(typealias pam_var_run_t)
(typealiasactual pam_var_run_t pam_runtime_t)
(typeattribute can_read_shadow_passwords)
(typeattributeset can_read_shadow_passwords (chkpwd_t updpwd_t ))
(typeattribute can_write_shadow_passwords)
(typeattributeset can_write_shadow_passwords (updpwd_t ))
(typeattribute can_relabelto_shadow_passwords)
(typeattribute nsswitch_domain)
(typeattributeset nsswitch_domain (chkpwd_t pam_console_t pam_t updpwd_t ))
(typeattribute pam_domain)
(type auth_cache_t)
(roletype object_r auth_cache_t)
(type chkpwd_t)
(roletype object_r chkpwd_t)
(type chkpwd_exec_t)
(roletype object_r chkpwd_exec_t)
(type faillog_t)
(roletype object_r faillog_t)
(type lastlog_t)
(roletype object_r lastlog_t)
(type login_exec_t)
(roletype object_r login_exec_t)
(type pam_console_t)
(roletype object_r pam_console_t)
(type pam_console_exec_t)
(roletype object_r pam_console_exec_t)
(type pam_t)
(roletype object_r pam_t)
(type pam_exec_t)
(roletype object_r pam_exec_t)
(type pam_motd_runtime_t)
(roletype object_r pam_motd_runtime_t)
(type pam_runtime_t)
(roletype object_r pam_runtime_t)
(type pam_tmp_t)
(roletype object_r pam_tmp_t)
(type pam_var_console_t)
(roletype object_r pam_var_console_t)
(type shadow_t)
(roletype object_r shadow_t)
(type shadow_lock_t)
(roletype object_r shadow_lock_t)
(type shadow_history_t)
(roletype object_r shadow_history_t)
(type updpwd_t)
(roletype object_r updpwd_t)
(type updpwd_exec_t)
(roletype object_r updpwd_exec_t)
(type utempter_t)
(roletype object_r utempter_t)
(type utempter_exec_t)
(roletype object_r utempter_exec_t)
(type var_auth_t)
(roletype object_r var_auth_t)
(type wtmp_t)
(roletype object_r wtmp_t)
(boolean authlogin_pam true)
(boolean authlogin_nsswitch_use_ldap false)
(roleattributeset cil_gen_require system_r)
(roletype system_r chkpwd_t)
(roletype system_r pam_console_t)
(roletype system_r pam_t)
(roletype system_r updpwd_t)
(typeattributeset cil_gen_require can_read_shadow_passwords)
(typeattributeset can_read_shadow_passwords (chkpwd_t updpwd_t ))
(typeattributeset cil_gen_require can_write_shadow_passwords)
(typeattributeset can_write_shadow_passwords (updpwd_t ))
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (chkpwd_t pam_console_t pam_t updpwd_t ))
(typeattributeset cil_gen_require logfile)
(typeattributeset logfile (auth_cache_t faillog_t lastlog_t wtmp_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (auth_cache_t chkpwd_exec_t faillog_t lastlog_t login_exec_t pam_console_exec_t pam_exec_t pam_motd_runtime_t pam_runtime_t pam_tmp_t pam_var_console_t shadow_t shadow_lock_t shadow_history_t updpwd_exec_t utempter_exec_t var_auth_t wtmp_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (auth_cache_t chkpwd_exec_t faillog_t lastlog_t login_exec_t pam_console_exec_t pam_exec_t pam_motd_runtime_t pam_runtime_t pam_tmp_t pam_var_console_t shadow_lock_t updpwd_exec_t utempter_exec_t var_auth_t wtmp_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (auth_cache_t chkpwd_exec_t faillog_t lastlog_t login_exec_t pam_console_exec_t pam_exec_t pam_motd_runtime_t pam_runtime_t pam_tmp_t pam_var_console_t shadow_lock_t updpwd_exec_t utempter_exec_t var_auth_t wtmp_t ))
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (chkpwd_t pam_console_t utempter_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (chkpwd_t pam_console_t pam_t updpwd_t utempter_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (chkpwd_exec_t login_exec_t pam_console_exec_t utempter_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (chkpwd_exec_t login_exec_t pam_console_exec_t pam_exec_t updpwd_exec_t utempter_exec_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (chkpwd_exec_t pam_console_exec_t pam_exec_t updpwd_exec_t utempter_exec_t ))
(typeattributeset cil_gen_require faillog_t)
(typeattributeset cil_gen_require lastlog_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (pam_console_t ))
(typeattributeset cil_gen_require pam_exec_t)
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (pam_motd_runtime_t pam_runtime_t pam_var_console_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (pam_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (pam_tmp_t ))
(typeattributeset cil_gen_require shadow_t)
(typeattributeset cil_gen_require security_file_type)
(typeattributeset security_file_type (shadow_t shadow_history_t ))
(typeattributeset cil_gen_require auth_file_type)
(typeattributeset auth_file_type (shadow_t shadow_history_t ))
(typeattributeset cil_gen_require shadow_lock_t)
(typeattributeset cil_gen_require lockfile)
(typeattributeset lockfile (shadow_lock_t ))
(typeattributeset cil_gen_require shadow_history_t)
(typeattributeset cil_gen_require updpwd_t)
(typeattributeset cil_gen_require updpwd_exec_t)
(typeattributeset cil_gen_require can_change_object_identity)
(typeattributeset can_change_object_identity (updpwd_t ))
(typeattributeset cil_gen_require wtmp_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require ptynode)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require newrole_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require ttynode)
(typeattributeset cil_gen_require initrc_runtime_t)
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require acpi_bios_t)
(typeattributeset cil_gen_require dri_device_t)
(typeattributeset cil_gen_require event_device_t)
(typeattributeset cil_gen_require framebuf_device_t)
(typeattributeset cil_gen_require usb_device_t)
(typeattributeset cil_gen_require misc_device_t)
(typeattributeset cil_gen_require mouse_device_t)
(typeattributeset cil_gen_require power_device_t)
(typeattributeset cil_gen_require printer_device_t)
(typeattributeset cil_gen_require scanner_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require v4l_device_t)
(typeattributeset cil_gen_require xserver_misc_device_t)
(typeattributeset cil_gen_require mnt_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require noxattrfs)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (pam_console_t ))
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (pam_console_t ))
(typeattributeset cil_gen_require fixed_disk_device_t)
(typeattributeset cil_gen_require removable_device_t)
(typeattributeset cil_gen_require scsi_generic_device_t)
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require dns_port_t)
(typeattributeset cil_gen_require dns_client_packet_t)
(typeattributeset cil_gen_require ldap_port_t)
(typeattributeset cil_gen_require ldap_client_packet_t)
(typeattributeset cil_gen_require daemonpidfile)
(typeattributeset daemonpidfile (pam_runtime_t ))
(allow auth_cache_t tmp_t (filesystem (associate)))
(allow auth_cache_t tmpfs_t (filesystem (associate)))
(allow chkpwd_t chkpwd_exec_t (file (entrypoint)))
(allow chkpwd_t chkpwd_exec_t (file (ioctl read getattr lock map execute open)))
(allow faillog_t tmp_t (filesystem (associate)))
(allow faillog_t tmpfs_t (filesystem (associate)))
(allow lastlog_t tmp_t (filesystem (associate)))
(allow lastlog_t tmpfs_t (filesystem (associate)))
(allow pam_console_t pam_console_exec_t (file (entrypoint)))
(allow pam_console_t pam_console_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t pam_console_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t pam_console_t (process (transition)))
(dontaudit initrc_t pam_console_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t pam_console_exec_t process pam_console_t)
(allow pam_console_t initrc_t (fd (use)))
(allow pam_console_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow pam_console_t initrc_t (process (sigchld)))
(allow pam_t pam_exec_t (file (entrypoint)))
(allow pam_t pam_exec_t (file (ioctl read getattr lock map execute open)))
(neverallow authlogin_typeattr_1 shadow_t (file (read)))
(neverallow authlogin_typeattr_2 shadow_t (file (write create)))
(neverallow authlogin_typeattr_3 shadow_t (file (relabelto)))
(allow updpwd_t updpwd_exec_t (file (entrypoint)))
(allow updpwd_t updpwd_exec_t (file (ioctl read getattr lock map execute open)))
(allow utempter_t utempter_exec_t (file (entrypoint)))
(allow utempter_t utempter_exec_t (file (ioctl read getattr lock map execute open)))
(allow wtmp_t tmp_t (filesystem (associate)))
(allow wtmp_t tmpfs_t (filesystem (associate)))
(allow chkpwd_t self (capability (dac_override dac_read_search setuid)))
(dontaudit chkpwd_t self (capability (sys_tty_config)))
(allow chkpwd_t self (process (signal getattr)))
(dontaudit chkpwd_t self (process (getcap)))
(allow chkpwd_t shadow_t (file (ioctl read getattr lock open)))
(allow chkpwd_t etc_t (dir (ioctl read getattr lock open search)))
(dontaudit chkpwd_t sysctl_kernel_t (dir (search)))
(dontaudit chkpwd_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(dontaudit chkpwd_t proc_t (filesystem (getattr)))
(dontaudit chkpwd_t privfd (fd (use)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t etc_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t etc_t (dir (getattr open search)))
(allow chkpwd_t etc_t (file (ioctl read getattr lock open)))
(allow chkpwd_t etc_t (dir (getattr open search)))
(allow chkpwd_t etc_t (lnk_file (read getattr)))
(dontaudit chkpwd_t var_t (dir (getattr open search)))
(dontaudit chkpwd_t fs_t (filesystem (getattr)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t security_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t security_t (file (ioctl read getattr map open)))
(dontaudit chkpwd_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit chkpwd_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit chkpwd_t devpts_t (chr_file (ioctl read write getattr)))
(dontaudit chkpwd_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow chkpwd_t etc_t (dir (getattr open search)))
(allow chkpwd_t shadow_history_t (file (ioctl read getattr lock open)))
(allow chkpwd_t self (capability (audit_write)))
(allow chkpwd_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow chkpwd_t devlog_t (sock_file (write getattr append open)))
(allow chkpwd_t var_run_t (lnk_file (read getattr)))
(allow chkpwd_t var_t (dir (getattr open search)))
(allow chkpwd_t var_run_t (dir (getattr open search)))
(allow chkpwd_t init_runtime_t (dir (getattr open search)))
(allow chkpwd_t syslogd_runtime_t (dir (getattr open search)))
(allow chkpwd_t syslogd_t (unix_dgram_socket (sendto)))
(allow chkpwd_t syslogd_t (unix_stream_socket (connectto)))
(allow chkpwd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow chkpwd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t device_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t device_t (lnk_file (read getattr)))
(allow chkpwd_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit chkpwd_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow chkpwd_t etc_t (dir (getattr open search)))
(allow chkpwd_t etc_t (lnk_file (read getattr)))
(allow chkpwd_t usr_t (dir (getattr open search)))
(allow chkpwd_t locale_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t locale_t (dir (getattr open search)))
(allow chkpwd_t locale_t (file (ioctl read getattr lock open)))
(allow chkpwd_t locale_t (dir (getattr open search)))
(allow chkpwd_t locale_t (lnk_file (read getattr)))
(allow chkpwd_t locale_t (file (map)))
(allow chkpwd_t security_t (filesystem (getattr)))
(allow chkpwd_t sysfs_t (filesystem (getattr)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t sysfs_t (dir (getattr open search)))
(allow chkpwd_t proc_t (dir (getattr open search)))
(allow chkpwd_t proc_t (file (ioctl read getattr lock open)))
(allow chkpwd_t proc_t (dir (getattr open search)))
(allow chkpwd_t proc_t (lnk_file (read getattr)))
(allow chkpwd_t proc_t (dir (getattr open search)))
(allow chkpwd_t proc_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t etc_t (dir (getattr open search)))
(allow chkpwd_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t selinux_config_t (dir (getattr open search)))
(allow chkpwd_t selinux_config_t (file (ioctl read getattr lock open)))
(allow chkpwd_t selinux_config_t (dir (getattr open search)))
(allow chkpwd_t selinux_config_t (lnk_file (read getattr)))
(dontaudit chkpwd_t newrole_t (fd (use)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t device_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t device_t (dir (getattr open search)))
(allow chkpwd_t device_t (lnk_file (read getattr)))
(allow chkpwd_t devpts_t (dir (ioctl read getattr lock open search)))
(allow chkpwd_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow chkpwd_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow pam_t self (process (transition sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
(dontaudit pam_t self (capability (sys_tty_config)))
(allow pam_t self (fd (use)))
(allow pam_t self (fifo_file (ioctl read write getattr lock append open)))
(allow pam_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_t self (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow pam_t self (unix_dgram_socket (sendto)))
(allow pam_t self (unix_stream_socket (connectto)))
(allow pam_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow pam_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
(allow pam_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
(allow pam_t self (msg (send receive)))
(allow pam_t pam_runtime_t (dir (ioctl write getattr lock open remove_name search)))
(allow pam_t pam_runtime_t (file (getattr unlink)))
(allow pam_t pam_runtime_t (dir (getattr open search)))
(allow pam_t pam_runtime_t (file (ioctl read getattr lock open)))
(allow pam_t var_run_t (lnk_file (read getattr)))
(allow pam_t var_t (dir (getattr open search)))
(allow pam_t var_run_t (dir (ioctl read getattr lock open search)))
(allow pam_t pam_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow pam_t pam_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow pam_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition pam_t tmp_t dir pam_tmp_t)
(typetransition pam_t tmp_t file pam_tmp_t)
(allow pam_t proc_t (dir (getattr open search)))
(allow pam_t proc_t (file (ioctl read getattr lock open)))
(allow pam_t proc_t (dir (getattr open search)))
(allow pam_t proc_t (lnk_file (read getattr)))
(allow pam_t proc_t (dir (getattr open search)))
(allow pam_t proc_t (dir (ioctl read getattr lock open search)))
(allow pam_t etc_t (dir (ioctl read getattr lock open search)))
(allow pam_t etc_t (dir (getattr open search)))
(allow pam_t etc_t (file (ioctl read getattr lock open)))
