(roleattribute mandb_roles)
(roleattributeset mandb_roles (system_r ))
(roletype mandb_roles mandb_t)
(type mandb_t)
(roletype object_r mandb_t)
(type mandb_exec_t)
(roletype object_r mandb_exec_t)
(type mandb_unit_t)
(roletype object_r mandb_unit_t)
(roleattributeset cil_gen_require system_r)
(roletype system_r mandb_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (mandb_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (mandb_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (mandb_t ))
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (mandb_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (mandb_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (mandb_exec_t mandb_unit_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (mandb_exec_t mandb_unit_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (mandb_exec_t mandb_unit_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (mandb_exec_t ))
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (mandb_unit_t ))
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require man_cache_t)
(typeattributeset cil_gen_require man_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_t)
(allow mandb_t mandb_exec_t (file (entrypoint)))
(allow mandb_t mandb_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t mandb_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t mandb_t (process (transition)))
(dontaudit initrc_t mandb_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t mandb_exec_t process mandb_t)
(allow mandb_t initrc_t (fd (use)))
(allow mandb_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow mandb_t initrc_t (process (sigchld)))
(allow mandb_t self (capability (chown dac_override fowner fsetid setgid setuid)))
(allow mandb_t self (process (signal setsched)))
(allow mandb_t self (fifo_file (ioctl read write getattr lock append open)))
(allow mandb_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow mandb_t proc_t (dir (getattr open search)))
(allow mandb_t sysctl_t (dir (getattr open search)))
(allow mandb_t sysctl_kernel_t (dir (getattr open search)))
(allow mandb_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow mandb_t proc_t (dir (getattr open search)))
(allow mandb_t sysctl_t (dir (getattr open search)))
(allow mandb_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow mandb_t proc_t (dir (getattr open search)))
(allow mandb_t proc_t (file (ioctl read getattr lock open)))
(allow mandb_t proc_t (dir (getattr open search)))
(allow mandb_t proc_t (lnk_file (read getattr)))
(allow mandb_t proc_t (dir (getattr open search)))
(allow mandb_t proc_t (dir (ioctl read getattr lock open search)))
(allow mandb_t bin_t (dir (getattr open search)))
(allow mandb_t bin_t (lnk_file (read getattr)))
(allow mandb_t usr_t (dir (getattr open search)))
(allow mandb_t bin_t (dir (getattr open search)))
(allow mandb_t bin_t (dir (ioctl read getattr lock open search)))
(allow mandb_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow mandb_t bin_t (dir (getattr open search)))
(allow mandb_t bin_t (lnk_file (read getattr)))
(allow mandb_t usr_t (dir (getattr open search)))
(allow mandb_t bin_t (dir (getattr open search)))
(allow mandb_t bin_t (dir (ioctl read getattr lock open search)))
(allow mandb_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow mandb_t privfd (fd (use)))
(dontaudit mandb_t home_root_t (dir (getattr open search)))
(dontaudit mandb_t home_root_t (lnk_file (read getattr)))
(allow mandb_t etc_t (dir (ioctl read getattr lock open search)))
(allow mandb_t etc_t (dir (getattr open search)))
(allow mandb_t etc_t (file (ioctl read getattr lock open)))
(allow mandb_t etc_t (dir (getattr open search)))
(allow mandb_t etc_t (lnk_file (read getattr)))
(allow mandb_t usr_t (dir (getattr open search)))
(allow mandb_t usr_t (lnk_file (read getattr)))
(allow mandb_t var_run_t (lnk_file (read getattr)))
(allow mandb_t var_t (dir (getattr open search)))
(allow mandb_t var_run_t (dir (getattr open search)))
(allow mandb_t fs_t (filesystem (getattr)))
(allow mandb_t var_t (dir (getattr open search)))
