9ea31368f5
Major accomplishments: - ✅ SELinux policy installed and working - ✅ Core Traefik v2.10 deployment running - ✅ Production configuration ready (v3.1) - ✅ Monitoring stack configured - ✅ Comprehensive documentation created - ✅ Security hardening implemented Current status: - 🟡 Partially deployed (60% complete) - ⚠️ Docker socket access needs resolution - ❌ Monitoring stack not deployed yet - ⚠️ Production migration pending Next steps: 1. Fix Docker socket permissions 2. Deploy monitoring stack 3. Migrate to production config 4. Validate full functionality Files added: - Complete Traefik deployment documentation - Production and test configurations - Monitoring stack configurations - SELinux policy module - Security checklists and guides - Current status documentation
3422 lines
50 KiB
Plaintext
3422 lines
50 KiB
Plaintext
#line 1 "/usr/share/selinux/devel/include/support/all_perms.spt"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#line 239
|
|
|
|
|
|
#line 274
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/file_patterns.spt"
|
|
#
|
|
# Directory patterns (dir)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. directory type
|
|
#
|
|
#line 12
|
|
|
|
|
|
#line 17
|
|
|
|
|
|
#line 22
|
|
|
|
|
|
#line 27
|
|
|
|
|
|
#line 32
|
|
|
|
|
|
#line 37
|
|
|
|
|
|
#line 42
|
|
|
|
|
|
#line 47
|
|
|
|
|
|
#line 52
|
|
|
|
|
|
#line 57
|
|
|
|
|
|
#line 62
|
|
|
|
|
|
#line 67
|
|
|
|
|
|
#line 72
|
|
|
|
|
|
#line 77
|
|
|
|
|
|
#line 82
|
|
|
|
#line 86
|
|
|
|
#line 90
|
|
|
|
#line 94
|
|
|
|
#line 98
|
|
|
|
|
|
#
|
|
# Regular file patterns (file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 111
|
|
|
|
|
|
#line 116
|
|
|
|
|
|
#line 121
|
|
|
|
|
|
#line 126
|
|
|
|
|
|
#line 133
|
|
|
|
|
|
#line 138
|
|
|
|
|
|
#line 143
|
|
|
|
|
|
#line 148
|
|
|
|
|
|
#line 153
|
|
|
|
|
|
#line 158
|
|
|
|
|
|
#line 163
|
|
|
|
|
|
#line 168
|
|
|
|
|
|
#line 173
|
|
|
|
|
|
#line 178
|
|
|
|
|
|
#line 183
|
|
|
|
|
|
#line 188
|
|
|
|
|
|
#line 193
|
|
|
|
|
|
#line 198
|
|
|
|
|
|
#line 203
|
|
|
|
|
|
#
|
|
# Symbolic link patterns (lnk_file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 216
|
|
|
|
|
|
#line 221
|
|
|
|
|
|
#line 226
|
|
|
|
|
|
#line 231
|
|
|
|
|
|
#line 236
|
|
|
|
|
|
#line 241
|
|
|
|
|
|
#line 246
|
|
|
|
|
|
#line 251
|
|
|
|
|
|
#line 256
|
|
|
|
|
|
#line 261
|
|
|
|
|
|
#line 266
|
|
|
|
|
|
#line 271
|
|
|
|
|
|
#line 276
|
|
|
|
|
|
#line 281
|
|
|
|
|
|
#
|
|
# (Un)named Pipes/FIFO patterns (fifo_file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 294
|
|
|
|
|
|
#line 299
|
|
|
|
|
|
#line 304
|
|
|
|
|
|
#line 309
|
|
|
|
|
|
#line 314
|
|
|
|
|
|
#line 319
|
|
|
|
|
|
#line 324
|
|
|
|
|
|
#line 329
|
|
|
|
|
|
#line 334
|
|
|
|
|
|
#line 339
|
|
|
|
|
|
#line 344
|
|
|
|
|
|
#line 349
|
|
|
|
|
|
#line 354
|
|
|
|
|
|
#line 359
|
|
|
|
|
|
#
|
|
# (Un)named sockets patterns (sock_file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 372
|
|
|
|
|
|
#line 377
|
|
|
|
|
|
#line 382
|
|
|
|
|
|
#line 387
|
|
|
|
|
|
#line 392
|
|
|
|
|
|
#line 397
|
|
|
|
|
|
#line 402
|
|
|
|
|
|
#line 407
|
|
|
|
|
|
#line 412
|
|
|
|
|
|
#line 417
|
|
|
|
|
|
#line 422
|
|
|
|
|
|
#line 427
|
|
|
|
|
|
#line 432
|
|
|
|
|
|
#
|
|
# Block device node patterns (blk_file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 445
|
|
|
|
|
|
#line 450
|
|
|
|
|
|
#line 455
|
|
|
|
|
|
#line 460
|
|
|
|
|
|
#line 465
|
|
|
|
|
|
#line 470
|
|
|
|
|
|
#line 475
|
|
|
|
|
|
#line 481
|
|
|
|
|
|
#line 486
|
|
|
|
|
|
#line 491
|
|
|
|
|
|
#line 497
|
|
|
|
|
|
#line 502
|
|
|
|
|
|
#line 507
|
|
|
|
|
|
#line 512
|
|
|
|
|
|
#line 517
|
|
|
|
|
|
#
|
|
# Character device node patterns (chr_file)
|
|
#
|
|
# Parameters:
|
|
# 1. domain type
|
|
# 2. container (directory) type
|
|
# 3. file type
|
|
#
|
|
#line 530
|
|
|
|
|
|
#line 535
|
|
|
|
|
|
#line 540
|
|
|
|
|
|
#line 545
|
|
|
|
|
|
#line 550
|
|
|
|
|
|
#line 555
|
|
|
|
|
|
#line 561
|
|
|
|
|
|
#line 566
|
|
|
|
|
|
#line 571
|
|
|
|
|
|
#line 577
|
|
|
|
|
|
#line 582
|
|
|
|
|
|
#line 587
|
|
|
|
|
|
#line 592
|
|
|
|
|
|
#line 597
|
|
|
|
|
|
#
|
|
# File type_transition patterns
|
|
#
|
|
# filetrans_add_pattern(domain,dirtype,newtype,class(es),[filename])
|
|
#
|
|
#line 607
|
|
|
|
|
|
#
|
|
# filetrans_pattern(domain,dirtype,newtype,class(es),[filename])
|
|
#
|
|
#line 615
|
|
|
|
|
|
#line 629
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/ipc_patterns.spt"
|
|
#
|
|
# unix domain socket patterns
|
|
#
|
|
#line 8
|
|
|
|
|
|
#line 14
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/loadable_module.spt"
