[selinux-policy] - Lot of fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git; a=log
Miroslav Grepl
mgrepl at fedoraproject.org
Tue May 24 14:38:54 UTC 2011
commit ace25237f9b9d8b9c63fc705b9a5fc0d958491d6
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue May 24 16:38:28 2011 +0200
- Lot of fixes
* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
policy-F16.patch | 4477 ++++++++++++++++++++++++++++++---------------------
selinux-policy.spec | 6 +-
2 files changed, 2646 insertions(+), 1837 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 414e56d..6eafc61 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -925,7 +925,7 @@ index 4f7bd3c..b5c346f 100644
+ #unconfined_domain(kudzu_t)
')
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
-index 7090dae..1297962 100644
+index 7090dae..893ea9a 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -116,17 +116,15 @@ miscfiles_read_localization(logrotate_t)
@@ -951,10 +951,11 @@ index 7090dae..1297962 100644
# for savelog
can_exec(logrotate_t, logrotate_exec_t)
-@@ -162,10 +160,19 @@ optional_policy(`
+@@ -162,10 +160,20 @@ optional_policy(`
')
optional_policy(`
++ callweaver_exec(logrotate_t)
+ callweaver_stream_connect(logrotate_t)
+')
+
@@ -971,7 +972,7 @@ index 7090dae..1297962 100644
cups_domtrans(logrotate_t)
')
-@@ -203,7 +210,6 @@ optional_policy(`
+@@ -203,7 +211,6 @@ optional_policy(`
psad_domtrans(logrotate_t)
')
@@ -979,7 +980,7 @@ index 7090dae..1297962 100644
optional_policy(`
samba_exec_log(logrotate_t)
')
-@@ -228,3 +234,14 @@ optional_policy(`
+@@ -228,3 +235,14 @@ optional_policy(`
optional_policy(`
varnishd_manage_log(logrotate_t)
')
@@ -3887,7 +3888,7 @@ index 00a19e3..55075f9 100644
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
-index f5afe78..bf930fc 100644
+index f5afe78..f816c8d 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -1,44 +1,623 @@
@@ -4957,18 +4958,18 @@ index f5afe78..bf930fc 100644
+ type gkeyringd_gnome_home_t;
+')
+
-+ userdom_user_home_dir_filetrans($1, config_home_t, file, .Xdefaults)
-+ userdom_user_home_dir_filetrans($1, config_home_t, dir, .xine)
-+ userdom_user_home_dir_filetrans($1, cache_home_t, dir, .cache)
-+ userdom_user_home_dir_filetrans($1, config_home_t, dir, .kde)
-+ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, .gconf)
-+ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, .gconfd)
-+ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, .local)
-+ userdom_user_home_dir_filetrans($1, gnome_home_t, dir, .gnome2)
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, .gstreamer-10)
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, .gstreamer-12)
-+ filetrans_pattern($1, gnome_home_t, gkeyringd_gnome_home_t, dir, keyrings)
-+ filetrans_pattern($1, gconf_home_t, data_home_t, dir, share)
++ userdom_user_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
++ userdom_user_home_dir_filetrans($1, config_home_t, dir, ".xine")
++ userdom_user_home_dir_filetrans($1, cache_home_t, dir, ".cache")
++ userdom_user_home_dir_filetrans($1, config_home_t, dir, ".kde")
++ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
++ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
++ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local")
++ userdom_user_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
++ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
++ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
++ filetrans_pattern($1, gnome_home_t, gkeyringd_gnome_home_t, dir, "keyrings")
++ filetrans_pattern($1, gconf_home_t, data_home_t, dir, "share")
+')
+
+########################################
@@ -4993,16 +4994,16 @@ index f5afe78..bf930fc 100644
+ type data_home_t;
+')
+
-+ userdom_admin_home_dir_filetrans($1, config_home_t, file, .Xdefaults)
-+ userdom_admin_home_dir_filetrans($1, config_home_t, dir, .xine)
-+ userdom_admin_home_dir_filetrans($1, cache_home_t, dir, .cache)
-+ userdom_admin_home_dir_filetrans($1, config_home_t, dir, .kde)
-+ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, .gconf)
-+ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, .gconfd)
-+ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, .local)
-+ userdom_admin_home_dir_filetrans($1, gnome_home_t, dir, .gnome2)
-+ userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, .gstreamer-10)
-+ userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, .gstreamer-12)
++ userdom_admin_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
++ userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".xine")
++ userdom_admin_home_dir_filetrans($1, cache_home_t, dir, ".cache")
++ userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".kde")
++ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
++ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
++ userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".local")
++ userdom_admin_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
++ userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
++ userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
+')
+######################################
+## <summary>
@@ -5048,7 +5049,7 @@ index f5afe78..bf930fc 100644
+ type_transition $1 gkeyringd_exec_t:process $2;
+')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
-index 2505654..d27f79b 100644
+index 2505654..8e26f2b 100644
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -5,12 +5,26 @@ policy_module(gnome, 2.1.0)
@@ -5123,7 +5124,7 @@ index 2505654..d27f79b 100644
##############################
#
# Local Policy
-@@ -75,3 +110,167 @@ optional_policy(`
+@@ -75,3 +110,166 @@ optional_policy(`
xserver_use_xdm_fds(gconfd_t)
xserver_rw_xdm_pipes(gconfd_t)
')
@@ -5153,28 +5154,28 @@ index 2505654..d27f79b 100644
+userdom_dontaudit_search_admin_dir(gconfdefaultsm_t)
+
+optional_policy(`
-+ consolekit_dbus_chat(gconfdefaultsm_t)
++ consolekit_dbus_chat(gconfdefaultsm_t)
+')
+
+optional_policy(`
-+ nscd_dontaudit_search_pid(gconfdefaultsm_t)
++ nscd_dontaudit_search_pid(gconfdefaultsm_t)
+')
+
+optional_policy(`
-+ policykit_domtrans_auth(gconfdefaultsm_t)
-+ policykit_dbus_chat(gconfdefaultsm_t)
-+ policykit_read_lib(gconfdefaultsm_t)
-+ policykit_read_reload(gconfdefaultsm_t)
++ policykit_domtrans_auth(gconfdefaultsm_t)
++ policykit_dbus_chat(gconfdefaultsm_t)
++ policykit_read_lib(gconfdefaultsm_t)
++ policykit_read_reload(gconfdefaultsm_t)
+')
+
+tunable_policy(`use_nfs_home_dirs',`
-+ fs_manage_nfs_dirs(gconfdefaultsm_t)
-+ fs_manage_nfs_files(gconfdefaultsm_t)
++ fs_manage_nfs_dirs(gconfdefaultsm_t)
++ fs_manage_nfs_files(gconfdefaultsm_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
-+ fs_manage_cifs_dirs(gconfdefaultsm_t)
-+ fs_manage_cifs_files(gconfdefaultsm_t)
++ fs_manage_cifs_dirs(gconfdefaultsm_t)
++ fs_manage_cifs_files(gconfdefaultsm_t)
+')
+
+#######################################
@@ -5206,18 +5207,18 @@ index 2505654..d27f79b 100644
+userdom_dontaudit_search_admin_dir(gnomesystemmm_t)
+
+optional_policy(`
-+ consolekit_dbus_chat(gnomesystemmm_t)
++ consolekit_dbus_chat(gnomesystemmm_t)
+')
+
+optional_policy(`
-+ nscd_dontaudit_search_pid(gnomesystemmm_t)
++ nscd_dontaudit_search_pid(gnomesystemmm_t)
+')
+
+optional_policy(`
-+ policykit_dbus_chat(gnomesystemmm_t)
-+ policykit_domtrans_auth(gnomesystemmm_t)
-+ policykit_read_lib(gnomesystemmm_t)
-+ policykit_read_reload(gnomesystemmm_t)
++ policykit_dbus_chat(gnomesystemmm_t)
++ policykit_domtrans_auth(gnomesystemmm_t)
++ policykit_read_lib(gnomesystemmm_t)
++ policykit_read_reload(gnomesystemmm_t)
+')
+
+######################################
@@ -5226,7 +5227,7 @@ index 2505654..d27f79b 100644
+#
+
+allow gkeyringd_domain self:capability ipc_lock;
-+allow gkeyringd_domain self:process { getcap getsched signal };
++allow gkeyringd_domain self:process { getcap getsched setcap signal };
+allow gkeyringd_domain self:fifo_file rw_fifo_file_perms;
+allow gkeyringd_domain self:unix_stream_socket { connectto accept listen };
+
@@ -5282,15 +5283,14 @@ index 2505654..d27f79b 100644
+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_getattr_nfs(gkeyringd_domain)
-+ fs_manage_nfs_dirs(gkeyringd_domain)
-+ fs_manage_nfs_files(gkeyringd_domain)
++ fs_manage_nfs_dirs(gkeyringd_domain)
++ fs_manage_nfs_files(gkeyringd_domain)
+')
+
+tunable_policy(`use_samba_home_dirs',`
-+ fs_manage_cifs_dirs(gkeyringd_domain)
-+ fs_manage_cifs_files(gkeyringd_domain)
++ fs_manage_cifs_dirs(gkeyringd_domain)
++ fs_manage_cifs_files(gkeyringd_domain)
+')
-+
diff --git a/policy/modules/apps/gpg.fc b/policy/modules/apps/gpg.fc
index e9853d4..6864b58 100644
--- a/policy/modules/apps/gpg.fc
@@ -6249,7 +6249,7 @@ index 93ac529..35b51ab 100644
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
-index 9a6d67d..c499e03 100644
+index 9a6d67d..ceeb3e7 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -29,6 +29,8 @@ interface(`mozilla_role',`
