+ /* normal */
+ font:11px/20px verdana, arial, helvetica, sans-serif;
+ margin:0px 0px 0px 10px;
+ padding:0px;
+ }
+
+tt {
+ /* inline code */
+ font-family: monospace;
+ }
+
+table {
+ background-color:#efefef;
+ /*background-color: white;*/
+ border-style:solid;
+ border-color:black;
+ border-width:0px 1px 1px 0px;
+ color: black;
+ text-align: left;
+ font:11px/20px verdana, arial, helvetica, sans-serif;
+ margin-left: 5%;
+ margin-right: 5%;
+}
+
+th {
+ font-weight:500;
+ background-color: #eaeaef;
+ text-align: center;
+}
+
+td.header {
+ font-weight: bold;
+}
+
+#Content>p {margin:0px;}
+#Content>p+p {text-indent:30px;}
+a {
+ color:#09c;
+ font-size:11px;
+ text-decoration:none;
+ font-weight:600;
+ font-family:verdana, arial, helvetica, sans-serif;
+ }
+a:link {color:#09c;}
+a:visited {color:#07a;}
+a:hover {background-color:#eee;}
+
+#Codeblock {
+ margin:5px 50px 5px 10px;
+ padding:5px 0px 5px 15px;
+ border-style:solid;
+ border-color:lightgrey;
+ border-width:1px 1px 1px 1px;
+ background-color:#f5f5ff;
+ font-size:100%;
+ font-weight:600;
+ text-decoration:none;
+ font-family:monospace;
+}
+#Interface {
+ margin:5px 0px 25px 5px;
+ padding:5px 0px 5px 5px;
+ border-style:solid;
+ border-color:black;
+ border-width:1px 1px 1px 1px;
+ background-color:#fafafa;
+ font-size:14px;
+ font-weight:400;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+}
+#Interfacesmall {
+ margin:0px 0px 5px 0px;
+ padding:5px 0px 0px 5px;
+ border-style:solid;
+ border-color:black;
+ border-width:1px 1px 1px 1px;
+ background-color:#fafafa;
+ font-size:14px;
+ font-weight:400;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+}
+#Template {
+ margin:5px 0px 25px 5px;
+ padding:5px 0px 5px 5px;
+ border-style:solid;
+ border-color:black;
+ border-width:1px 1px 1px 1px;
+ background-color:#fafafa;
+ font-size:14px;
+ font-weight:400;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+}
+#Templatesmall {
+ margin:0px 0px 5px 0px;
+ padding:5px 0px 0px 5px;
+ border-style:solid;
+ border-color:black;
+ border-width:1px 1px 1px 1px;
+ background-color:#fafafa;
+ font-size:14px;
+ font-weight:400;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+}
+#Description {
+ margin:0px 0px 0px 5px;
+ padding:0px 0px 0px 5px;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+ font-size:12px;
+ font-weight:400;
+}
+pre {
+ margin:0px;
+ padding:0px;
+ font-size:14px;
+ text-decoration:none;
+ font-family:verdana, arial, helvetica, sans-serif;
+}
+dl {
+ /* definition text block */
+ font:11px/20px verdana, arial, helvetica, sans-serif;
+ margin:0px 0px 16px 0px;
+ padding:0px;
+ }
+dt {
+ /* definition term */
+ font-weight: bold;
+ }
+
+#Header {
+ margin:50px 0px 10px 0px;
+ padding:17px 0px 0px 20px;
+ /* For IE5/Win's benefit height = [correct height] + [top padding] + [top and bottom border widths] */
+ height:33px; /* 14px + 17px + 2px = 33px */
+ border-style:solid;
+ border-color:black;
+ border-width:1px 0px; /* top and bottom borders: 1px; left and right borders: 0px */
+ line-height:11px;
+ font-size:110%;
+ background-color:#eee;
+ voice-family: "\"}\"";
+ voice-family:inherit;
+ height:14px; /* the correct height */
+ }
+body>#Header {height:14px;}
+#Content {
+ margin:0px 50px 0px 200px;
+ padding:10px;
+ }
+
+#Menu {
+ position:absolute;
+ top:100px;
+ left:20px;
+ width:162px;
+ padding:10px;
+ background-color:#eee;
+ border:1px solid #aaa;
+ line-height:17px;
+ text-align:left;