(allow pam_t etc_t (dir (getattr open search)))
(allow pam_t etc_t (lnk_file (read getattr)))
(allow pam_t autofs_t (dir (getattr open search)))
(allow pam_t etc_t (dir (getattr open search)))
(allow pam_t etc_t (lnk_file (read getattr)))
(allow pam_t usr_t (dir (getattr open search)))
(allow pam_t locale_t (dir (ioctl read getattr lock open search)))
(allow pam_t locale_t (dir (getattr open search)))
(allow pam_t locale_t (file (ioctl read getattr lock open)))
(allow pam_t locale_t (dir (getattr open search)))
(allow pam_t locale_t (lnk_file (read getattr)))
(allow pam_t locale_t (file (map)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (lnk_file (read getattr)))
(allow pam_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (lnk_file (read getattr)))
(allow pam_t devpts_t (dir (ioctl read getattr lock open search)))
(allow pam_t ptynode (chr_file (ioctl read write getattr lock append open)))
(dontaudit pam_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(allow pam_t devlog_t (sock_file (write getattr append open)))
(allow pam_t var_run_t (lnk_file (read getattr)))
(allow pam_t var_t (dir (getattr open search)))
(allow pam_t var_run_t (dir (getattr open search)))
(allow pam_t init_runtime_t (dir (getattr open search)))
(allow pam_t syslogd_runtime_t (dir (getattr open search)))
(allow pam_t syslogd_t (unix_dgram_socket (sendto)))
(allow pam_t syslogd_t (unix_stream_socket (connectto)))
(allow pam_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_t device_t (dir (getattr open search)))
(allow pam_t device_t (lnk_file (read getattr)))
(allow pam_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit pam_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow pam_domain device_t (dir (getattr open search)))
(allow pam_domain urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow pam_domain sysfs_t (dir (getattr open search)))
(allow pam_domain sysfs_t (file (ioctl read getattr lock open)))
(allow pam_domain sysfs_t (dir (getattr open search)))
(allow pam_domain sysfs_t (lnk_file (read getattr)))
(allow pam_domain sysfs_t (dir (getattr open search)))
(allow pam_domain sysfs_t (dir (ioctl read getattr lock open search)))
(allow pam_domain faillog_t (dir (ioctl write getattr lock open add_name search)))
(allow pam_domain faillog_t (file (create getattr open)))
(allow pam_domain updpwd_exec_t (file (ioctl read getattr map execute open)))
(allow pam_domain updpwd_t (process (transition)))
(dontaudit pam_domain updpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition pam_domain updpwd_exec_t process updpwd_t)
(allow updpwd_t pam_domain (fd (use)))
(allow updpwd_t pam_domain (fifo_file (ioctl read write getattr lock append)))
(allow updpwd_t pam_domain (process (sigchld)))
(dontaudit pam_domain shadow_t (file (ioctl read getattr lock open)))
(allow pam_domain var_t (dir (getattr open search)))
(allow pam_domain var_log_t (dir (getattr open search)))
(allow pam_domain var_log_t (lnk_file (read getattr)))
(allow pam_domain lastlog_t (file (ioctl read write getattr setattr lock append open)))
(allow pam_domain var_t (dir (getattr open search)))
(allow pam_domain var_log_t (dir (getattr open search)))
(allow pam_domain var_log_t (lnk_file (read getattr)))
(allow pam_domain faillog_t (file (ioctl read write getattr lock append open)))
(allow pam_domain wtmp_t (file (ioctl read write getattr lock append open)))
(allow pam_domain var_t (dir (getattr open search)))
(allow pam_domain var_log_t (dir (getattr open search)))
(allow pam_domain var_log_t (lnk_file (read getattr)))
(allow pam_domain faillog_t (dir (getattr open search)))
(allow pam_domain faillog_t (file (setattr)))
(allow pam_domain pam_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow pam_domain etc_t (dir (ioctl read getattr lock open search)))
(allow pam_domain etc_t (dir (getattr open search)))
(allow pam_domain etc_t (file (ioctl read getattr lock open)))
(allow pam_domain etc_t (dir (getattr open search)))
(allow pam_domain etc_t (lnk_file (read getattr)))
(allow pam_domain self (capability (audit_write)))
(allow pam_domain self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow pam_domain devlog_t (sock_file (write getattr append open)))
(allow pam_domain var_run_t (lnk_file (read getattr)))
(allow pam_domain var_t (dir (getattr open search)))
(allow pam_domain var_run_t (dir (getattr open search)))
(allow pam_domain init_runtime_t (dir (getattr open search)))
(allow pam_domain syslogd_runtime_t (dir (getattr open search)))
(allow pam_domain syslogd_t (unix_dgram_socket (sendto)))
(allow pam_domain syslogd_t (unix_stream_socket (connectto)))
(allow pam_domain self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_domain device_t (dir (getattr open search)))
(allow pam_domain device_t (dir (ioctl read getattr lock open search)))
(allow pam_domain device_t (dir (getattr open search)))
(allow pam_domain device_t (lnk_file (read getattr)))
(allow pam_domain console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit pam_domain console_device_t (chr_file (ioctl read getattr lock open)))
(allow pam_console_t self (capability (chown fowner fsetid)))
(dontaudit pam_console_t self (capability (sys_tty_config)))
(allow pam_console_t self (process (sigchld sigkill sigstop signull signal)))
(allow pam_console_t pam_var_console_t (dir (getattr open search)))
(allow pam_console_t pam_var_console_t (file (ioctl read getattr lock open)))
(allow pam_console_t pam_var_console_t (dir (getattr open search)))
(allow pam_console_t pam_var_console_t (lnk_file (read getattr)))
(dontaudit pam_console_t pam_var_console_t (file (write)))
(allow pam_console_t sysctl_kernel_t (dir (getattr open search)))
(allow pam_console_t proc_t (dir (getattr open search)))
(allow pam_console_t sysctl_t (dir (getattr open search)))
(allow pam_console_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow pam_console_t proc_t (dir (getattr open search)))
(allow pam_console_t sysctl_t (dir (getattr open search)))
(allow pam_console_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t kernel_t (fd (use)))
(dontaudit pam_console_t unlabeled_t (dir (getattr open search)))
(allow pam_console_t proc_t (dir (getattr open search)))
(allow pam_console_t proc_t (file (ioctl read getattr lock open)))
(allow pam_console_t proc_t (dir (getattr open search)))
(allow pam_console_t proc_t (lnk_file (read getattr)))
(allow pam_console_t proc_t (dir (getattr open search)))
(allow pam_console_t proc_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t sysfs_t (dir (getattr open search)))
(allow pam_console_t sysfs_t (file (ioctl read getattr lock open)))
(allow pam_console_t sysfs_t (dir (getattr open search)))
(allow pam_console_t sysfs_t (lnk_file (read getattr)))
(allow pam_console_t sysfs_t (dir (getattr open search)))
(allow pam_console_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t acpi_bios_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t acpi_bios_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t dri_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t dri_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t event_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t event_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t framebuf_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t framebuf_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t usb_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t usb_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t misc_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t misc_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t mouse_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t mouse_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t power_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t power_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t printer_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t printer_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t scanner_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t scanner_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t sound_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t sound_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t v4l_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t v4l_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t xserver_misc_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t xserver_misc_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow pam_console_t etc_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t etc_t (file (ioctl read getattr lock open)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t etc_t (lnk_file (read getattr)))
(allow pam_console_t var_run_t (lnk_file (read getattr)))
(allow pam_console_t var_t (dir (getattr open search)))
(allow pam_console_t var_run_t (dir (getattr open search)))
(allow pam_console_t mnt_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t etc_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t etc_runtime_t (lnk_file (read getattr)))
(allow pam_console_t autofs_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t noxattrfs (dir (ioctl read getattr lock open search)))
(allow pam_console_t filesystem_type (filesystem (getattr)))
(allow pam_console_t file_type (filesystem (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t fixed_disk_device_t (blk_file (getattr)))
(allow pam_console_t fixed_disk_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t fixed_disk_device_t (blk_file (setattr)))
(allow pam_console_t fixed_disk_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t removable_device_t (blk_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t removable_device_t (blk_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t scsi_generic_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t scsi_generic_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t devpts_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t console_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t tty_device_t (chr_file (getattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t tty_device_t (chr_file (setattr)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow pam_console_t privfd (fd (use)))
(allow pam_console_t init_t (fd (use)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t devpts_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow pam_console_t devlog_t (sock_file (write getattr append open)))
(allow pam_console_t var_run_t (lnk_file (read getattr)))
(allow pam_console_t var_t (dir (getattr open search)))
(allow pam_console_t var_run_t (dir (getattr open search)))
(allow pam_console_t init_runtime_t (dir (getattr open search)))
(allow pam_console_t syslogd_runtime_t (dir (getattr open search)))
(allow pam_console_t syslogd_t (unix_dgram_socket (sendto)))
(allow pam_console_t syslogd_t (unix_stream_socket (connectto)))
(allow pam_console_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_console_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t device_t (dir (getattr open search)))
(allow pam_console_t device_t (lnk_file (read getattr)))
(allow pam_console_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit pam_console_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t etc_t (lnk_file (read getattr)))
(allow pam_console_t usr_t (dir (getattr open search)))
(allow pam_console_t locale_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t locale_t (dir (getattr open search)))
(allow pam_console_t locale_t (file (ioctl read getattr lock open)))
(allow pam_console_t locale_t (dir (getattr open search)))
(allow pam_console_t locale_t (lnk_file (read getattr)))
(allow pam_console_t locale_t (file (map)))
(allow pam_console_t cert_t (dir (ioctl read getattr lock open search)))
(allow pam_console_t cert_t (dir (getattr open search)))
(allow pam_console_t cert_t (file (ioctl read getattr lock open)))
(allow pam_console_t cert_t (dir (getattr open search)))
(allow pam_console_t cert_t (lnk_file (read getattr)))
(allow pam_console_t etc_t (dir (getattr open search)))
(allow pam_console_t selinux_config_t (dir (getattr open search)))
(allow pam_console_t default_context_t (dir (getattr open search)))
(allow pam_console_t file_context_t (dir (getattr open search)))
(allow pam_console_t file_context_t (file (ioctl read getattr lock open)))
(allow pam_console_t file_context_t (file (map)))
(dontaudit pam_console_t unpriv_userdomain (fd (use)))
(allow updpwd_t self (capability (chown dac_override)))
(allow updpwd_t self (process (setfscreate)))
(allow updpwd_t self (fifo_file (ioctl read write getattr lock append open)))
(allow updpwd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow updpwd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow updpwd_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition updpwd_t etc_t file shadow_history_t)
(allow updpwd_t shadow_history_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow updpwd_t proc_t (dir (getattr open search)))
(allow updpwd_t proc_t (file (ioctl read getattr lock open)))
(allow updpwd_t proc_t (dir (getattr open search)))
(allow updpwd_t proc_t (lnk_file (read getattr)))
(allow updpwd_t proc_t (dir (getattr open search)))
(allow updpwd_t proc_t (dir (ioctl read getattr lock open search)))
(allow updpwd_t device_t (dir (getattr open search)))
(allow updpwd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow updpwd_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow updpwd_t etc_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow updpwd_t etc_t (dir (getattr open search)))
(allow updpwd_t etc_t (lnk_file (read getattr)))
(dontaudit updpwd_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit updpwd_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow updpwd_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow updpwd_t etc_t (dir (getattr open search)))
(allow updpwd_t shadow_history_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow updpwd_t shadow_lock_t (dir (getattr open search)))
(allow updpwd_t shadow_lock_t (file (ioctl read write getattr lock append open)))
(allow updpwd_t shadow_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow updpwd_t devlog_t (sock_file (write getattr append open)))
(allow updpwd_t var_run_t (lnk_file (read getattr)))
(allow updpwd_t var_t (dir (getattr open search)))