(allow mandb_t man_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow mandb_t man_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow mandb_t man_cache_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow mandb_t man_cache_t (file (map)))
(allow mandb_t usr_t (dir (getattr open search)))
(allow mandb_t man_cache_t (dir (ioctl read getattr lock open search)))
(allow mandb_t man_t (dir (ioctl read getattr lock open search)))
(allow mandb_t man_cache_t (dir (getattr open search)))
(allow mandb_t man_t (dir (getattr open search)))
(allow mandb_t man_cache_t (file (ioctl read getattr lock open)))
(allow mandb_t man_t (file (ioctl read getattr lock open)))
(allow mandb_t man_cache_t (dir (getattr open search)))
(allow mandb_t man_t (dir (getattr open search)))
(allow mandb_t man_cache_t (lnk_file (read getattr)))
(allow mandb_t man_t (lnk_file (read getattr)))
(allow mandb_t etc_t (dir (getattr open search)))
(allow mandb_t etc_t (lnk_file (read getattr)))
(allow mandb_t usr_t (dir (getattr open search)))
(allow mandb_t locale_t (dir (ioctl read getattr lock open search)))
(allow mandb_t locale_t (dir (getattr open search)))
(allow mandb_t locale_t (file (ioctl read getattr lock open)))
(allow mandb_t locale_t (dir (getattr open search)))
(allow mandb_t locale_t (lnk_file (read getattr)))
(allow mandb_t locale_t (file (map)))
(allow mandb_t device_t (dir (getattr open search)))
(allow mandb_t device_t (dir (ioctl read getattr lock open search)))
(allow mandb_t device_t (dir (getattr open search)))
(allow mandb_t device_t (lnk_file (read getattr)))
(allow mandb_t devpts_t (dir (ioctl read getattr lock open search)))
(allow mandb_t user_devpts_t (chr_file (ioctl read write getattr append)))
(allow mandb_t user_tty_device_t (chr_file (ioctl read write getattr append)))
(optional mandb_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow mandb_t init_t (process (sigchld)))
    (allow mandb_t init_t (process (signull)))
)
(optional mandb_optional_3
    (typeattributeset cil_gen_require rpm_t)
    (allow mandb_t rpm_t (fd (use)))
    (allow mandb_t rpm_t (fifo_file (ioctl read getattr lock open)))
)
(optional mandb_optional_4
    (typeattributeset cil_gen_require security_t)
    (typeattributeset cil_gen_require sysfs_t)
    (dontaudit mandb_t security_t (filesystem (getattr)))
    (dontaudit mandb_t sysfs_t (filesystem (getattr)))
    (dontaudit mandb_t sysfs_t (dir (getattr open search)))
    (dontaudit mandb_t security_t (dir (getattr open search)))
    (dontaudit mandb_t security_t (file (ioctl read getattr lock open)))
)
(optional mandb_optional_5
    (typeattributeset cil_gen_require selinux_config_t)
    (dontaudit mandb_t selinux_config_t (dir (getattr open search)))
    (dontaudit mandb_t selinux_config_t (file (ioctl read getattr lock open)))
)
(optional mandb_optional_6
    (typeattributeset cil_gen_require system_cronjob_tmp_t)
    (typeattributeset cil_gen_require crond_t)
    (typeattributeset cil_gen_require system_cronjob_t)
    (roleattributeset cil_gen_require system_r)
    (roletype system_r mandb_t)
    (allow mandb_t system_cronjob_tmp_t (file (ioctl read write getattr lock append)))
    (allow system_cronjob_t mandb_exec_t (file (ioctl read getattr map execute open)))
    (allow system_cronjob_t mandb_t (process (transition)))
    (dontaudit system_cronjob_t mandb_t (process (noatsecure siginh rlimitinh)))
    (typetransition system_cronjob_t mandb_exec_t process mandb_t)
    (allow mandb_t system_cronjob_t (fd (use)))
    (allow mandb_t system_cronjob_t (fifo_file (ioctl read write getattr lock append)))
    (allow mandb_t system_cronjob_t (process (sigchld)))
    (allow crond_t mandb_exec_t (file (ioctl read getattr map execute open)))
    (allow crond_t mandb_t (process (transition)))
    (dontaudit crond_t mandb_t (process (noatsecure siginh rlimitinh)))
    (typetransition crond_t mandb_exec_t process mandb_t)
    (allow mandb_t crond_t (fd (use)))
    (allow mandb_t crond_t (fifo_file (ioctl read write getattr lock append)))
    (allow mandb_t crond_t (process (sigchld)))
)
(filecon "/usr/bin/mandb" file (system_u object_r mandb_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system/[^/]*man-db.*" file (system_u object_r mandb_unit_t (systemlow systemlow)))