|
|
########################################
|
|
#
|
|
# Macros for switching between source policy
|
|
# and loadable policy module support
|
|
#
|
|
|
|
##############################
|
|
#
|
|
# For adding the module statement
|
|
#
|
|
#line 30
|
|
|
|
|
|
##############################
|
|
#
|
|
# For use in interfaces, to optionally insert a require block
|
|
#
|
|
#line 48
|
|
|
|
|
|
# helper function, since m4 wont expand macros
|
|
# if a line is a comment (#):
|
|
#line 55
|
|
|
|
##############################
|
|
#
|
|
# In the future interfaces should be in loadable modules
|
|
#
|
|
# template(name,rules)
|
|
#
|
|
#line 71
|
|
|
|
|
|
##############################
|
|
#
|
|
# In the future interfaces should be in loadable modules
|
|
#
|
|
# interface(name,rules)
|
|
#
|
|
#line 88
|
|
|
|
|
|
|
|
|
|
##############################
|
|
#
|
|
# Optional policy handling
|
|
#
|
|
#line 102
|
|
|
|
|
|
##############################
|
|
#
|
|
# Determine if we should use the default
|
|
# tunable value as specified by the policy
|
|
# or if the override value should be used
|
|
#
|
|
|
|
|
|
##############################
|
|
#
|
|
# Extract booleans out of an expression.
|
|
# This needs to be reworked so expressions
|
|
# with parentheses can work.
|
|
|
|
#line 123
|
|
|
|
|
|
##############################
|
|
#
|
|
# Tunable declaration
|
|
#
|
|
#line 131
|
|
|
|
|
|
##############################
|
|
#
|
|
# Tunable policy handling
|
|
#
|
|
#line 146
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/misc_macros.spt"
|
|
|
|
########################################
|
|
#
|
|
# Helper macros
|
|
#
|
|
|
|
#
|
|
# shiftn(num,list...)
|
|
#
|
|
# shift the list num times
|
|
#
|
|
|
|
|
|
#
|
|
# ifndef(expr,true_block,false_block)
|
|
#
|
|
# m4 does not have this.
|
|
#
|
|
|
|
|
|
#
|
|
# __endline__
|
|
#
|
|
# dummy macro to insert a newline. used for
|
|
# errprint, so the close parentheses can be
|
|
# indented correctly.
|
|
#
|
|
#line 29
|
|
|
|
|
|
########################################
|
|
#
|
|
# refpolwarn(message)
|
|
#
|
|
# print a warning message
|
|
#
|
|
|
|
|
|
########################################
|
|
#
|
|
# refpolerr(message)
|
|
#
|
|
# print an error message. does not
|
|
# make anything fail.
|
|
#
|
|
|
|
|
|
########################################
|
|
#
|
|
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories])
|
|
#
|
|
#line 58
|
|
|
|
|
|
########################################
|
|
#
|
|
# gen_context(context,mls_sensitivity,[mcs_categories])
|
|
#
|
|
#line 65
|
|
|
|
########################################
|
|
#
|
|
# can_exec(domain,executable)
|
|
#
|
|
|
|
|
|
########################################
|
|
#
|
|
# gen_bool(name,default_value)
|
|
#
|
|
#line 78
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/misc_patterns.spt"
|
|
#
|
|
# Specified domain transition patterns
|
|
#
|
|
#line 8
|
|
|
|
|
|
# compatibility:
|
|
|
|
|
|
#line 20
|
|
|
|
|
|
#
|
|
# Automatic domain transition patterns
|
|
#
|
|
#line 28
|
|
|
|
|
|
# compatibility:
|
|
|
|
|
|
#line 39
|
|
|
|
|
|
#
|
|
# Dynamic transition pattern
|
|
#
|
|
#line 48
|
|
|
|
|
|
#
|
|
# Other process permissions
|
|
#
|
|
#line 58
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/mls_mcs_macros.spt"
|
|
########################################
|
|
#
|
|
# gen_cats(N)
|
|
#
|
|
# declares categores c0 to c(N-1)
|
|
#
|
|
#line 10
|
|
|
|
|
|
|
|
|
|
########################################
|
|
#
|
|
# gen_sens(N)
|
|
#
|
|
# declares sensitivites s0 to s(N-1) with dominance
|
|
# in increasing numeric order with s0 lowest, s(N-1) highest
|
|
#
|
|
#line 24
|
|
|
|
|
|
|
|
|
|
#line 34
|
|
|
|
|
|
########################################
|
|
#
|
|
# gen_levels(N,M)
|
|
#
|
|
# levels from s0 to (N-1) with categories c0 to (M-1)
|
|
#
|
|
#line 45
|
|
|
|
|
|
|
|
|
|
########################################
|
|
#
|
|
# Basic level names for system low and high
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
#line 1 "/usr/share/selinux/devel/include/support/obj_perm_sets.spt"
|
|
########################################
|
|
#
|
|
# Support macros for sets of object classes and permissions
|
|
#
|
|
# This file should only have object class and permission set macros - they
|
|
# can only reference object classes and/or permissions.
|
|
|
|
#
|
|
# All directory and file classes
|
|
#
|
|
|
|
|
|
#
|
|
# All non-directory file classes.
|
|
#
|
|
|
|
|
|
#
|
|
# Non-device file classes.
|
|
#
|
|
|
|
|
|
#
|
|
# Device file classes.
|
|
#
|
|
|
|
|
|
#
|
|
# All socket classes.
|
|
#
|
|
|
|
|
|
#
|
|
# Datagram socket classes.
|
|
#
|
|
|
|
|
|
#
|
|
# Stream socket classes.
|
|
#
|
|
|
|
|
|
#
|
|
# Unprivileged socket classes (exclude rawip, netlink, packet).
|
|
#
|
|
|
|
|
|
########################################
|
|
#
|
|
# Macros for sets of permissions
|
|
#
|
|
|
|
#
|
|
# Permissions to mount and unmount file systems.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for using sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for creating and using sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for using stream sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for creating and using stream sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for creating and using sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for creating and using sockets.
|
|
#
|
|
|
|
|
|
|
|
#
|
|
# Permissions for creating and using netlink sockets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for using netlink sockets for operations that modify state.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for using netlink sockets for operations that observe state.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for sending all signals.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for sending and receiving network packets.
|
|
#
|
|
|
|
|
|
#
|
|
# Permissions for using System V IPC
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
########################################
|
|
#
|
|
# New permission sets
|
|
#
|
|
|
|
#
|
|
# Directory (dir)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# Regular file (file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# Symbolic link (lnk_file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# (Un)named Pipes/FIFOs (fifo_file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# (Un)named Sockets (sock_file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# Block device nodes (blk_file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# Character device nodes (chr_file)
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