(allow updpwd_t var_run_t (dir (getattr open search)))
(allow updpwd_t init_runtime_t (dir (getattr open search)))
(allow updpwd_t syslogd_runtime_t (dir (getattr open search)))
(allow updpwd_t syslogd_t (unix_dgram_socket (sendto)))
(allow updpwd_t syslogd_t (unix_stream_socket (connectto)))
(allow updpwd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow updpwd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow updpwd_t device_t (dir (getattr open search)))
(allow updpwd_t device_t (dir (ioctl read getattr lock open search)))
(allow updpwd_t device_t (dir (getattr open search)))
(allow updpwd_t device_t (lnk_file (read getattr)))
(allow updpwd_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit updpwd_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow updpwd_t etc_t (dir (getattr open search)))
(allow updpwd_t etc_t (lnk_file (read getattr)))
(allow updpwd_t usr_t (dir (getattr open search)))
(allow updpwd_t locale_t (dir (ioctl read getattr lock open search)))
(allow updpwd_t locale_t (dir (getattr open search)))
(allow updpwd_t locale_t (file (ioctl read getattr lock open)))
(allow updpwd_t locale_t (dir (getattr open search)))
(allow updpwd_t locale_t (lnk_file (read getattr)))
(allow updpwd_t locale_t (file (map)))
(allow updpwd_t device_t (dir (getattr open search)))
(allow updpwd_t device_t (dir (ioctl read getattr lock open search)))
(allow updpwd_t device_t (dir (getattr open search)))
(allow updpwd_t device_t (lnk_file (read getattr)))
(allow updpwd_t devpts_t (dir (ioctl read getattr lock open search)))
(allow updpwd_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow updpwd_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow utempter_t self (capability (setgid)))
(allow utempter_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow utempter_t wtmp_t (file (ioctl read write getattr lock append open)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow utempter_t etc_t (dir (ioctl read getattr lock open search)))
(allow utempter_t etc_t (dir (getattr open search)))
(allow utempter_t etc_t (file (ioctl read getattr lock open)))
(allow utempter_t etc_t (dir (getattr open search)))
(allow utempter_t etc_t (lnk_file (read getattr)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (dir (ioctl read getattr lock open search)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (lnk_file (read getattr)))
(allow utempter_t ttynode (chr_file (getattr)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (dir (ioctl read getattr lock open search)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (lnk_file (read getattr)))
(allow utempter_t devpts_t (dir (ioctl read getattr lock open search)))
(allow utempter_t ptynode (chr_file (getattr)))
(dontaudit utempter_t ttynode (chr_file (ioctl read write getattr lock append open)))
(dontaudit utempter_t ptynode (chr_file (ioctl read write getattr lock append open)))
(dontaudit utempter_t ptmx_t (chr_file (read write getattr)))
(allow utempter_t var_run_t (lnk_file (read getattr)))
(allow utempter_t var_t (dir (getattr open search)))
(allow utempter_t var_run_t (dir (ioctl read getattr lock open search)))
(allow utempter_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(allow utempter_t privfd (fd (use)))
(allow utempter_t var_t (dir (getattr open search)))
(allow utempter_t var_log_t (dir (getattr open search)))
(allow utempter_t var_log_t (lnk_file (read getattr)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (dir (ioctl read getattr lock open search)))
(allow utempter_t device_t (dir (getattr open search)))
(allow utempter_t device_t (lnk_file (read getattr)))
(allow utempter_t devpts_t (dir (ioctl read getattr lock open search)))
(allow utempter_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow utempter_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow utempter_t user_tmp_t (file (ioctl write getattr lock append open)))
(allow nsswitch_domain self (key (view read write search link setattr create)))
(allow nsswitch_domain var_t (dir (getattr open search)))
(allow nsswitch_domain var_lib_t (dir (ioctl read getattr lock open search)))
(allow nsswitch_domain etc_t (dir (ioctl read getattr lock open search)))
(allow nsswitch_domain etc_t (dir (getattr open search)))
(allow nsswitch_domain etc_t (file (ioctl read getattr lock open)))
(allow nsswitch_domain etc_t (dir (getattr open search)))
(allow nsswitch_domain etc_t (lnk_file (read getattr)))
(allow nsswitch_domain self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nsswitch_domain self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nsswitch_domain self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read)))
(allow nsswitch_domain netlabel_peer_t (peer (recv)))
(allow nsswitch_domain netlabel_peer_t (tcp_socket (recvfrom)))
(allow nsswitch_domain netlabel_peer_t (udp_socket (recvfrom)))
(allow nsswitch_domain netlabel_peer_t (rawip_socket (recvfrom)))
(allow nsswitch_domain netif_t (netif (ingress egress)))
(allow nsswitch_domain netif_t (netif (egress)))
(allow nsswitch_domain netif_t (netif (ingress)))
(allow nsswitch_domain node_t (node (recvfrom sendto)))
(allow nsswitch_domain node_t (node (sendto)))
(allow nsswitch_domain node_t (node (recvfrom)))
(allow nsswitch_domain dns_port_t (tcp_socket (name_connect)))
(allow nsswitch_domain dns_client_packet_t (packet (send)))
(allow nsswitch_domain dns_client_packet_t (packet (recv)))
(allow nsswitch_domain etc_t (dir (getattr open search)))
(allow nsswitch_domain var_run_t (lnk_file (read getattr)))
(allow nsswitch_domain var_t (dir (getattr open search)))
(allow nsswitch_domain var_run_t (dir (getattr open search)))
(allow nsswitch_domain net_conf_t (dir (ioctl read getattr lock open search)))
(allow nsswitch_domain net_conf_t (file (ioctl read getattr lock open)))
(allow nsswitch_domain net_conf_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t var_run_t dir "sepermit" pam_runtime_t)
(booleanif (authlogin_nsswitch_use_ldap)
    (true
        (allow nsswitch_domain net_conf_t (lnk_file (read getattr)))
        (allow nsswitch_domain net_conf_t (file (ioctl read getattr lock open)))
        (allow nsswitch_domain net_conf_t (dir (ioctl read getattr lock open search)))
        (allow nsswitch_domain var_run_t (dir (getattr open search)))
        (allow nsswitch_domain var_t (dir (getattr open search)))
        (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
        (allow nsswitch_domain etc_t (dir (getattr open search)))
        (allow nsswitch_domain urandom_device_t (chr_file (ioctl read getattr lock open)))
        (allow nsswitch_domain device_t (dir (getattr open search)))
        (allow nsswitch_domain random_device_t (chr_file (ioctl read getattr lock open)))
        (allow nsswitch_domain device_t (dir (getattr open search)))
        (allow nsswitch_domain ldap_client_packet_t (packet (recv)))
        (allow nsswitch_domain ldap_client_packet_t (packet (send)))
        (allow nsswitch_domain ldap_port_t (tcp_socket (name_connect)))
        (allow nsswitch_domain node_t (node (recvfrom sendto)))
        (allow nsswitch_domain netif_t (netif (ingress egress)))
        (allow nsswitch_domain netlabel_peer_t (tcp_socket (recvfrom)))
        (allow nsswitch_domain netlabel_peer_t (udp_socket (recvfrom)))
        (allow nsswitch_domain netlabel_peer_t (rawip_socket (recvfrom)))
        (allow nsswitch_domain netlabel_peer_t (peer (recv)))
        (allow nsswitch_domain self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
        (allow nsswitch_domain cert_t (lnk_file (read getattr)))
        (allow nsswitch_domain cert_t (dir (getattr open search)))
        (allow nsswitch_domain cert_t (file (ioctl read getattr lock open)))
        (allow nsswitch_domain cert_t (dir (getattr open search)))
        (allow nsswitch_domain cert_t (dir (ioctl read getattr lock open search)))
    )
    (false
        (dontaudit nsswitch_domain cert_t (lnk_file (read getattr)))
        (dontaudit nsswitch_domain cert_t (file (ioctl read getattr lock open)))
        (dontaudit nsswitch_domain cert_t (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (authlogin_pam)
    (true
        (dontaudit pam_domain shadow_t (file (ioctl read getattr lock open)))
    )
    (false
        (allow pam_domain shadow_t (file (ioctl read getattr lock open)))
    )
)
(typeattribute authlogin_typeattr_3)
(typeattributeset authlogin_typeattr_3 (not (can_relabelto_shadow_passwords ) ))
(typeattribute authlogin_typeattr_2)
(typeattributeset authlogin_typeattr_2 (not (can_write_shadow_passwords ) ))
(typeattribute authlogin_typeattr_1)
(typeattributeset authlogin_typeattr_1 (not (can_read_shadow_passwords ) ))
(optional authlogin_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow chkpwd_t init_t (process (sigchld)))
    (allow chkpwd_t init_t (process (signull)))
    (optional authlogin_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow chkpwd_t rpm_t (fd (use)))
        (allow chkpwd_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional authlogin_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit chkpwd_t security_t (filesystem (getattr)))
        (dontaudit chkpwd_t sysfs_t (filesystem (getattr)))
        (dontaudit chkpwd_t sysfs_t (dir (getattr open search)))
        (dontaudit chkpwd_t security_t (dir (getattr open search)))
        (dontaudit chkpwd_t security_t (file (ioctl read getattr lock open)))
        (optional authlogin_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit chkpwd_t selinux_config_t (dir (getattr open search)))
            (dontaudit chkpwd_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional authlogin_optional_6
                (typeattributeset cil_gen_require init_t)
                (allow pam_console_t init_t (process (sigchld)))
                (allow pam_console_t init_t (process (signull)))
                (optional authlogin_optional_7
                    (typeattributeset cil_gen_require rpm_t)
                    (allow pam_console_t rpm_t (fd (use)))
                    (allow pam_console_t rpm_t (fifo_file (ioctl read getattr lock open)))
                )
                (optional authlogin_optional_8
                    (typeattributeset cil_gen_require security_t)
                    (typeattributeset cil_gen_require sysfs_t)
                    (dontaudit pam_console_t security_t (filesystem (getattr)))
                    (dontaudit pam_console_t sysfs_t (filesystem (getattr)))
                    (dontaudit pam_console_t sysfs_t (dir (getattr open search)))
                    (dontaudit pam_console_t security_t (dir (getattr open search)))
                    (dontaudit pam_console_t security_t (file (ioctl read getattr lock open)))
                    (optional authlogin_optional_9
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit pam_console_t selinux_config_t (dir (getattr open search)))
                        (dontaudit pam_console_t selinux_config_t (file (ioctl read getattr lock open)))
                        (optional authlogin_optional_10
                            (typeattributeset cil_gen_require init_t)
                            (allow pam_t init_t (process (sigchld)))
                            (allow pam_t init_t (process (signull)))
                            (optional authlogin_optional_11
                                (typeattributeset cil_gen_require rpm_t)
                                (allow pam_t rpm_t (fd (use)))
                                (allow pam_t rpm_t (fifo_file (ioctl read getattr lock open)))
                            )
                            (optional authlogin_optional_12
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (dontaudit pam_t security_t (filesystem (getattr)))
                                (dontaudit pam_t sysfs_t (filesystem (getattr)))
                                (dontaudit pam_t sysfs_t (dir (getattr open search)))
                                (dontaudit pam_t security_t (dir (getattr open search)))
                                (dontaudit pam_t security_t (file (ioctl read getattr lock open)))
                                (optional authlogin_optional_13
                                    (typeattributeset cil_gen_require selinux_config_t)
                                    (dontaudit pam_t selinux_config_t (dir (getattr open search)))
                                    (dontaudit pam_t selinux_config_t (file (ioctl read getattr lock open)))
                                    (optional authlogin_optional_14
                                        (typeattributeset cil_gen_require init_t)
                                        (allow updpwd_t init_t (process (sigchld)))
                                        (allow updpwd_t init_t (process (signull)))
                                        (optional authlogin_optional_15
                                            (typeattributeset cil_gen_require rpm_t)
                                            (allow updpwd_t rpm_t (fd (use)))
                                            (allow updpwd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                        )
                                        (optional authlogin_optional_16
                                            (typeattributeset cil_gen_require security_t)
                                            (typeattributeset cil_gen_require sysfs_t)
                                            (dontaudit updpwd_t security_t (filesystem (getattr)))
                                            (dontaudit updpwd_t sysfs_t (filesystem (getattr)))
                                            (dontaudit updpwd_t sysfs_t (dir (getattr open search)))
                                            (dontaudit updpwd_t security_t (dir (getattr open search)))
                                            (dontaudit updpwd_t security_t (file (ioctl read getattr lock open)))
                                            (optional authlogin_optional_17
                                                (typeattributeset cil_gen_require selinux_config_t)
                                                (dontaudit updpwd_t selinux_config_t (dir (getattr open search)))
                                                (dontaudit updpwd_t selinux_config_t (file (ioctl read getattr lock open)))