@@ -6308,7 +6308,7 @@ index 9a6d67d..c499e03 100644
## Execmod mozilla home directory content.
## </summary>
## <param name="domain">
-@@ -168,6 +194,77 @@ interface(`mozilla_domtrans',`
+@@ -168,6 +194,80 @@ interface(`mozilla_domtrans',`
########################################
## <summary>
@@ -6331,6 +6331,8 @@ index 9a6d67d..c499e03 100644
+
+ allow $1 mozilla_plugin_t:dbus send_msg;
+ allow mozilla_plugin_t $1:dbus send_msg;
++
++ allow $1 mozilla_plugin_t:fd use;
+')
+
+
@@ -6358,7 +6360,8 @@ index 9a6d67d..c499e03 100644
+ mozilla_domtrans_plugin($1)
+ role $2 types mozilla_plugin_t;
+ allow $1 mozilla_plugin_t:unix_stream_socket { connectto rw_socket_perms };
-+ allow $1 mozilla_plugin_t:process { signal sigkill };
++ allow $1 mozilla_plugin_t:process { ptrace signal sigkill };
++ allow $1 mozilla_plugin_t:fd use;
+
+ allow mozilla_plugin_t $1:unix_stream_socket rw_socket_perms;
+')
@@ -6386,7 +6389,7 @@ index 9a6d67d..c499e03 100644
## Send and receive messages from
## mozilla over dbus.
## </summary>
-@@ -204,3 +301,39 @@ interface(`mozilla_rw_tcp_sockets',`
+@@ -204,3 +304,39 @@ interface(`mozilla_rw_tcp_sockets',`
allow $1 mozilla_t:tcp_socket rw_socket_perms;
')
@@ -7425,10 +7428,10 @@ index 0000000..37449c0
+')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
new file mode 100644
-index 0000000..24c9669
+index 0000000..bd3e5f8
--- /dev/null
+++ b/policy/modules/apps/nsplugin.te
-@@ -0,0 +1,328 @@
+@@ -0,0 +1,329 @@
+policy_module(nsplugin, 1.0.0)
+
+########################################
@@ -7545,6 +7548,7 @@ index 0000000..24c9669
+dev_read_video_dev(nsplugin_t)
+dev_write_video_dev(nsplugin_t)
+dev_getattr_dri_dev(nsplugin_t)
++dev_getattr_mouse_dev(nsplugin_t)
+dev_rwx_zero(nsplugin_t)
+dev_read_sysfs(nsplugin_t)
+dev_dontaudit_getattr_all(nsplugin_t)
@@ -10902,7 +10906,7 @@ index 34c9d01..1240d65 100644
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..32826ad 100644
+index 9e9263a..59c2125 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -203,7 +203,7 @@ interface(`corecmd_getattr_bin_files',`
@@ -10914,7 +10918,32 @@ index 9e9263a..32826ad 100644
## </summary>
## </param>
#
-@@ -1049,6 +1049,7 @@ interface(`corecmd_manage_all_executables',`
+@@ -254,6 +254,24 @@ interface(`corecmd_dontaudit_write_bin_files',`
+
+ ########################################
+ ## <summary>
++## Do not audit attempts to access check bin files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`corecmd_dontaudit_access_check_bin',`
++ gen_require(`
++ type bin_t;
++ ')
++
++ dontaudit $1 bin_t:file audit_access;
++')
++
++########################################
++## <summary>
+ ## Read symbolic links in bin directories.