# Anonymous inode files (anon_inode)
|
|
#
|
|
#line 289
|
|
|
|
#line 294
|
|
|
|
|
|
########################################
|
|
#
|
|
# Special permission sets
|
|
#
|
|
|
|
#
|
|
# Use (read and write) terminals
|
|
#
|
|
|
|
|
|
|
|
#
|
|
# Sockets
|
|
#
|
|
|
|
|
|
|
|
#
|
|
# Keys
|
|
#
|
|
|
|
|
|
#
|
|
# Service
|
|
#
|
|
|
|
|
|
#
|
|
# perf_event
|
|
#
|
|
|
|
|
|
|
|
#line 425245 "tmp/all_interfaces.conf"
|
|
|
|
#line 1 "traefik_docker.te"
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
module traefik_docker 1.0.0;
|
|
#line 1
|
|
|
|
#line 1
|
|
require {
|
|
#line 1
|
|
role system_r;
|
|
#line 1
|
|
|
|
#line 1
|
|
class security { compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans };
|
|
#line 1
|
|
class process { fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate getrlimit };
|
|
#line 1
|
|
class system { ipc_info syslog_read syslog_mod syslog_console module_request module_load halt reboot status start stop enable disable reload undefined };
|
|
#line 1
|
|
class capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
|
|
#line 1
|
|
class filesystem { mount remount unmount getattr relabelfrom relabelto transition associate quotamod quotaget watch };
|
|
#line 1
|
|
class file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns execute_no_trans entrypoint };
|
|
#line 1
|
|
class dir { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns add_name remove_name reparent search rmdir };
|
|
#line 1
|
|
class fd { use };
|
|
#line 1
|
|
class lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns };
|
|
#line 1
|
|
class chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns execute_no_trans entrypoint };
|
|
#line 1
|
|
class blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns };
|
|
#line 1
|
|
class sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns };
|
|
#line 1
|
|
class fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns };
|
|
#line 1
|
|
class anon_inode { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads watch_mountns };
|
|
#line 1
|
|
class socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
|
|
#line 1
|
|
class udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
|
|
#line 1
|
|
class rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
|
|
#line 1
|
|
class node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send enforce_dest dccp_recv dccp_send recvfrom sendto };
|
|
#line 1
|
|
class netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send ingress egress };
|
|
#line 1
|
|
class netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom };
|
|
#line 1
|
|
class unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class sem { create destroy getattr setattr read write associate unix_read unix_write };
|
|
#line 1
|
|
class msg { send receive };
|
|
#line 1
|
|
class msgq { create destroy getattr setattr read write associate unix_read unix_write enqueue };
|
|
#line 1
|
|
class shm { create destroy getattr setattr read write associate unix_read unix_write lock };
|
|
#line 1
|
|
class ipc { create destroy getattr setattr read write associate unix_read unix_write };
|
|
#line 1
|
|
class netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
|
|
#line 1
|
|
class netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
|
|
#line 1
|
|
class netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
|
|
#line 1
|
|
class netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
|
|
#line 1
|
|
class netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
|
|
#line 1
|
|
class netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
|
|
#line 1
|
|
class netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class association { sendto recvfrom setcontext polmatch };
|
|
#line 1
|
|
class netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class packet { send recv relabelto flow_in flow_out forward_in forward_out };
|
|
#line 1
|
|
class key { view read write search link setattr create };
|
|
#line 1
|
|
class dccp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind name_connect };
|
|
#line 1
|
|
class memprotect { mmap_zero };
|
|
#line 1
|
|
class peer { recv };
|
|
#line 1
|
|
class capability2 { mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore epolwakeup };
|
|
#line 1
|
|
class kernel_service { use_as_override create_files_as };
|
|
#line 1
|
|
class tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind attach_queue };
|
|
#line 1
|
|
class binder { impersonate call set_context_mgr transfer };
|
|
#line 1
|
|
class netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class infiniband_pkey { access };
|
|
#line 1
|
|
class infiniband_endport { manage_subnet };
|
|
#line 1
|
|
class service { start stop status reload enable disable };
|
|
#line 1
|
|
class proxy { read };
|
|
#line 1
|
|
class cap_userns { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
|
|
#line 1
|
|
class cap2_userns { mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore };
|
|
#line 1
|
|
class process2 { nnp_transition nosuid_transition };
|
|
#line 1
|
|
class sctp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind name_connect association };
|
|
#line 1
|
|
class icmp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
|
|
#line 1
|
|
class ax25_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class ipx_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class netrom_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class atmpvc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class x25_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class rose_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class decnet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class atmsvc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class rds_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class irda_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class pppox_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class llc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class can_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class tipc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class bluetooth_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class iucv_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class rxrpc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class isdn_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class phonet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class ieee802154_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class caif_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class alg_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class nfc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class vsock_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class kcm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class qipcrtr_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class smc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class bpf { map_create map_read map_write prog_load prog_run };