                                                (optional authlogin_optional_18
                                                    (typeattributeset cil_gen_require init_t)
                                                    (allow utempter_t init_t (process (sigchld)))
                                                    (allow utempter_t init_t (process (signull)))
                                                    (optional authlogin_optional_19
                                                        (typeattributeset cil_gen_require rpm_t)
                                                        (allow utempter_t rpm_t (fd (use)))
                                                        (allow utempter_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                    )
                                                    (optional authlogin_optional_20
                                                        (typeattributeset cil_gen_require security_t)
                                                        (typeattributeset cil_gen_require sysfs_t)
                                                        (dontaudit utempter_t security_t (filesystem (getattr)))
                                                        (dontaudit utempter_t sysfs_t (filesystem (getattr)))
                                                        (dontaudit utempter_t sysfs_t (dir (getattr open search)))
                                                        (dontaudit utempter_t security_t (dir (getattr open search)))
                                                        (dontaudit utempter_t security_t (file (ioctl read getattr lock open)))
                                                        (optional authlogin_optional_21
                                                            (typeattributeset cil_gen_require selinux_config_t)
                                                            (dontaudit utempter_t selinux_config_t (dir (getattr open search)))
                                                            (dontaudit utempter_t selinux_config_t (file (ioctl read getattr lock open)))
                                                            (optional authlogin_optional_22
                                                                (typeattributeset cil_gen_require systemd_tmpfiles_t)
                                                                (allow systemd_tmpfiles_t faillog_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                                                                (allow systemd_tmpfiles_t faillog_t (file (ioctl write create getattr setattr lock relabelfrom relabelto append unlink open)))
                                                                (allow systemd_tmpfiles_t faillog_t (lnk_file (read create getattr setattr relabelfrom relabelto unlink)))
                                                                (allow systemd_tmpfiles_t faillog_t (fifo_file (create getattr setattr relabelfrom relabelto unlink)))
                                                                (allow systemd_tmpfiles_t var_auth_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                                                                (allow systemd_tmpfiles_t var_auth_t (file (ioctl write create getattr setattr lock relabelfrom relabelto append unlink open)))
                                                                (allow systemd_tmpfiles_t var_auth_t (lnk_file (read create getattr setattr relabelfrom relabelto unlink)))
                                                                (allow systemd_tmpfiles_t var_auth_t (fifo_file (create getattr setattr relabelfrom relabelto unlink)))
                                                            )
                                                            (optional authlogin_optional_23
                                                                (typeattributeset cil_gen_require httpd_t)
                                                                (dontaudit chkpwd_t httpd_t (tcp_socket (read write)))
                                                            )
                                                            (optional authlogin_optional_24
                                                                (typeattributeset cil_gen_require security_t)
                                                                (typeattributeset cil_gen_require selinux_config_t)
                                                                (typeattributeset cil_gen_require etc_t)
                                                                (typeattributeset cil_gen_require krb5kdc_conf_t)
                                                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                                                (typeattributeset cil_gen_require krb5_conf_t)
                                                                (typeattributeset cil_gen_require krb5_home_t)
                                                                (typeattributeset cil_gen_require user_home_dir_t)
                                                                (typeattributeset cil_gen_require home_root_t)
                                                                (typeattributeset cil_gen_require default_context_t)
                                                                (typeattributeset cil_gen_require file_context_t)
                                                                (typeattributeset cil_gen_require netlabel_peer_t)
                                                                (typeattributeset cil_gen_require netif_t)
                                                                (typeattributeset cil_gen_require node_t)
                                                                (typeattributeset cil_gen_require kerberos_client_packet_t)
                                                                (typeattributeset cil_gen_require kerberos_port_t)
                                                                (typeattributeset cil_gen_require ocsp_client_packet_t)
                                                                (typeattributeset cil_gen_require ocsp_port_t)
                                                                (allow chkpwd_t etc_t (dir (getattr open search)))
                                                                (allow chkpwd_t krb5_conf_t (file (ioctl read getattr lock open)))
                                                                (allow chkpwd_t user_home_dir_t (dir (getattr open search)))
                                                                (allow chkpwd_t home_root_t (dir (getattr open search)))
                                                                (allow chkpwd_t home_root_t (lnk_file (read getattr)))
                                                                (allow chkpwd_t krb5_home_t (file (ioctl read getattr lock open)))
                                                                (dontaudit chkpwd_t krb5_conf_t (file (ioctl write getattr lock append open)))
                                                                (dontaudit chkpwd_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                                                (dontaudit chkpwd_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                                                (dontaudit chkpwd_t self (process (setfscreate)))
                                                                (dontaudit chkpwd_t security_t (dir (ioctl read getattr lock open search)))
                                                                (dontaudit chkpwd_t security_t (file (ioctl read write getattr map open)))
                                                                (dontaudit chkpwd_t security_t (security (check_context)))
                                                                (dontaudit chkpwd_t selinux_config_t (dir (getattr open search)))
                                                                (dontaudit chkpwd_t default_context_t (dir (getattr open search)))
                                                                (dontaudit chkpwd_t file_context_t (dir (getattr open search)))
                                                                (dontaudit chkpwd_t file_context_t (file (ioctl read getattr lock open)))
                                                                (dontaudit chkpwd_t file_context_t (file (map)))
                                                                (booleanif (allow_kerberos)
                                                                    (true
                                                                        (allow chkpwd_t krb5_host_rcache_t (file (getattr)))
                                                                        (allow chkpwd_t ocsp_port_t (tcp_socket (name_connect)))
                                                                        (allow chkpwd_t ocsp_client_packet_t (packet (recv)))
                                                                        (allow chkpwd_t ocsp_client_packet_t (packet (send)))
                                                                        (allow chkpwd_t kerberos_port_t (tcp_socket (name_connect)))
                                                                        (allow chkpwd_t kerberos_client_packet_t (packet (recv)))
                                                                        (allow chkpwd_t kerberos_client_packet_t (packet (send)))
                                                                        (allow chkpwd_t node_t (node (recvfrom)))
                                                                        (allow chkpwd_t node_t (node (sendto)))
                                                                        (allow chkpwd_t node_t (node (recvfrom sendto)))
                                                                        (allow chkpwd_t netif_t (netif (ingress)))
                                                                        (allow chkpwd_t netif_t (netif (egress)))
                                                                        (allow chkpwd_t netif_t (netif (ingress egress)))
                                                                        (allow chkpwd_t netlabel_peer_t (tcp_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (udp_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (rawip_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (peer (recv)))
                                                                        (allow chkpwd_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        (allow chkpwd_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                    )
                                                                )
                                                                (optional authlogin_optional_25
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require pcscd_t)
                                                                    (typeattributeset cil_gen_require pcscd_runtime_t)
                                                                    (booleanif (allow_kerberos)
                                                                        (true
                                                                            (allow pcscd_t chkpwd_t (file (ioctl read getattr lock open)))
                                                                            (allow pcscd_t chkpwd_t (dir (ioctl read getattr lock open search)))
                                                                            (allow chkpwd_t pcscd_t (unix_stream_socket (connectto)))
                                                                            (allow chkpwd_t pcscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow chkpwd_t pcscd_runtime_t (dir (getattr open search)))
                                                                            (allow chkpwd_t var_run_t (dir (getattr open search)))
                                                                            (allow chkpwd_t var_t (dir (getattr open search)))
                                                                            (allow chkpwd_t var_run_t (lnk_file (read getattr)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_26
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require sssd_public_t)
                                                                    (typeattributeset cil_gen_require sssd_var_lib_t)
                                                                    (typeattributeset cil_gen_require var_lib_t)
                                                                    (allow chkpwd_t sssd_var_lib_t (dir (getattr open search)))
                                                                    (allow chkpwd_t var_t (dir (getattr open search)))
                                                                    (allow chkpwd_t var_lib_t (dir (getattr open search)))
                                                                    (allow chkpwd_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                                                    (allow chkpwd_t sssd_public_t (dir (getattr open search)))
                                                                    (allow chkpwd_t sssd_public_t (file (ioctl read getattr lock open)))
                                                                )
                                                            )
                                                            (optional authlogin_optional_27
                                                                (typeattributeset cil_gen_require etc_t)
                                                                (typeattributeset cil_gen_require var_t)
                                                                (typeattributeset cil_gen_require var_run_t)
                                                                (typeattributeset cil_gen_require netlabel_peer_t)
                                                                (typeattributeset cil_gen_require netif_t)
                                                                (typeattributeset cil_gen_require node_t)