+ voice-family: "\"}\"";
+ voice-family:inherit;
+ width:160px;
+ }
+#Menu subitem {
+ font-size: 5px;
+}
+
+body>#Menu {width:160px;}
diff --git a/doc/templates/temp_list.html b/doc/templates/temp_list.html
new file mode 100644
index 00000000..9d635d87
--- /dev/null
+++ b/doc/templates/temp_list.html
@@ -0,0 +1,33 @@
+<h3>Master template index:</h3>
+
+[[for temp in templates]]
+<div id="templatesmall">
+Module: <a href='[[temp['mod_layer']+ "_" + temp['mod_name'] + ".html#link_" + temp['template_name']]]'>
+[[temp['mod_name']]]</a><p/>
+Layer: <a href='[[temp['mod_layer']]].html'>
+[[temp['mod_layer']]]</a><p/>
+<div id="codeblock">
+[[exec i = 0]]
+<b>[[temp['template_name']]]</b>(
+ [[for arg in temp['template_parameters']]]
+ [[if i != 0]]
+ ,
+ [[end]]
+ [[exec i = 1]]
+ [[if arg['optional'] == 'yes']]
+ [
+ [[end]]
+ [[arg['name']]]
+ [[if arg['optional'] == 'yes']]
+ ]
+ [[end]]
+ [[end]]
+ )<br>
+</div>
+[[if temp['template_summary']]]
+<div id="description">
+[[temp['template_summary']]]
+</div>
+[[end]]
+</div>
+[[end]]
diff --git a/doc/templates/template.html b/doc/templates/template.html
new file mode 100644
index 00000000..251d2277
--- /dev/null
+++ b/doc/templates/template.html
@@ -0,0 +1,50 @@
+[[for temp in templates]]
+<a name="link_[[temp['template_name']]]"></a>
+<div id="template">
+[[if temp.has_key("mod_layer")]]
+ Layer: [[mod_layer]]<br>
+[[end]]
+[[if temp.has_key("mod_name")]]
+ Module: [[mod_name]]<br>
+[[end]]
+<div id="codeblock">
+[[exec i = 0]]
+<b>[[temp['template_name']]]</b>(
+ [[for arg in temp['template_parameters']]]
+ [[if i != 0]]
+ ,
+ [[end]]
+ [[exec i = 1]]
+ [[if arg['optional'] == 'yes']]
+ [
+ [[end]]
+ [[arg['name']]]
+ [[if arg['optional'] == 'yes']]
+ ]
+ [[end]]
+ [[end]]
+ )<br>
+</div>
+<div id="description">
+[[if temp['template_summary']]]
+<h5>Summary</h5>
+[[temp['template_summary']]]
+[[end]]
+[[if temp['template_desc']]]
+<h5>Description</h5>
+[[temp['template_desc']]]
+[[end]]
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="65%">
+<tr><th >Parameter:</th><th >Description:</th></tr>
+[[for arg in temp['template_parameters']]]
+<tr><td>
+[[arg['name']]]
+</td><td>
+[[arg['desc']]]
+</td></tr>
+[[end]]
+</table>
+</div>
+</div>
+[[end]]
diff --git a/doc/templates/tun_list.html b/doc/templates/tun_list.html
new file mode 100644
index 00000000..278f284c
--- /dev/null
+++ b/doc/templates/tun_list.html
@@ -0,0 +1,23 @@
+<h3>Master tunable index:</h3>
+
+[[for tun in tunables]]
+<div id="interfacesmall">
+[[if tun.has_key('mod_layer')]]
+Module: <a href='[[tun['mod_layer']+ "_" + tun['mod_name'] + ".html#link_" + tun['tun_name']]]'>
+[[tun['mod_name']]]</a><p/>
+Layer: <a href='[[tun['mod_layer']]].html'>
+[[tun['mod_layer']]]</a><p/>
+[[else]]
+Global
+[[end]]
+<div id="codeblock">
+[[tun['tun_name']]]
+<small>(Default: [[tun['def_val']]])</small>
+</div>
+[[if tun['desc']]]
+<div id="description">
+[[tun['desc']]]
+</div>
+[[end]]
+</div>
+[[end]]
diff --git a/doc/templates/tunable.html b/doc/templates/tunable.html
new file mode 100644
index 00000000..9316779e
--- /dev/null
+++ b/doc/templates/tunable.html
@@ -0,0 +1,13 @@
+[[for tun in tunables]]
+<a name="link_[[tun['tun_name']]]"></a>
+<div id="interface">
+<div id="codeblock">[[tun['tun_name']]]</div>
+<div id="description">
+<h5>Default value</h5>
+<p>[[tun['def_val']]]</p>
+[[if tun['desc']]]
+<h5>Description</h5>
+[[tun['desc']]]
+[[end]]
+</div></div>
+[[end]]