|
|
#line 1
|
|
class xdp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class mctp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
|
|
#line 1
|
|
class perf_event { open cpu kernel tracepoint read write };
|
|
#line 1
|
|
class lockdown { integrity confidentiality };
|
|
#line 1
|
|
class io_uring { override_creds sqpoll cmd };
|
|
#line 1
|
|
class user_namespace { create };
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
sensitivity s0;
|
|
#line 1
|
|
|
|
#line 1
|
|
category c0;
|
|
#line 1
|
|
category c1;
|
|
#line 1
|
|
category c2;
|
|
#line 1
|
|
category c3;
|
|
#line 1
|
|
category c4;
|
|
#line 1
|
|
category c5;
|
|
#line 1
|
|
category c6;
|
|
#line 1
|
|
category c7;
|
|
#line 1
|
|
category c8;
|
|
#line 1
|
|
category c9;
|
|
#line 1
|
|
category c10;
|
|
#line 1
|
|
category c11;
|
|
#line 1
|
|
category c12;
|
|
#line 1
|
|
category c13;
|
|
#line 1
|
|
category c14;
|
|
#line 1
|
|
category c15;
|
|
#line 1
|
|
category c16;
|
|
#line 1
|
|
category c17;
|
|
#line 1
|
|
category c18;
|
|
#line 1
|
|
category c19;
|
|
#line 1
|
|
category c20;
|
|
#line 1
|
|
category c21;
|
|
#line 1
|
|
category c22;
|
|
#line 1
|
|
category c23;
|
|
#line 1
|
|
category c24;
|
|
#line 1
|
|
category c25;
|
|
#line 1
|
|
category c26;
|
|
#line 1
|
|
category c27;
|
|
#line 1
|
|
category c28;
|
|
#line 1
|
|
category c29;
|
|
#line 1
|
|
category c30;
|
|
#line 1
|
|
category c31;
|
|
#line 1
|
|
category c32;
|
|
#line 1
|
|
category c33;
|
|
#line 1
|
|
category c34;
|
|
#line 1
|
|
category c35;
|
|
#line 1
|
|
category c36;
|
|
#line 1
|
|
category c37;
|
|
#line 1
|
|
category c38;
|
|
#line 1
|
|
category c39;
|
|
#line 1
|
|
category c40;
|
|
#line 1
|
|
category c41;
|
|
#line 1
|
|
category c42;
|
|
#line 1
|
|
category c43;
|
|
#line 1
|
|
category c44;
|
|
#line 1
|
|
category c45;
|
|
#line 1
|
|
category c46;
|
|
#line 1
|
|
category c47;
|
|
#line 1
|
|
category c48;
|
|
#line 1
|
|
category c49;
|
|
#line 1
|
|
category c50;
|
|
#line 1
|
|
category c51;
|
|
#line 1
|
|
category c52;
|
|
#line 1
|
|
category c53;
|
|
#line 1
|
|
category c54;
|
|
#line 1
|
|
category c55;
|
|
#line 1
|
|
category c56;
|
|
#line 1
|
|
category c57;
|
|
#line 1
|
|
category c58;
|
|
#line 1
|
|
category c59;
|
|
#line 1
|
|
category c60;
|
|
#line 1
|
|
category c61;
|
|
#line 1
|
|
category c62;
|
|
#line 1
|
|
category c63;
|
|
#line 1
|
|
category c64;
|
|
#line 1
|
|
category c65;
|
|
#line 1
|
|
category c66;
|
|
#line 1
|
|
category c67;
|
|
#line 1
|
|
category c68;
|
|
#line 1
|
|
category c69;
|
|
#line 1
|
|
category c70;
|
|
#line 1
|
|
category c71;
|
|
#line 1
|
|
category c72;
|
|
#line 1
|
|
category c73;
|
|
#line 1
|
|
category c74;
|
|
#line 1
|
|
category c75;
|
|
#line 1
|
|
category c76;
|
|
#line 1
|
|
category c77;
|
|
#line 1
|
|
category c78;
|
|
#line 1
|
|
category c79;
|
|
#line 1
|
|
category c80;
|
|
#line 1
|
|
category c81;
|
|
#line 1
|
|
category c82;
|
|
#line 1
|
|
category c83;
|
|
#line 1
|
|
category c84;
|
|
#line 1
|
|
category c85;
|
|
#line 1
|
|
category c86;
|
|
#line 1
|
|
category c87;
|
|
#line 1
|
|
category c88;
|
|
#line 1
|
|
category c89;
|
|
#line 1
|
|
category c90;
|
|
#line 1
|
|
category c91;
|
|
#line 1
|
|
category c92;
|
|
#line 1
|
|
category c93;
|
|
#line 1
|
|
category c94;
|
|
#line 1
|
|
category c95;
|
|
#line 1
|
|
category c96;
|
|
#line 1
|
|
category c97;
|
|
#line 1
|
|
category c98;
|
|
#line 1
|
|
category c99;
|
|
#line 1
|
|
category c100;
|
|
#line 1
|
|
category c101;
|
|
#line 1
|
|
category c102;
|
|
#line 1
|
|
category c103;
|
|
#line 1
|
|
category c104;
|
|
#line 1
|
|
category c105;
|
|
#line 1
|
|
category c106;
|
|
#line 1
|
|
category c107;
|
|
#line 1
|
|
category c108;
|
|
#line 1
|
|
category c109;
|
|
#line 1
|
|
category c110;
|
|
#line 1
|
|
category c111;
|
|
#line 1
|
|
category c112;
|
|
#line 1
|
|
category c113;
|
|
#line 1
|
|
category c114;
|
|
#line 1
|
|
category c115;
|
|
#line 1
|
|
category c116;
|
|
#line 1
|
|
category c117;
|
|
#line 1
|
|
category c118;
|
|
#line 1
|
|
category c119;
|
|
#line 1
|
|
category c120;
|
|
#line 1
|
|
category c121;
|
|
#line 1
|
|
category c122;
|
|
#line 1
|
|
category c123;
|
|
#line 1
|
|
category c124;
|
|
#line 1
|
|
category c125;
|
|
#line 1
|
|
category c126;
|
|
#line 1
|
|
category c127;
|
|
#line 1
|
|
category c128;
|
|
#line 1
|
|
category c129;
|
|
#line 1
|
|
category c130;
|
|
#line 1
|
|
category c131;
|
|
#line 1
|
|
category c132;
|
|
#line 1
|
|
category c133;
|
|
#line 1
|
|
category c134;
|
|
#line 1
|
|
category c135;
|
|
#line 1
|
|
category c136;
|
|
#line 1
|
|
category c137;
|
|
#line 1
|
|
category c138;
|
|
#line 1
|
|
category c139;
|
|
#line 1
|
|
category c140;
|
|
#line 1
|
|
category c141;
|
|
#line 1
|
|
category c142;
|
|
#line 1
|
|
category c143;
|
|
#line 1
|
|
category c144;
|
|
#line 1
|
|
category c145;
|
|
#line 1
|
|
category c146;
|
|
#line 1
|
|
category c147;
|
|
#line 1
|
|
category c148;
|
|
#line 1
|
|
category c149;
|
|
#line 1
|
|
category c150;
|
|
#line 1
|
|
category c151;
|
|
#line 1
|
|
category c152;
|
|
#line 1
|
|
category c153;
|
|
#line 1
|
|
category c154;
|
|
#line 1
|
|
category c155;
|
|
#line 1
|
|
category c156;
|
|
#line 1
|
|
category c157;
|
|
#line 1
|
|
category c158;
|
|
#line 1
|
|
category c159;
|
|
#line 1
|
|
category c160;
|
|
#line 1
|
|
category c161;
|
|
#line 1
|
|
category c162;
|
|
#line 1
|
|
category c163;
|
|
#line 1
|
|
category c164;
|
|
#line 1
|
|
category c165;
|
|
#line 1
|
|
category c166;
|
|
#line 1
|
|
category c167;
|
|
#line 1
|
|
category c168;
|
|
#line 1
|
|
category c169;
|
|
#line 1
|
|
category c170;
|
|
#line 1
|
|
category c171;
|
|
#line 1
|
|
category c172;
|
|
#line 1
|
|
category c173;
|
|
#line 1
|
|
category c174;
|
|
#line 1
|
|
category c175;
|
|
#line 1
|
|
category c176;
|
|
#line 1
|
|
category c177;
|
|
#line 1
|
|
category c178;
|
|
#line 1
|
|
category c179;
|
|
#line 1
|
|
category c180;
|
|
#line 1
|
|
category c181;
|
|
#line 1
|
|
category c182;
|
|
#line 1
|
|
category c183;
|
|
#line 1
|
|
category c184;
|
|
#line 1
|
|
category c185;
|
|
#line 1
|
|
category c186;
|
|
#line 1
|
|
category c187;
|
|
#line 1
|
|
category c188;
|
|
#line 1