                                                                (typeattributeset cil_gen_require var_yp_t)
                                                                (typeattributeset cil_gen_require port_t)
                                                                (typeattributeset cil_gen_require defined_port_type)
                                                                (typeattributeset cil_gen_require reserved_port_type)
                                                                (typeattributeset cil_gen_require port_type)
                                                                (typeattributeset cil_gen_require portmap_port_t)
                                                                (typeattributeset cil_gen_require reserved_port_t)
                                                                (typeattributeset cil_gen_require portmap_client_packet_t)
                                                                (typeattributeset cil_gen_require client_packet_t)
                                                                (typeattributeset cil_gen_require server_packet_t)
                                                                (typeattributeset cil_gen_require net_conf_t)
                                                                (typeattributeset cil_gen_require rpc_port_type)
                                                                (booleanif (allow_ypbind)
                                                                    (true
                                                                        (allow chkpwd_t self (capability (net_bind_service)))
                                                                        (allow chkpwd_t rpc_port_type (udp_socket (name_bind)))
                                                                        (allow chkpwd_t self (capability (net_bind_service)))
                                                                        (allow chkpwd_t rpc_port_type (tcp_socket (name_bind)))
                                                                        (allow chkpwd_t net_conf_t (lnk_file (read getattr)))
                                                                        (allow chkpwd_t net_conf_t (file (ioctl read getattr lock open)))
                                                                        (allow chkpwd_t net_conf_t (dir (ioctl read getattr lock open search)))
                                                                        (allow chkpwd_t var_run_t (dir (getattr open search)))
                                                                        (allow chkpwd_t var_t (dir (getattr open search)))
                                                                        (allow chkpwd_t var_run_t (lnk_file (read getattr)))
                                                                        (allow chkpwd_t etc_t (dir (getattr open search)))
                                                                        (allow chkpwd_t server_packet_t (packet (recv)))
                                                                        (allow chkpwd_t server_packet_t (packet (send)))
                                                                        (allow chkpwd_t client_packet_t (packet (recv)))
                                                                        (allow chkpwd_t client_packet_t (packet (send)))
                                                                        (allow chkpwd_t portmap_client_packet_t (packet (recv)))
                                                                        (allow chkpwd_t portmap_client_packet_t (packet (send)))
                                                                        (dontaudit chkpwd_t port_type (tcp_socket (name_connect)))
                                                                        (allow chkpwd_t port_t (tcp_socket (name_connect)))
                                                                        (allow chkpwd_t reserved_port_t (tcp_socket (name_connect)))
                                                                        (allow chkpwd_t portmap_port_t (tcp_socket (name_connect)))
                                                                        (dontaudit chkpwd_t port_type (udp_socket (name_bind)))
                                                                        (dontaudit chkpwd_t port_type (tcp_socket (name_bind)))
                                                                        (dontaudit chkpwd_t reserved_port_type (udp_socket (name_bind)))
                                                                        (dontaudit chkpwd_t reserved_port_type (tcp_socket (name_bind)))
                                                                        (dontaudit chkpwd_t defined_port_type (udp_socket (name_bind)))
                                                                        (allow chkpwd_t port_t (udp_socket (name_bind)))
                                                                        (dontaudit chkpwd_t defined_port_type (tcp_socket (name_bind)))
                                                                        (allow chkpwd_t port_t (tcp_socket (name_bind)))
                                                                        (allow chkpwd_t node_t (udp_socket (node_bind)))
                                                                        (allow chkpwd_t node_t (tcp_socket (node_bind)))
                                                                        (allow chkpwd_t node_t (node (recvfrom)))
                                                                        (allow chkpwd_t node_t (node (sendto)))
                                                                        (allow chkpwd_t node_t (node (recvfrom sendto)))
                                                                        (allow chkpwd_t netif_t (netif (ingress)))
                                                                        (allow chkpwd_t netif_t (netif (egress)))
                                                                        (allow chkpwd_t netif_t (netif (ingress egress)))
                                                                        (allow chkpwd_t netlabel_peer_t (tcp_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (udp_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (rawip_socket (recvfrom)))
                                                                        (allow chkpwd_t netlabel_peer_t (peer (recv)))
                                                                        (allow chkpwd_t var_yp_t (lnk_file (read getattr)))
                                                                        (allow chkpwd_t var_yp_t (file (ioctl read getattr lock open)))
                                                                        (allow chkpwd_t var_yp_t (dir (ioctl read getattr lock open search)))
                                                                        (allow chkpwd_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        (allow chkpwd_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                        (allow chkpwd_t self (capability (net_bind_service)))
                                                                    )
                                                                )
                                                            )
                                                            (optional authlogin_optional_28
                                                                (typeattributeset cil_gen_require local_login_t)
                                                                (allow pam_t local_login_t (fd (use)))
                                                            )
                                                            (optional authlogin_optional_29
                                                                (typeattributeset cil_gen_require etc_t)
                                                                (typeattributeset cil_gen_require var_t)
                                                                (typeattributeset cil_gen_require var_run_t)
                                                                (typeattributeset cil_gen_require netlabel_peer_t)
                                                                (typeattributeset cil_gen_require netif_t)
                                                                (typeattributeset cil_gen_require node_t)
                                                                (typeattributeset cil_gen_require var_yp_t)
                                                                (typeattributeset cil_gen_require port_t)
                                                                (typeattributeset cil_gen_require defined_port_type)
                                                                (typeattributeset cil_gen_require reserved_port_type)
                                                                (typeattributeset cil_gen_require port_type)
                                                                (typeattributeset cil_gen_require portmap_port_t)
                                                                (typeattributeset cil_gen_require reserved_port_t)
                                                                (typeattributeset cil_gen_require portmap_client_packet_t)
                                                                (typeattributeset cil_gen_require client_packet_t)
                                                                (typeattributeset cil_gen_require server_packet_t)
                                                                (typeattributeset cil_gen_require net_conf_t)
                                                                (typeattributeset cil_gen_require rpc_port_type)
                                                                (booleanif (allow_ypbind)
                                                                    (true
                                                                        (allow pam_domain self (capability (net_bind_service)))
                                                                        (allow pam_domain rpc_port_type (udp_socket (name_bind)))
                                                                        (allow pam_domain self (capability (net_bind_service)))
                                                                        (allow pam_domain rpc_port_type (tcp_socket (name_bind)))
                                                                        (allow pam_domain net_conf_t (lnk_file (read getattr)))
                                                                        (allow pam_domain net_conf_t (file (ioctl read getattr lock open)))
                                                                        (allow pam_domain net_conf_t (dir (ioctl read getattr lock open search)))
                                                                        (allow pam_domain var_run_t (dir (getattr open search)))
                                                                        (allow pam_domain var_t (dir (getattr open search)))
                                                                        (allow pam_domain var_run_t (lnk_file (read getattr)))
                                                                        (allow pam_domain etc_t (dir (getattr open search)))
                                                                        (allow pam_domain server_packet_t (packet (recv)))
                                                                        (allow pam_domain server_packet_t (packet (send)))
                                                                        (allow pam_domain client_packet_t (packet (recv)))
                                                                        (allow pam_domain client_packet_t (packet (send)))
                                                                        (allow pam_domain portmap_client_packet_t (packet (recv)))
                                                                        (allow pam_domain portmap_client_packet_t (packet (send)))
                                                                        (dontaudit pam_domain port_type (tcp_socket (name_connect)))
                                                                        (allow pam_domain port_t (tcp_socket (name_connect)))
                                                                        (allow pam_domain reserved_port_t (tcp_socket (name_connect)))
                                                                        (allow pam_domain portmap_port_t (tcp_socket (name_connect)))
                                                                        (dontaudit pam_domain port_type (udp_socket (name_bind)))
                                                                        (dontaudit pam_domain port_type (tcp_socket (name_bind)))
                                                                        (dontaudit pam_domain reserved_port_type (udp_socket (name_bind)))
                                                                        (dontaudit pam_domain reserved_port_type (tcp_socket (name_bind)))
                                                                        (dontaudit pam_domain defined_port_type (udp_socket (name_bind)))
                                                                        (allow pam_domain port_t (udp_socket (name_bind)))
                                                                        (dontaudit pam_domain defined_port_type (tcp_socket (name_bind)))
                                                                        (allow pam_domain port_t (tcp_socket (name_bind)))
                                                                        (allow pam_domain node_t (udp_socket (node_bind)))
                                                                        (allow pam_domain node_t (tcp_socket (node_bind)))
                                                                        (allow pam_domain node_t (node (recvfrom)))
                                                                        (allow pam_domain node_t (node (sendto)))
                                                                        (allow pam_domain node_t (node (recvfrom sendto)))
                                                                        (allow pam_domain netif_t (netif (ingress)))
                                                                        (allow pam_domain netif_t (netif (egress)))
                                                                        (allow pam_domain netif_t (netif (ingress egress)))
                                                                        (allow pam_domain netlabel_peer_t (tcp_socket (recvfrom)))
                                                                        (allow pam_domain netlabel_peer_t (udp_socket (recvfrom)))
                                                                        (allow pam_domain netlabel_peer_t (rawip_socket (recvfrom)))
                                                                        (allow pam_domain netlabel_peer_t (peer (recv)))
                                                                        (allow pam_domain var_yp_t (lnk_file (read getattr)))
                                                                        (allow pam_domain var_yp_t (file (ioctl read getattr lock open)))
                                                                        (allow pam_domain var_yp_t (dir (ioctl read getattr lock open search)))
                                                                        (allow pam_domain self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        (allow pam_domain self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                        (allow pam_domain self (capability (net_bind_service)))
                                                                    )
                                                                )
                                                            )
                                                            (optional authlogin_optional_30
                                                                (typeattributeset cil_gen_require device_t)
                                                                (typeattributeset cil_gen_require gpmctl_t)
                                                                (allow pam_console_t device_t (dir (getattr open search)))
                                                                (allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
                                                                (allow pam_console_t device_t (dir (getattr open search)))
                                                                (allow pam_console_t device_t (lnk_file (read getattr)))
                                                                (allow pam_console_t gpmctl_t (sock_file (getattr)))
                                                                (allow pam_console_t gpmctl_t (fifo_file (getattr)))
                                                                (allow pam_console_t device_t (dir (getattr open search)))
                                                                (allow pam_console_t device_t (dir (ioctl read getattr lock open search)))
                                                                (allow pam_console_t device_t (dir (getattr open search)))
                                                                (allow pam_console_t device_t (lnk_file (read getattr)))
                                                                (allow pam_console_t gpmctl_t (sock_file (setattr)))
                                                            )
                                                            (optional authlogin_optional_31
                                                                (typeattributeset cil_gen_require newrole_t)
                                                                (allow pam_console_t newrole_t (process (sigchld)))
                                                                (optional authlogin_optional_32
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require xdm_var_run_t)
                                                                    (typeattributeset cil_gen_require xserver_log_t)
                                                                    (allow pam_console_t var_run_t (lnk_file (read getattr)))
                                                                    (allow pam_console_t var_t (dir (getattr open search)))
                                                                    (allow pam_console_t var_run_t (dir (getattr open search)))
                                                                    (allow pam_console_t xdm_var_run_t (dir (getattr open search)))
                                                                    (allow pam_console_t xdm_var_run_t (file (ioctl read getattr lock open)))
                                                                    (dontaudit pam_console_t xserver_log_t (file (ioctl write append)))
                                                                )
                                                                (optional authlogin_optional_33
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require nscd_t)
                                                                    (typeattributeset cil_gen_require nscd_runtime_t)
                                                                    (booleanif (nscd_use_shm)
                                                                        (true
                                                                            (allow utempter_t nscd_runtime_t (sock_file (read getattr open)))
                                                                            (allow utempter_t nscd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit utempter_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow utempter_t nscd_t (unix_stream_socket (connectto)))
                                                                            (allow utempter_t nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow utempter_t nscd_runtime_t (dir (getattr open search)))
                                                                            (allow utempter_t var_run_t (dir (getattr open search)))
                                                                            (allow utempter_t var_t (dir (getattr open search)))
                                                                            (allow utempter_t var_run_t (lnk_file (read getattr)))
                                                                            (allow utempter_t nscd_t (fd (use)))
                                                                            (allow utempter_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                                                                            (allow utempter_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                        )
                                                                        (false
                                                                            (allow nscd_t utempter_t (process (getattr)))
                                                                            (allow nscd_t utempter_t (lnk_file (read getattr)))
                                                                            (allow nscd_t utempter_t (file (ioctl read getattr lock open)))
                                                                            (allow nscd_t utempter_t (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit utempter_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow utempter_t nscd_t (unix_stream_socket (connectto)))
                                                                            (allow utempter_t nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow utempter_t nscd_runtime_t (dir (getattr open search)))
                                                                            (allow utempter_t var_run_t (dir (getattr open search)))
                                                                            (allow utempter_t var_t (dir (getattr open search)))
                                                                            (allow utempter_t var_run_t (lnk_file (read getattr)))
                                                                            (dontaudit utempter_t nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                                                                            (dontaudit utempter_t nscd_t (fd (use)))
                                                                            (allow utempter_t nscd_t (nscd (getgrp gethost getpwd)))
                                                                            (allow utempter_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_34
                                                                    (typeattributeset cil_gen_require xdm_t)
                                                                    (typeattributeset cil_gen_require xsession_log_t)
                                                                    (allow utempter_t xdm_t (fd (use)))
                                                                    (allow utempter_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                                                                    (allow utempter_t xsession_log_t (file (ioctl write getattr lock append)))
                                                                )
                                                                (optional authlogin_optional_35
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require avahi_t)
                                                                    (typeattributeset cil_gen_require avahi_runtime_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain avahi_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain avahi_runtime_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain avahi_t (unix_stream_socket (connectto)))
                                                                )
                                                                (optional authlogin_optional_36
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require NetworkManager_runtime_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain NetworkManager_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain NetworkManager_runtime_t (file (ioctl read getattr lock open)))
                                                                )
                                                                (optional authlogin_optional_37
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require nscd_t)
                                                                    (typeattributeset cil_gen_require nscd_runtime_t)
                                                                    (booleanif (nscd_use_shm)
                                                                        (true
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (read getattr open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit nsswitch_domain nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain nscd_t (unix_stream_socket (connectto)))
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            (allow nsswitch_domain nscd_t (fd (use)))
                                                                            (allow nsswitch_domain nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                                                                            (allow nsswitch_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                        )
                                                                        (false
                                                                            (allow nscd_t nsswitch_domain (process (getattr)))
                                                                            (allow nscd_t nsswitch_domain (lnk_file (read getattr)))
                                                                            (allow nscd_t nsswitch_domain (file (ioctl read getattr lock open)))
                                                                            (allow nscd_t nsswitch_domain (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit nsswitch_domain nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain nscd_t (unix_stream_socket (connectto)))
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            (dontaudit nsswitch_domain nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                                                                            (dontaudit nsswitch_domain nscd_t (fd (use)))
                                                                            (allow nsswitch_domain nscd_t (nscd (getgrp gethost getpwd)))
                                                                            (allow nsswitch_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_38
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require slapd_t)
                                                                    (typeattributeset cil_gen_require slapd_runtime_t)
                                                                    (booleanif (authlogin_nsswitch_use_ldap)
                                                                        (true
                                                                            (allow nsswitch_domain slapd_t (unix_stream_socket (connectto)))
                                                                            (allow nsswitch_domain slapd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow nsswitch_domain slapd_runtime_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_39
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require avahi_t)
                                                                    (typeattributeset cil_gen_require avahi_runtime_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain avahi_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain avahi_runtime_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain avahi_t (unix_stream_socket (connectto)))
                                                                )