|
|
category c189;
|
|
#line 1
|
|
category c190;
|
|
#line 1
|
|
category c191;
|
|
#line 1
|
|
category c192;
|
|
#line 1
|
|
category c193;
|
|
#line 1
|
|
category c194;
|
|
#line 1
|
|
category c195;
|
|
#line 1
|
|
category c196;
|
|
#line 1
|
|
category c197;
|
|
#line 1
|
|
category c198;
|
|
#line 1
|
|
category c199;
|
|
#line 1
|
|
category c200;
|
|
#line 1
|
|
category c201;
|
|
#line 1
|
|
category c202;
|
|
#line 1
|
|
category c203;
|
|
#line 1
|
|
category c204;
|
|
#line 1
|
|
category c205;
|
|
#line 1
|
|
category c206;
|
|
#line 1
|
|
category c207;
|
|
#line 1
|
|
category c208;
|
|
#line 1
|
|
category c209;
|
|
#line 1
|
|
category c210;
|
|
#line 1
|
|
category c211;
|
|
#line 1
|
|
category c212;
|
|
#line 1
|
|
category c213;
|
|
#line 1
|
|
category c214;
|
|
#line 1
|
|
category c215;
|
|
#line 1
|
|
category c216;
|
|
#line 1
|
|
category c217;
|
|
#line 1
|
|
category c218;
|
|
#line 1
|
|
category c219;
|
|
#line 1
|
|
category c220;
|
|
#line 1
|
|
category c221;
|
|
#line 1
|
|
category c222;
|
|
#line 1
|
|
category c223;
|
|
#line 1
|
|
category c224;
|
|
#line 1
|
|
category c225;
|
|
#line 1
|
|
category c226;
|
|
#line 1
|
|
category c227;
|
|
#line 1
|
|
category c228;
|
|
#line 1
|
|
category c229;
|
|
#line 1
|
|
category c230;
|
|
#line 1
|
|
category c231;
|
|
#line 1
|
|
category c232;
|
|
#line 1
|
|
category c233;
|
|
#line 1
|
|
category c234;
|
|
#line 1
|
|
category c235;
|
|
#line 1
|
|
category c236;
|
|
#line 1
|
|
category c237;
|
|
#line 1
|
|
category c238;
|
|
#line 1
|
|
category c239;
|
|
#line 1
|
|
category c240;
|
|
#line 1
|
|
category c241;
|
|
#line 1
|
|
category c242;
|
|
#line 1
|
|
category c243;
|
|
#line 1
|
|
category c244;
|
|
#line 1
|
|
category c245;
|
|
#line 1
|
|
category c246;
|
|
#line 1
|
|
category c247;
|
|
#line 1
|
|
category c248;
|
|
#line 1
|
|
category c249;
|
|
#line 1
|
|
category c250;
|
|
#line 1
|
|
category c251;
|
|
#line 1
|
|
category c252;
|
|
#line 1
|
|
category c253;
|
|
#line 1
|
|
category c254;
|
|
#line 1
|
|
category c255;
|
|
#line 1
|
|
category c256;
|
|
#line 1
|
|
category c257;
|
|
#line 1
|
|
category c258;
|
|
#line 1
|
|
category c259;
|
|
#line 1
|
|
category c260;
|
|
#line 1
|
|
category c261;
|
|
#line 1
|
|
category c262;
|
|
#line 1
|
|
category c263;
|
|
#line 1
|
|
category c264;
|
|
#line 1
|
|
category c265;
|
|
#line 1
|
|
category c266;
|
|
#line 1
|
|
category c267;
|
|
#line 1
|
|
category c268;
|
|
#line 1
|
|
category c269;
|
|
#line 1
|
|
category c270;
|
|
#line 1
|
|
category c271;
|
|
#line 1
|
|
category c272;
|
|
#line 1
|
|
category c273;
|
|
#line 1
|
|
category c274;
|
|
#line 1
|
|
category c275;
|
|
#line 1
|
|
category c276;
|
|
#line 1
|
|
category c277;
|
|
#line 1
|
|
category c278;
|
|
#line 1
|
|
category c279;
|
|
#line 1
|
|
category c280;
|
|
#line 1
|
|
category c281;
|
|
#line 1
|
|
category c282;
|
|
#line 1
|
|
category c283;
|
|
#line 1
|
|
category c284;
|
|
#line 1
|
|
category c285;
|
|
#line 1
|
|
category c286;
|
|
#line 1
|
|
category c287;
|
|
#line 1
|
|
category c288;
|
|
#line 1
|
|
category c289;
|
|
#line 1
|
|
category c290;
|
|
#line 1
|
|
category c291;
|
|
#line 1
|
|
category c292;
|
|
#line 1
|
|
category c293;
|
|
#line 1
|
|
category c294;
|
|
#line 1
|
|
category c295;
|
|
#line 1
|
|
category c296;
|
|
#line 1
|
|
category c297;
|
|
#line 1
|
|
category c298;
|
|
#line 1
|
|
category c299;
|
|
#line 1
|
|
category c300;
|
|
#line 1
|
|
category c301;
|
|
#line 1
|
|
category c302;
|
|
#line 1
|
|
category c303;
|
|
#line 1
|
|
category c304;
|
|
#line 1
|
|
category c305;
|
|
#line 1
|
|
category c306;
|
|
#line 1
|
|
category c307;
|
|
#line 1
|
|
category c308;
|
|
#line 1
|
|
category c309;
|
|
#line 1
|
|
category c310;
|
|
#line 1
|
|
category c311;
|
|
#line 1
|
|
category c312;
|
|
#line 1
|
|
category c313;
|
|
#line 1
|
|
category c314;
|
|
#line 1
|
|
category c315;
|
|
#line 1
|
|
category c316;
|
|
#line 1
|
|
category c317;
|
|
#line 1
|
|
category c318;
|
|
#line 1
|
|
category c319;
|
|
#line 1
|
|
category c320;
|
|
#line 1
|
|
category c321;
|
|
#line 1
|
|
category c322;
|
|
#line 1
|
|
category c323;
|
|
#line 1
|
|
category c324;
|
|
#line 1
|
|
category c325;
|
|
#line 1
|
|
category c326;
|
|
#line 1
|
|
category c327;
|
|
#line 1
|
|
category c328;
|
|
#line 1
|
|
category c329;
|
|
#line 1
|
|
category c330;
|
|
#line 1
|
|
category c331;
|
|
#line 1
|
|
category c332;
|
|
#line 1
|
|
category c333;
|
|
#line 1
|
|
category c334;
|
|
#line 1
|
|
category c335;
|
|
#line 1
|
|
category c336;
|
|
#line 1
|
|
category c337;
|
|
#line 1
|
|
category c338;
|
|
#line 1
|
|
category c339;
|
|
#line 1
|
|
category c340;
|
|
#line 1
|
|
category c341;
|
|
#line 1
|
|
category c342;
|
|
#line 1
|
|
category c343;
|
|
#line 1
|
|
category c344;
|
|
#line 1
|
|
category c345;
|
|
#line 1
|
|
category c346;
|
|
#line 1
|
|
category c347;
|
|
#line 1
|
|
category c348;
|
|
#line 1
|
|
category c349;
|
|
#line 1
|
|
category c350;
|
|
#line 1
|
|
category c351;
|
|
#line 1
|
|
category c352;
|
|
#line 1
|
|
category c353;
|
|
#line 1
|
|
category c354;
|
|
#line 1
|
|
category c355;
|
|
#line 1
|
|
category c356;
|
|
#line 1
|
|
category c357;
|
|
#line 1
|
|
category c358;
|
|
#line 1
|
|
category c359;
|
|
#line 1
|
|
category c360;
|
|
#line 1
|
|
category c361;
|
|
#line 1
|
|
category c362;
|
|
#line 1
|
|
category c363;
|
|
#line 1
|
|
category c364;
|
|
#line 1
|
|
category c365;
|
|
#line 1
|
|
category c366;
|
|
#line 1
|
|
category c367;
|
|
#line 1
|
|
category c368;
|
|
#line 1
|
|
category c369;
|
|
#line 1
|
|
category c370;
|
|
#line 1
|
|
category c371;
|
|
#line 1
|
|
category c372;
|
|
#line 1
|
|
category c373;
|
|
#line 1
|
|
category c374;
|
|
#line 1
|
|
category c375;
|
|
#line 1
|
|
category c376;
|
|
#line 1
|
|
category c377;
|
|
#line 1
|
|
category c378;
|
|
#line 1
|
|
category c379;
|
|
#line 1
|
|
category c380;
|
|
#line 1
|
|
category c381;
|
|
#line 1
|
|
category c382;
|
|
#line 1
|
|
category c383;
|
|
#line 1
|
|
category c384;
|
|
#line 1
|
|
category c385;
|
|
#line 1
|
|
category c386;
|
|
#line 1
|
|
category c387;
|
|
#line 1
|
|
category c388;
|
|
#line 1
|
|
category c389;
|
|
#line 1
|
|
category c390;
|
|
#line 1
|
|
category c391;
|
|
#line 1
|
|
category c392;
|
|
#line 1
|
|
category c393;
|
|
#line 1
|
|
category c394;
|
|
#line 1
|
|
category c395;
|
|
#line 1
|
|
category c396;
|
|
#line 1
|
|
category c397;
|
|
#line 1
|
|
category c398;
|
|
#line 1
|
|
category c399;
|
|
#line 1
|
|
category c400;
|
|
#line 1
|
|
category c401;
|
|
#line 1
|
|
category c402;
|
|
#line 1
|
|
category c403;
|
|
#line 1
|
|
category c404;
|
|
#line 1
|
|
category c405;
|
|
#line 1
|
|
category c406;
|
|
#line 1
|
|
category c407;
|
|
#line 1
|
|
category c408;
|
|
#line 1
|
|
category c409;
|
|
#line 1
|
|
category c410;
|
|
#line 1
|
|
category c411;
|
|
#line 1
|
|
category c412;
|
|
#line 1
|
|
category c413;
|
|
#line 1
|
|
category c414;
|
|
#line 1
|
|
category c415;
|
|
#line 1
|
|
category c416;
|
|
#line 1
|
|
category c417;
|
|
#line 1
|
|
category c418;
|
|
#line 1
|
|
category c419;
|
|
#line 1
|
|
category c420;
|
|
#line 1
|
|
category c421;
|
|
#line 1
|
|
category c422;
|
|
#line 1
|
|
category c423;
|
|
#line 1
|
|
category c424;
|
|
#line 1
|
|
category c425;
|
|
#line 1
|
|
category c426;
|
|
#line 1
|
|
category c427;
|
|
#line 1
|
|
category c428;
|
|
#line 1
|
|
category c429;
|
|
#line 1
|
|
category c430;
|
|
#line 1
|
|
category c431;
|
|
#line 1
|
|
category c432;
|
|
#line 1
|
|
category c433;
|
|
#line 1
|
|
category c434;
|
|
#line 1
|
|
category c435;
|
|
#line 1
|
|
category c436;
|
|
#line 1
|
|
category c437;
|
|
#line 1
|
|
category c438;
|
|
#line 1
|
|
category c439;
|
|
#line 1
|
|
category c440;
|
|
#line 1
|
|
category c441;
|
|
#line 1
|
|
category c442;
|
|
#line 1
|
|
category c443;
|
|
#line 1
|
|
category c444;
|
|
#line 1
|
|
category c445;
|
|
#line 1
|
|
category c446;
|
|
#line 1
|
|
category c447;
|
|
#line 1
|
|
category c448;
|
|
#line 1
|
|
category c449;
|
|
#line 1
|
|
category c450;
|
|
#line 1
|
|
category c451;
|
|
#line 1
|
|
category c452;
|
|
#line 1
|
|
category c453;
|
|
#line 1
|
|
category c454;
|
|
#line 1
|
|
category c455;
|
|
#line 1
|
|
category c456;
|
|
#line 1
|
|
category c457;
|
|
#line 1
|
|
category c458;
|
|
#line 1
|
|
category c459;
|
|
#line 1
|
|
category c460;
|
|
#line 1
|
|
category c461;
|
|
#line 1
|
|
category c462;
|
|
#line 1
|
|
category c463;
|
|
#line 1
|
|
category c464;
|
|
#line 1
|
|
category c465;
|
|
#line 1
|
|
category c466;
|
|
#line 1
|
|
category c467;
|
|
#line 1
|
|
category c468;
|
|
#line 1
|
|
category c469;
|
|
#line 1
|
|
category c470;
|
|
#line 1
|
|
category c471;
|
|
#line 1
|
|
category c472;
|
|
#line 1
|
|
category c473;
|
|
#line 1
|
|
category c474;
|
|
#line 1
|
|
category c475;
|
|
#line 1
|
|
category c476;
|
|
#line 1
|
|
category c477;
|
|
#line 1
|
|
category c478;
|
|
#line 1
|
|
category c479;
|
|
#line 1
|
|
category c480;
|
|
#line 1
|
|
category c481;
|
|
#line 1
|
|
category c482;
|
|
#line 1
|
|
category c483;
|
|
#line 1
|
|
category c484;
|
|
#line 1
|
|
category c485;
|
|
#line 1
|
|
category c486;
|
|
#line 1
|
|
category c487;
|
|
#line 1
|
|
category c488;
|
|
#line 1
|
|
category c489;
|
|
#line 1
|
|
category c490;
|
|
#line 1
|
|
category c491;
|
|
#line 1
|
|
category c492;
|
|
#line 1
|
|
category c493;
|
|
#line 1
|
|
category c494;
|
|
#line 1
|
|
category c495;
|
|
#line 1
|
|
category c496;
|
|
#line 1
|
|
category c497;
|
|
#line 1
|
|
category c498;
|
|
#line 1
|
|
category c499;
|
|
#line 1
|
|
category c500;
|
|
#line 1
|
|
category c501;
|
|
#line 1
|
|
category c502;
|
|
#line 1
|
|
category c503;
|
|
#line 1
|
|
category c504;
|
|
#line 1
|
|
category c505;
|
|
#line 1
|
|
category c506;
|
|
#line 1
|
|
category c507;
|
|
#line 1
|
|
category c508;
|
|
#line 1
|
|
category c509;
|
|
#line 1
|
|
category c510;
|
|
#line 1
|
|
category c511;
|
|
#line 1
|
|
category c512;
|
|
#line 1
|
|
category c513;
|
|
#line 1
|
|
category c514;
|
|
#line 1
|
|
category c515;
|
|
#line 1
|
|
category c516;
|
|
#line 1
|
|
category c517;
|
|
#line 1
|
|
category c518;
|
|
#line 1
|
|
category c519;
|
|
#line 1
|
|
category c520;
|
|
#line 1
|
|
category c521;
|
|
#line 1
|
|
category c522;
|
|
#line 1
|
|
category c523;
|
|
#line 1
|
|
category c524;
|
|
#line 1
|
|
category c525;
|
|
#line 1
|
|
category c526;
|
|
#line 1
|
|
category c527;
|
|
#line 1
|
|
category c528;
|
|
#line 1
|
|
category c529;
|
|
#line 1
|
|
category c530;
|
|
#line 1
|
|
category c531;
|
|
#line 1
|
|
category c532;
|
|
#line 1
|
|
category c533;
|
|
#line 1
|
|
category c534;
|
|
#line 1
|
|
category c535;
|
|
#line 1
|
|
category c536;
|
|
#line 1
|
|
category c537;
|
|
#line 1
|
|
category c538;
|
|
#line 1
|
|
category c539;
|
|
#line 1
|
|
category c540;
|
|
#line 1
|
|
category c541;
|
|
#line 1
|
|
category c542;
|
|
#line 1
|
|
category c543;
|
|
#line 1
|
|
category c544;
|
|
#line 1
|
|
category c545;
|
|
#line 1
|
|
category c546;
|
|
#line 1
|
|
category c547;
|
|
#line 1
|
|
category c548;
|
|
#line 1
|
|
category c549;
|
|
#line 1
|
|
category c550;
|
|
#line 1
|
|
category c551;
|
|
#line 1
|
|
category c552;
|
|
#line 1
|
|
category c553;
|
|
#line 1
|
|
category c554;
|
|
#line 1
|
|
category c555;
|
|
#line 1
|
|
category c556;
|
|
#line 1
|
|
category c557;
|
|
#line 1
|
|
category c558;
|
|
#line 1
|
|
category c559;
|
|
#line 1
|
|
category c560;
|
|
#line 1
|
|
category c561;
|
|
#line 1
|
|
category c562;
|
|
#line 1
|
|
category c563;
|
|
#line 1
|
|
category c564;
|
|
#line 1
|
|
category c565;
|
|
#line 1
|
|
category c566;
|
|
#line 1
|
|
category c567;
|
|
#line 1
|
|
category c568;
|
|
#line 1
|
|
category c569;
|
|
#line 1
|
|
category c570;
|
|
#line 1
|
|
category c571;
|
|
#line 1
|
|
category c572;
|
|
#line 1
|
|
category c573;
|
|
#line 1
|
|
category c574;
|
|
#line 1
|
|
category c575;
|
|
#line 1
|
|
category c576;
|
|
#line 1
|
|
category c577;
|
|
#line 1
|
|
category c578;
|
|
#line 1
|
|
category c579;
|
|
#line 1
|
|
category c580;
|
|
#line 1
|
|
category c581;
|
|
#line 1
|
|
category c582;
|
|
#line 1
|
|
category c583;
|
|
#line 1
|
|
category c584;
|
|
#line 1
|
|
category c585;
|
|
#line 1
|
|
category c586;
|
|
#line 1
|
|
category c587;
|
|
#line 1
|
|
category c588;
|
|
#line 1
|
|
category c589;
|
|
#line 1
|
|
category c590;
|
|
#line 1
|
|
category c591;
|
|
#line 1
|
|
category c592;
|
|
#line 1
|
|
category c593;
|
|
#line 1
|
|
category c594;
|
|
#line 1
|
|
category c595;
|
|
#line 1
|
|
category c596;
|
|
#line 1
|
|
category c597;
|
|
#line 1
|
|
category c598;
|
|
#line 1
|
|
category c599;
|
|
#line 1
|
|
category c600;
|
|
#line 1
|
|
category c601;
|
|
#line 1
|
|
category c602;
|
|
#line 1
|
|
category c603;
|
|
#line 1
|
|
category c604;
|
|
#line 1
|
|
category c605;
|
|
#line 1
|
|
category c606;
|
|
#line 1
|
|
category c607;
|
|
#line 1
|
|
category c608;
|
|
#line 1
|
|
category c609;
|
|
#line 1
|
|
category c610;
|
|
#line 1
|
|
category c611;
|
|
#line 1
|
|
category c612;
|
|
#line 1
|
|
category c613;
|
|
#line 1
|
|
category c614;
|
|
#line 1
|
|
category c615;
|
|
#line 1
|
|
category c616;
|
|
#line 1
|
|
category c617;
|
|
#line 1
|
|