                                                                (optional authlogin_optional_40
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require likewise_var_lib_t)
                                                                    (typeattributeset cil_gen_require lsassd_var_socket_t)
                                                                    (typeattributeset cil_gen_require lsassd_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain likewise_var_lib_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain lsassd_var_socket_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain lsassd_t (unix_stream_socket (connectto)))
                                                                )
                                                                (optional authlogin_optional_41
                                                                    (typeattributeset cil_gen_require security_t)
                                                                    (typeattributeset cil_gen_require selinux_config_t)
                                                                    (typeattributeset cil_gen_require etc_t)
                                                                    (typeattributeset cil_gen_require krb5kdc_conf_t)
                                                                    (typeattributeset cil_gen_require krb5_host_rcache_t)
                                                                    (typeattributeset cil_gen_require krb5_conf_t)
                                                                    (typeattributeset cil_gen_require krb5_home_t)
                                                                    (typeattributeset cil_gen_require user_home_dir_t)
                                                                    (typeattributeset cil_gen_require home_root_t)
                                                                    (typeattributeset cil_gen_require default_context_t)
                                                                    (typeattributeset cil_gen_require file_context_t)
                                                                    (typeattributeset cil_gen_require netlabel_peer_t)
                                                                    (typeattributeset cil_gen_require netif_t)
                                                                    (typeattributeset cil_gen_require node_t)
                                                                    (typeattributeset cil_gen_require kerberos_client_packet_t)
                                                                    (typeattributeset cil_gen_require kerberos_port_t)
                                                                    (typeattributeset cil_gen_require ocsp_client_packet_t)
                                                                    (typeattributeset cil_gen_require ocsp_port_t)
                                                                    (allow nsswitch_domain etc_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain krb5_conf_t (file (ioctl read getattr lock open)))
                                                                    (allow nsswitch_domain user_home_dir_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain home_root_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain home_root_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain krb5_home_t (file (ioctl read getattr lock open)))
                                                                    (dontaudit nsswitch_domain krb5_conf_t (file (ioctl write getattr lock append open)))
                                                                    (dontaudit nsswitch_domain krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                                                    (dontaudit nsswitch_domain krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                                                    (dontaudit nsswitch_domain self (process (setfscreate)))
                                                                    (dontaudit nsswitch_domain security_t (dir (ioctl read getattr lock open search)))
                                                                    (dontaudit nsswitch_domain security_t (file (ioctl read write getattr map open)))
                                                                    (dontaudit nsswitch_domain security_t (security (check_context)))
                                                                    (dontaudit nsswitch_domain selinux_config_t (dir (getattr open search)))
                                                                    (dontaudit nsswitch_domain default_context_t (dir (getattr open search)))
                                                                    (dontaudit nsswitch_domain file_context_t (dir (getattr open search)))
                                                                    (dontaudit nsswitch_domain file_context_t (file (ioctl read getattr lock open)))
                                                                    (dontaudit nsswitch_domain file_context_t (file (map)))
                                                                    (booleanif (allow_kerberos)
                                                                        (true
                                                                            (allow nsswitch_domain krb5_host_rcache_t (file (getattr)))
                                                                            (allow nsswitch_domain ocsp_port_t (tcp_socket (name_connect)))
                                                                            (allow nsswitch_domain ocsp_client_packet_t (packet (recv)))
                                                                            (allow nsswitch_domain ocsp_client_packet_t (packet (send)))
                                                                            (allow nsswitch_domain kerberos_port_t (tcp_socket (name_connect)))
                                                                            (allow nsswitch_domain kerberos_client_packet_t (packet (recv)))
                                                                            (allow nsswitch_domain kerberos_client_packet_t (packet (send)))
                                                                            (allow nsswitch_domain node_t (node (recvfrom)))
                                                                            (allow nsswitch_domain node_t (node (sendto)))
                                                                            (allow nsswitch_domain node_t (node (recvfrom sendto)))
                                                                            (allow nsswitch_domain netif_t (netif (ingress)))
                                                                            (allow nsswitch_domain netif_t (netif (egress)))
                                                                            (allow nsswitch_domain netif_t (netif (ingress egress)))
                                                                            (allow nsswitch_domain netlabel_peer_t (tcp_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (udp_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (rawip_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (peer (recv)))
                                                                            (allow nsswitch_domain self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                            (allow nsswitch_domain self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        )
                                                                    )
                                                                    (optional authlogin_optional_42
                                                                        (typeattributeset cil_gen_require var_t)
                                                                        (typeattributeset cil_gen_require var_run_t)
                                                                        (typeattributeset cil_gen_require pcscd_t)
                                                                        (typeattributeset cil_gen_require pcscd_runtime_t)
                                                                        (booleanif (allow_kerberos)
                                                                            (true
                                                                                (allow pcscd_t nsswitch_domain (file (ioctl read getattr lock open)))
                                                                                (allow pcscd_t nsswitch_domain (dir (ioctl read getattr lock open search)))
                                                                                (allow nsswitch_domain pcscd_t (unix_stream_socket (connectto)))
                                                                                (allow nsswitch_domain pcscd_runtime_t (sock_file (write getattr append open)))
                                                                                (allow nsswitch_domain pcscd_runtime_t (dir (getattr open search)))
                                                                                (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                                (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                                (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            )
                                                                        )
                                                                    )
                                                                    (optional authlogin_optional_43
                                                                        (typeattributeset cil_gen_require var_t)
                                                                        (typeattributeset cil_gen_require sssd_public_t)
                                                                        (typeattributeset cil_gen_require sssd_var_lib_t)
                                                                        (typeattributeset cil_gen_require var_lib_t)
                                                                        (allow nsswitch_domain sssd_var_lib_t (dir (getattr open search)))
                                                                        (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                        (allow nsswitch_domain var_lib_t (dir (getattr open search)))
                                                                        (allow nsswitch_domain sssd_public_t (dir (ioctl read getattr lock open search)))
                                                                        (allow nsswitch_domain sssd_public_t (dir (getattr open search)))
                                                                        (allow nsswitch_domain sssd_public_t (file (ioctl read getattr lock open)))
                                                                    )
                                                                )
                                                                (optional authlogin_optional_44
                                                                    (typeattributeset cil_gen_require etc_t)
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require netlabel_peer_t)
                                                                    (typeattributeset cil_gen_require netif_t)
                                                                    (typeattributeset cil_gen_require node_t)
                                                                    (typeattributeset cil_gen_require var_yp_t)
                                                                    (typeattributeset cil_gen_require port_t)
                                                                    (typeattributeset cil_gen_require defined_port_type)
                                                                    (typeattributeset cil_gen_require reserved_port_type)
                                                                    (typeattributeset cil_gen_require port_type)
                                                                    (typeattributeset cil_gen_require portmap_port_t)
                                                                    (typeattributeset cil_gen_require reserved_port_t)
                                                                    (typeattributeset cil_gen_require portmap_client_packet_t)
                                                                    (typeattributeset cil_gen_require client_packet_t)
                                                                    (typeattributeset cil_gen_require server_packet_t)
                                                                    (typeattributeset cil_gen_require net_conf_t)
                                                                    (booleanif (allow_ypbind)
                                                                        (true
                                                                            (allow nsswitch_domain net_conf_t (lnk_file (read getattr)))
                                                                            (allow nsswitch_domain net_conf_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain net_conf_t (dir (ioctl read getattr lock open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            (allow nsswitch_domain etc_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain server_packet_t (packet (recv)))
                                                                            (allow nsswitch_domain server_packet_t (packet (send)))
                                                                            (allow nsswitch_domain client_packet_t (packet (recv)))
                                                                            (allow nsswitch_domain client_packet_t (packet (send)))
                                                                            (allow nsswitch_domain portmap_client_packet_t (packet (recv)))