category c618;
|
|
#line 1
|
|
category c619;
|
|
#line 1
|
|
category c620;
|
|
#line 1
|
|
category c621;
|
|
#line 1
|
|
category c622;
|
|
#line 1
|
|
category c623;
|
|
#line 1
|
|
category c624;
|
|
#line 1
|
|
category c625;
|
|
#line 1
|
|
category c626;
|
|
#line 1
|
|
category c627;
|
|
#line 1
|
|
category c628;
|
|
#line 1
|
|
category c629;
|
|
#line 1
|
|
category c630;
|
|
#line 1
|
|
category c631;
|
|
#line 1
|
|
category c632;
|
|
#line 1
|
|
category c633;
|
|
#line 1
|
|
category c634;
|
|
#line 1
|
|
category c635;
|
|
#line 1
|
|
category c636;
|
|
#line 1
|
|
category c637;
|
|
#line 1
|
|
category c638;
|
|
#line 1
|
|
category c639;
|
|
#line 1
|
|
category c640;
|
|
#line 1
|
|
category c641;
|
|
#line 1
|
|
category c642;
|
|
#line 1
|
|
category c643;
|
|
#line 1
|
|
category c644;
|
|
#line 1
|
|
category c645;
|
|
#line 1
|
|
category c646;
|
|
#line 1
|
|
category c647;
|
|
#line 1
|
|
category c648;
|
|
#line 1
|
|
category c649;
|
|
#line 1
|
|
category c650;
|
|
#line 1
|
|
category c651;
|
|
#line 1
|
|
category c652;
|
|
#line 1
|
|
category c653;
|
|
#line 1
|
|
category c654;
|
|
#line 1
|
|
category c655;
|
|
#line 1
|
|
category c656;
|
|
#line 1
|
|
category c657;
|
|
#line 1
|
|
category c658;
|
|
#line 1
|
|
category c659;
|
|
#line 1
|
|
category c660;
|
|
#line 1
|
|
category c661;
|
|
#line 1
|
|
category c662;
|
|
#line 1
|
|
category c663;
|
|
#line 1
|
|
category c664;
|
|
#line 1
|
|
category c665;
|
|
#line 1
|
|
category c666;
|
|
#line 1
|
|
category c667;
|
|
#line 1
|
|
category c668;
|
|
#line 1
|
|
category c669;
|
|
#line 1
|
|
category c670;
|
|
#line 1
|
|
category c671;
|
|
#line 1
|
|
category c672;
|
|
#line 1
|
|
category c673;
|
|
#line 1
|
|
category c674;
|
|
#line 1
|
|
category c675;
|
|
#line 1
|
|
category c676;
|
|
#line 1
|
|
category c677;
|
|
#line 1
|
|
category c678;
|
|
#line 1
|
|
category c679;
|
|
#line 1
|
|
category c680;
|
|
#line 1
|
|
category c681;
|
|
#line 1
|
|
category c682;
|
|
#line 1
|
|
category c683;
|
|
#line 1
|
|
category c684;
|
|
#line 1
|
|
category c685;
|
|
#line 1
|
|
category c686;
|
|
#line 1
|
|
category c687;
|
|
#line 1
|
|
category c688;
|
|
#line 1
|
|
category c689;
|
|
#line 1
|
|
category c690;
|
|
#line 1
|
|
category c691;
|
|
#line 1
|
|
category c692;
|
|
#line 1
|
|
category c693;
|
|
#line 1
|
|
category c694;
|
|
#line 1
|
|
category c695;
|
|
#line 1
|
|
category c696;
|
|
#line 1
|
|
category c697;
|
|
#line 1
|
|
category c698;
|
|
#line 1
|
|
category c699;
|
|
#line 1
|
|
category c700;
|
|
#line 1
|
|
category c701;
|
|
#line 1
|
|
category c702;
|
|
#line 1
|
|
category c703;
|
|
#line 1
|
|
category c704;
|
|
#line 1
|
|
category c705;
|
|
#line 1
|
|
category c706;
|
|
#line 1
|
|
category c707;
|
|
#line 1
|
|
category c708;
|
|
#line 1
|
|
category c709;
|
|
#line 1
|
|
category c710;
|
|
#line 1
|
|
category c711;
|
|
#line 1
|
|
category c712;
|
|
#line 1
|
|
category c713;
|
|
#line 1
|
|
category c714;
|
|
#line 1
|
|
category c715;
|
|
#line 1
|
|
category c716;
|
|
#line 1
|
|
category c717;
|
|
#line 1
|
|
category c718;
|
|
#line 1
|
|
category c719;
|
|
#line 1
|
|
category c720;
|
|
#line 1
|
|
category c721;
|
|
#line 1
|
|
category c722;
|
|
#line 1
|
|
category c723;
|
|
#line 1
|
|
category c724;
|
|
#line 1
|
|
category c725;
|
|
#line 1
|
|
category c726;
|
|
#line 1
|
|
category c727;
|
|
#line 1
|
|
category c728;
|
|
#line 1
|
|
category c729;
|
|
#line 1
|
|
category c730;
|
|
#line 1
|
|
category c731;
|
|
#line 1
|
|
category c732;
|
|
#line 1
|
|
category c733;
|
|
#line 1
|
|
category c734;
|
|
#line 1
|
|
category c735;
|
|
#line 1
|
|
category c736;
|
|
#line 1
|
|
category c737;
|
|
#line 1
|
|
category c738;
|
|
#line 1
|
|
category c739;
|
|
#line 1
|
|
category c740;
|
|
#line 1
|
|
category c741;
|
|
#line 1
|
|
category c742;
|
|
#line 1
|
|
category c743;
|
|
#line 1
|
|
category c744;
|
|
#line 1
|
|
category c745;
|
|
#line 1
|
|
category c746;
|
|
#line 1
|
|
category c747;
|
|
#line 1
|
|
category c748;
|
|
#line 1
|
|
category c749;
|
|
#line 1
|
|
category c750;
|
|
#line 1
|
|
category c751;
|
|
#line 1
|
|
category c752;
|
|
#line 1
|
|
category c753;
|
|
#line 1
|
|
category c754;
|
|
#line 1
|
|
category c755;
|
|
#line 1
|
|
category c756;
|
|
#line 1
|
|
category c757;
|
|
#line 1
|
|
category c758;
|
|
#line 1
|
|
category c759;
|
|
#line 1
|
|
category c760;
|
|
#line 1
|
|
category c761;
|
|
#line 1
|
|
category c762;
|
|
#line 1
|
|
category c763;
|
|
#line 1
|
|
category c764;
|
|
#line 1
|
|
category c765;
|
|
#line 1
|
|
category c766;
|
|
#line 1
|
|
category c767;
|
|
#line 1
|
|
category c768;
|
|
#line 1
|
|
category c769;
|
|
#line 1
|
|
category c770;
|
|
#line 1
|
|
category c771;
|
|
#line 1
|
|
category c772;
|
|
#line 1
|
|
category c773;
|
|
#line 1
|
|
category c774;
|
|
#line 1
|
|
category c775;
|
|
#line 1
|
|
category c776;
|
|
#line 1
|
|
category c777;
|
|
#line 1
|
|
category c778;
|
|
#line 1
|
|
category c779;
|
|
#line 1
|
|
category c780;
|
|
#line 1
|
|
category c781;
|
|
#line 1
|
|
category c782;
|
|
#line 1
|
|
category c783;
|
|
#line 1
|
|
category c784;
|
|
#line 1
|
|
category c785;
|
|
#line 1
|
|
category c786;
|
|
#line 1
|
|
category c787;
|
|
#line 1
|
|
category c788;
|
|
#line 1
|
|
category c789;
|
|
#line 1
|
|
category c790;
|
|
#line 1
|
|
category c791;
|
|
#line 1
|
|
category c792;
|
|
#line 1
|
|
category c793;
|
|
#line 1
|
|
category c794;
|
|
#line 1
|
|
category c795;
|
|
#line 1
|
|
category c796;
|
|
#line 1
|
|
category c797;
|
|
#line 1
|
|
category c798;
|
|
#line 1
|
|
category c799;
|
|
#line 1
|
|
category c800;
|
|
#line 1
|
|
category c801;
|
|
#line 1
|
|
category c802;
|
|
#line 1
|
|
category c803;
|
|
#line 1
|
|
category c804;
|
|
#line 1
|
|
category c805;
|
|
#line 1
|
|
category c806;
|
|
#line 1
|
|
category c807;
|
|
#line 1
|
|
category c808;
|
|
#line 1
|
|
category c809;
|
|
#line 1
|
|
category c810;
|
|
#line 1
|
|
category c811;
|
|
#line 1
|
|
category c812;
|
|
#line 1
|
|
category c813;
|
|
#line 1
|
|
category c814;
|
|
#line 1
|
|
category c815;
|
|
#line 1
|
|
category c816;
|
|
#line 1
|
|
category c817;
|
|
#line 1
|
|
category c818;
|
|
#line 1
|
|
category c819;
|
|
#line 1
|
|
category c820;
|
|
#line 1
|
|
category c821;
|
|
#line 1
|
|
category c822;
|
|
#line 1
|
|
category c823;
|
|
#line 1
|
|
category c824;
|
|
#line 1
|
|
category c825;
|
|
#line 1
|
|
category c826;
|
|
#line 1
|
|
category c827;
|
|
#line 1
|
|
category c828;
|
|
#line 1
|
|
category c829;
|
|
#line 1
|
|
category c830;
|
|
#line 1
|
|
category c831;
|
|
#line 1
|
|
category c832;
|
|
#line 1