                                                                            (allow nsswitch_domain portmap_client_packet_t (packet (send)))
                                                                            (dontaudit nsswitch_domain port_type (tcp_socket (name_connect)))
                                                                            (allow nsswitch_domain port_t (tcp_socket (name_connect)))
                                                                            (allow nsswitch_domain reserved_port_t (tcp_socket (name_connect)))
                                                                            (allow nsswitch_domain portmap_port_t (tcp_socket (name_connect)))
                                                                            (dontaudit nsswitch_domain port_type (udp_socket (name_bind)))
                                                                            (dontaudit nsswitch_domain port_type (tcp_socket (name_bind)))
                                                                            (dontaudit nsswitch_domain reserved_port_type (udp_socket (name_bind)))
                                                                            (dontaudit nsswitch_domain reserved_port_type (tcp_socket (name_bind)))
                                                                            (dontaudit nsswitch_domain defined_port_type (udp_socket (name_bind)))
                                                                            (allow nsswitch_domain port_t (udp_socket (name_bind)))
                                                                            (dontaudit nsswitch_domain defined_port_type (tcp_socket (name_bind)))
                                                                            (allow nsswitch_domain port_t (tcp_socket (name_bind)))
                                                                            (allow nsswitch_domain node_t (udp_socket (node_bind)))
                                                                            (allow nsswitch_domain node_t (tcp_socket (node_bind)))
                                                                            (allow nsswitch_domain node_t (node (recvfrom)))
                                                                            (allow nsswitch_domain node_t (node (sendto)))
                                                                            (allow nsswitch_domain node_t (node (recvfrom sendto)))
                                                                            (allow nsswitch_domain netif_t (netif (ingress)))
                                                                            (allow nsswitch_domain netif_t (netif (egress)))
                                                                            (allow nsswitch_domain netif_t (netif (ingress egress)))
                                                                            (allow nsswitch_domain netlabel_peer_t (tcp_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (udp_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (rawip_socket (recvfrom)))
                                                                            (allow nsswitch_domain netlabel_peer_t (peer (recv)))
                                                                            (allow nsswitch_domain var_yp_t (lnk_file (read getattr)))
                                                                            (allow nsswitch_domain var_yp_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain var_yp_t (dir (ioctl read getattr lock open search)))
                                                                            (allow nsswitch_domain self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                            (allow nsswitch_domain self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                            (allow nsswitch_domain self (capability (net_bind_service)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_45
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require nscd_t)
                                                                    (typeattributeset cil_gen_require nscd_runtime_t)
                                                                    (booleanif (nscd_use_shm)
                                                                        (true
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (read getattr open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit nsswitch_domain nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain nscd_t (unix_stream_socket (connectto)))
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            (allow nsswitch_domain nscd_t (fd (use)))
                                                                            (allow nsswitch_domain nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                                                                            (allow nsswitch_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                        )
                                                                        (false
                                                                            (allow nscd_t nsswitch_domain (process (getattr)))
                                                                            (allow nscd_t nsswitch_domain (lnk_file (read getattr)))
                                                                            (allow nscd_t nsswitch_domain (file (ioctl read getattr lock open)))
                                                                            (allow nscd_t nsswitch_domain (dir (ioctl read getattr lock open search)))
                                                                            (dontaudit nsswitch_domain nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                            (allow nsswitch_domain nscd_t (unix_stream_socket (connectto)))
                                                                            (allow nsswitch_domain nscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow nsswitch_domain nscd_runtime_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                            (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                            (dontaudit nsswitch_domain nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                                                                            (dontaudit nsswitch_domain nscd_t (fd (use)))
                                                                            (allow nsswitch_domain nscd_t (nscd (getgrp gethost getpwd)))
                                                                            (allow nsswitch_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional authlogin_optional_46
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require nslcd_t)
                                                                    (typeattributeset cil_gen_require nslcd_runtime_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain nslcd_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain nslcd_runtime_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain nslcd_t (unix_stream_socket (connectto)))
                                                                )
                                                                (optional authlogin_optional_47
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require sssd_var_lib_t)
                                                                    (typeattributeset cil_gen_require sssd_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain sssd_var_lib_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain sssd_var_lib_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain sssd_t (unix_stream_socket (connectto)))
                                                                )
                                                                (optional authlogin_optional_48
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require var_lib_t)
                                                                    (typeattributeset cil_gen_require samba_var_t)
                                                                    (typeattributeset cil_gen_require winbind_t)
                                                                    (typeattributeset cil_gen_require winbind_runtime_t)
                                                                    (typeattributeset cil_gen_require samba_runtime_t)
                                                                    (allow nsswitch_domain var_run_t (lnk_file (read getattr)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_run_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain samba_var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain winbind_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain samba_runtime_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain winbind_runtime_t (sock_file (write getattr append open)))
                                                                    (allow nsswitch_domain winbind_t (unix_stream_socket (connectto)))
                                                                    (allow nsswitch_domain var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain var_lib_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain samba_var_t (dir (getattr open search)))
                                                                    (allow nsswitch_domain samba_var_t (file (ioctl read getattr lock open)))
                                                                    (dontaudit nsswitch_domain samba_var_t (file (write)))
                                                                )
                                                            )
                                                        )
                                                    )
                                                )
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
        )
    )
)
(filecon "/etc/\.pwd\.lock" file (system_u object_r shadow_lock_t ((s0) (s0))))
(filecon "/etc/group\.lock" file (system_u object_r shadow_lock_t ((s0) (s0))))
(filecon "/etc/passwd\.lock" file (system_u object_r shadow_lock_t ((s0) (s0))))
(filecon "/etc/gshadow.*" file (system_u object_r shadow_t ((s0) (s0))))
(filecon "/etc/shadow.*" file (system_u object_r shadow_t ((s0) (s0))))
(filecon "/etc/tcb/.+/shadow.*" file (system_u object_r shadow_t ((s0) (s0))))
(filecon "/etc/security/opasswd" file (system_u object_r shadow_history_t ((s0) (s0))))
(filecon "/etc/security/opasswd\.old" file (system_u object_r shadow_history_t ((s0) (s0))))
(filecon "/usr/bin/login" file (system_u object_r login_exec_t ((s0) (s0))))
(filecon "/usr/bin/pam_console_apply" file (system_u object_r pam_console_exec_t ((s0) (s0))))
(filecon "/usr/bin/pam_timestamp_check" file (system_u object_r pam_exec_t ((s0) (s0))))
(filecon "/usr/bin/tcb_convert" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/tcb_unconvert" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/unix_chkpwd" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/unix_update" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/unix_verify" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/utempter" file (system_u object_r utempter_exec_t ((s0) (s0))))
(filecon "/usr/bin/validate" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/kerberos/sbin/login\.krb5" file (system_u object_r login_exec_t ((s0) (s0))))
(filecon "/usr/lib/([^/]+/)?utempter/utempter" file (system_u object_r utempter_exec_t ((s0) (s0))))
(filecon "/usr/libexec/chkpwd/tcb_chkpwd" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/libexec/chkpwd/tcb_updpwd" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/pam_console_apply" file (system_u object_r pam_console_exec_t ((s0) (s0))))
(filecon "/usr/sbin/pam_timestamp_check" file (system_u object_r pam_exec_t ((s0) (s0))))
(filecon "/usr/sbin/pwhistory_helper" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/tcb_convert" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/tcb_unconvert" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/unix_chkpwd" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/unix_update" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/unix_verify" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/utempter" file (system_u object_r utempter_exec_t ((s0) (s0))))
(filecon "/usr/sbin/validate" file (system_u object_r chkpwd_exec_t ((s0) (s0))))
(filecon "/usr/bin/pwhistory_helper" file (system_u object_r updpwd_exec_t ((s0) (s0))))
(filecon "/var/cache/coolkey(/.*)?" any (system_u object_r auth_cache_t ((s0) (s0))))
(filecon "/var/db/shadow.*" file (system_u object_r shadow_t ((s0) (s0))))
(filecon "/var/lib/abl(/.*)?" any (system_u object_r var_auth_t ((s0) (s0))))
(filecon "/var/lib/pam_ssh(/.*)?" any (system_u object_r var_auth_t ((s0) (s0))))
(filecon "/var/log/btmp.*" file (system_u object_r faillog_t ((s0) (s0))))
(filecon "/var/log/faillog" file (system_u object_r faillog_t ((s0) (s0))))
(filecon "/var/log/lastlog" file (system_u object_r lastlog_t ((s0) (s0))))
(filecon "/var/log/tallylog" file (system_u object_r faillog_t ((s0) (s0))))
(filecon "/var/log/wtmp.*" file (system_u object_r wtmp_t ((s0) (s0))))
(filecon "/run/console(/.*)?" any (system_u object_r pam_var_console_t ((s0) (s0))))
(filecon "/run/faillock(/.*)?" any (system_u object_r faillog_t ((s0) (s0))))
(filecon "/run/motd" file (system_u object_r pam_motd_runtime_t ((s0) (s0))))
(filecon "/run/motd\.dynamic" file (system_u object_r pam_motd_runtime_t ((s0) (s0))))
(filecon "/run/motd\.dynamic\.new" file (system_u object_r pam_motd_runtime_t ((s0) (s0))))
(filecon "/run/motd\.d(/.*)?" any (system_u object_r pam_motd_runtime_t ((s0) (s0))))
(filecon "/run/pam_mount(/.*)?" any (system_u object_r pam_runtime_t ((s0) (s0))))
(filecon "/run/pam_ssh(/.*)?" any (system_u object_r var_auth_t ((s0) (s0))))
(filecon "/run/sepermit(/.*)?" any (system_u object_r pam_runtime_t ((s0) (s0))))
(filecon "/run/sudo(/.*)?" any (system_u object_r pam_runtime_t ((s0) (s0))))
(filecon "/run/sudo/ts/%{USERNAME}" any (system_u object_r pam_runtime_t ((s0) (s0))))
(filecon "/var/(db|adm)/sudo(/.*)?" any (system_u object_r pam_runtime_t ((s0) (s0))))
(filecon "/var/lib/sudo(/.*)?" any (system_u object_r pam_runtime_t ((s0) (s0))))