|
|
category c833;
|
|
#line 1
|
|
category c834;
|
|
#line 1
|
|
category c835;
|
|
#line 1
|
|
category c836;
|
|
#line 1
|
|
category c837;
|
|
#line 1
|
|
category c838;
|
|
#line 1
|
|
category c839;
|
|
#line 1
|
|
category c840;
|
|
#line 1
|
|
category c841;
|
|
#line 1
|
|
category c842;
|
|
#line 1
|
|
category c843;
|
|
#line 1
|
|
category c844;
|
|
#line 1
|
|
category c845;
|
|
#line 1
|
|
category c846;
|
|
#line 1
|
|
category c847;
|
|
#line 1
|
|
category c848;
|
|
#line 1
|
|
category c849;
|
|
#line 1
|
|
category c850;
|
|
#line 1
|
|
category c851;
|
|
#line 1
|
|
category c852;
|
|
#line 1
|
|
category c853;
|
|
#line 1
|
|
category c854;
|
|
#line 1
|
|
category c855;
|
|
#line 1
|
|
category c856;
|
|
#line 1
|
|
category c857;
|
|
#line 1
|
|
category c858;
|
|
#line 1
|
|
category c859;
|
|
#line 1
|
|
category c860;
|
|
#line 1
|
|
category c861;
|
|
#line 1
|
|
category c862;
|
|
#line 1
|
|
category c863;
|
|
#line 1
|
|
category c864;
|
|
#line 1
|
|
category c865;
|
|
#line 1
|
|
category c866;
|
|
#line 1
|
|
category c867;
|
|
#line 1
|
|
category c868;
|
|
#line 1
|
|
category c869;
|
|
#line 1
|
|
category c870;
|
|
#line 1
|
|
category c871;
|
|
#line 1
|
|
category c872;
|
|
#line 1
|
|
category c873;
|
|
#line 1
|
|
category c874;
|
|
#line 1
|
|
category c875;
|
|
#line 1
|
|
category c876;
|
|
#line 1
|
|
category c877;
|
|
#line 1
|
|
category c878;
|
|
#line 1
|
|
category c879;
|
|
#line 1
|
|
category c880;
|
|
#line 1
|
|
category c881;
|
|
#line 1
|
|
category c882;
|
|
#line 1
|
|
category c883;
|
|
#line 1
|
|
category c884;
|
|
#line 1
|
|
category c885;
|
|
#line 1
|
|
category c886;
|
|
#line 1
|
|
category c887;
|
|
#line 1
|
|
category c888;
|
|
#line 1
|
|
category c889;
|
|
#line 1
|
|
category c890;
|
|
#line 1
|
|
category c891;
|
|
#line 1
|
|
category c892;
|
|
#line 1
|
|
category c893;
|
|
#line 1
|
|
category c894;
|
|
#line 1
|
|
category c895;
|
|
#line 1
|
|
category c896;
|
|
#line 1
|
|
category c897;
|
|
#line 1
|
|
category c898;
|
|
#line 1
|
|
category c899;
|
|
#line 1
|
|
category c900;
|
|
#line 1
|
|
category c901;
|
|
#line 1
|
|
category c902;
|
|
#line 1
|
|
category c903;
|
|
#line 1
|
|
category c904;
|
|
#line 1
|
|
category c905;
|
|
#line 1
|
|
category c906;
|
|
#line 1
|
|
category c907;
|
|
#line 1
|
|
category c908;
|
|
#line 1
|
|
category c909;
|
|
#line 1
|
|
category c910;
|
|
#line 1
|
|
category c911;
|
|
#line 1
|
|
category c912;
|
|
#line 1
|
|
category c913;
|
|
#line 1
|
|
category c914;
|
|
#line 1
|
|
category c915;
|
|
#line 1
|
|
category c916;
|
|
#line 1
|
|
category c917;
|
|
#line 1
|
|
category c918;
|
|
#line 1
|
|
category c919;
|
|
#line 1
|
|
category c920;
|
|
#line 1
|
|
category c921;
|
|
#line 1
|
|
category c922;
|
|
#line 1
|
|
category c923;
|
|
#line 1
|
|
category c924;
|
|
#line 1
|
|
category c925;
|
|
#line 1
|
|
category c926;
|
|
#line 1
|
|
category c927;
|
|
#line 1
|
|
category c928;
|
|
#line 1
|
|
category c929;
|
|
#line 1
|
|
category c930;
|
|
#line 1
|
|
category c931;
|
|
#line 1
|
|
category c932;
|
|
#line 1
|
|
category c933;
|
|
#line 1
|
|
category c934;
|
|
#line 1
|
|
category c935;
|
|
#line 1
|
|
category c936;
|
|
#line 1
|
|
category c937;
|
|
#line 1
|
|
category c938;
|
|
#line 1
|
|
category c939;
|
|
#line 1
|
|
category c940;
|
|
#line 1
|
|
category c941;
|
|
#line 1
|
|
category c942;
|
|
#line 1
|
|
category c943;
|
|
#line 1
|
|
category c944;
|
|
#line 1
|
|
category c945;
|
|
#line 1
|
|
category c946;
|
|
#line 1
|
|
category c947;
|
|
#line 1
|
|
category c948;
|
|
#line 1
|
|
category c949;
|
|
#line 1
|
|
category c950;
|
|
#line 1
|
|
category c951;
|
|
#line 1
|
|
category c952;
|
|
#line 1
|
|
category c953;
|
|
#line 1
|
|
category c954;
|
|
#line 1
|
|
category c955;
|
|
#line 1
|
|
category c956;
|
|
#line 1
|
|
category c957;
|
|
#line 1
|
|
category c958;
|
|
#line 1
|
|
category c959;
|
|
#line 1
|
|
category c960;
|
|
#line 1
|
|
category c961;
|
|
#line 1
|
|
category c962;
|
|
#line 1
|
|
category c963;
|
|
#line 1
|
|
category c964;
|
|
#line 1
|
|
category c965;
|
|
#line 1
|
|
category c966;
|
|
#line 1
|
|
category c967;
|
|
#line 1
|
|
category c968;
|
|
#line 1
|
|
category c969;
|
|
#line 1
|
|
category c970;
|
|
#line 1
|
|
category c971;
|
|
#line 1
|
|
category c972;
|
|
#line 1
|
|
category c973;
|
|
#line 1
|
|
category c974;
|
|
#line 1
|
|
category c975;
|
|
#line 1
|
|
category c976;
|
|
#line 1
|
|
category c977;
|
|
#line 1
|
|
category c978;
|
|
#line 1
|
|
category c979;
|
|
#line 1
|
|
category c980;
|
|
#line 1
|
|
category c981;
|
|
#line 1
|
|
category c982;
|
|
#line 1
|
|
category c983;
|
|
#line 1
|
|
category c984;
|
|
#line 1
|
|
category c985;
|
|
#line 1
|
|
category c986;
|
|
#line 1
|
|
category c987;
|
|
#line 1
|
|
category c988;
|
|
#line 1
|
|
category c989;
|
|
#line 1
|
|
category c990;
|
|
#line 1
|
|
category c991;
|
|
#line 1
|
|
category c992;
|
|
#line 1
|
|
category c993;
|
|
#line 1
|
|
category c994;
|
|
#line 1
|
|
category c995;
|
|
#line 1
|
|
category c996;
|
|
#line 1
|
|
category c997;
|
|
#line 1
|
|
category c998;
|
|
#line 1
|
|
category c999;
|
|
#line 1
|
|
category c1000;
|
|
#line 1
|
|
category c1001;
|
|
#line 1
|
|
category c1002;
|
|
#line 1
|
|
category c1003;
|
|
#line 1
|
|
category c1004;
|
|
#line 1
|
|
category c1005;
|
|
#line 1
|
|
category c1006;
|
|
#line 1
|
|
category c1007;
|
|
#line 1
|
|
category c1008;
|
|
#line 1
|
|
category c1009;
|
|
#line 1
|
|
category c1010;
|
|
#line 1
|
|
category c1011;
|
|
#line 1
|
|
category c1012;
|
|
#line 1
|
|
category c1013;
|
|
#line 1
|
|
category c1014;
|
|
#line 1
|
|
category c1015;
|
|
#line 1
|
|
category c1016;
|
|
#line 1
|
|
category c1017;
|
|
#line 1
|
|
category c1018;
|
|
#line 1
|
|
category c1019;
|
|
#line 1
|
|
category c1020;
|
|
#line 1
|
|
category c1021;
|
|
#line 1
|
|
category c1022;
|
|
#line 1
|
|
category c1023;
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
#line 1
|
|
}
|
|
#line 1
|
|
|
|
#line 1
|
|
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
require {
|
|
type container_t;
|
|
type container_var_run_t;
|
|
type container_file_t;
|
|
type container_runtime_t;
|
|
class sock_file { write read };
|
|
class unix_stream_socket { connectto };
|
|
}
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
# Allow containers to write to Docker socket
|
|
allow container_t container_var_run_t:sock_file { write read };
|
|
allow container_t container_file_t:sock_file { write read };
|
|
|
|
# Allow containers to connect to Docker daemon
|
|
allow container_t container_runtime_t:unix_stream_socket connectto; |