+ ## </summary>
+ ## <param name="domain">
+@@ -1049,6 +1067,7 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
@@ -11052,7 +11081,7 @@ index 5a07a43..99c7564 100644
## </summary>
## <param name="domain">
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 0757523..7b77799 100644
+index 0757523..be25171 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -16,6 +16,7 @@ attribute rpc_port_type;
@@ -11090,7 +11119,7 @@ index 0757523..7b77799 100644
type client_packet_t, packet_type, client_packet_type;
#
-@@ -65,20 +79,25 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
+@@ -65,20 +79,26 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
type server_packet_t, packet_type, server_packet_type;
network_port(afs_bos, udp,7007,s0)
@@ -11114,10 +11143,11 @@ index 0757523..7b77799 100644
network_port(auth, tcp,113,s0)
network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
+network_port(boinc, tcp,31416,s0)
++network_port(boinc_client_ctrl, tcp,1043,s0)
type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
network_port(certmaster, tcp,51235,s0)
network_port(chronyd, udp,323,s0)
-@@ -86,9 +105,11 @@ network_port(clamd, tcp,3310,s0)
+@@ -86,9 +106,11 @@ network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
network_port(cobbler, tcp,25151,s0)
@@ -11129,7 +11159,7 @@ index 0757523..7b77799 100644
network_port(dbskkd, tcp,1178,s0)
network_port(dcc, udp,6276,s0, udp,6277,s0)
network_port(dccm, tcp,5679,s0, udp,5679,s0)
-@@ -96,9 +117,13 @@ network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
+@@ -96,9 +118,13 @@ network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
network_port(dict, tcp,2628,s0)
network_port(distccd, tcp,3632,s0)
@@ -11143,7 +11173,7 @@ index 0757523..7b77799 100644
network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
network_port(ftp_data, tcp,20,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -112,7 +137,7 @@ network_port(hddtemp, tcp,7634,s0)
+@@ -112,7 +138,7 @@ network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
@@ -11152,7 +11182,7 @@ index 0757523..7b77799 100644
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-@@ -126,43 +151,58 @@ network_port(iscsi, tcp,3260,s0)
+@@ -126,43 +152,59 @@ network_port(iscsi, tcp,3260,s0)
network_port(isns, tcp,3205,s0, udp,3205,s0)
network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
network_port(jabber_interserver, tcp,5269,s0)
@@ -11160,6 +11190,7 @@ index 0757523..7b77799 100644
-network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
-network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
+network_port(jabber_router, tcp,5347,s0)
++network_port(jboss_management, tcp,2712,s0)
+network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0, tcp,4444,s0, udp,4444,s0)
+network_port(kerberos_admin, tcp,749,s0)
+network_port(kerberos_password, tcp,464,s0, udp,464,s0)
@@ -11217,7 +11248,7 @@ index 0757523..7b77799 100644
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pulseaudio, tcp,4713,s0)
-@@ -177,24 +217,29 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
+@@ -177,24 +219,29 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@@ -11251,7 +11282,7 @@ index 0757523..7b77799 100644
network_port(syslogd, udp,514,s0)
network_port(tcs, tcp, 30003, s0)
network_port(telnetd, tcp,23,s0)
-@@ -205,16 +250,17 @@ network_port(transproxy, tcp,8081,s0)
+@@ -205,20 +252,22 @@ network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
@@ -11272,7 +11303,12 @@ index 0757523..7b77799 100644
network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
-@@ -276,5 +322,5 @@ allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_conn
+ network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
++network_port(zented, tcp,1229,s0, udp,1229,s0)
+ network_port(zope, tcp,8021,s0)
+
+ # Defaults for reserved ports. Earlier portcon entries take precedence;
+@@ -276,5 +325,5 @@ allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_conn
allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
# Bind to any network address.
@@ -11310,7 +11346,7 @@ index 6cf8784..5b25039 100644
+#
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
-index e9313fb..a09c590 100644
+index e9313fb..6c82b8f 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -146,14 +146,33 @@ interface(`dev_relabel_all_dev_nodes',`
@@ -11374,7 +11410,32 @@ index e9313fb..a09c590 100644
## Add entries to directories in /dev.
## </summary>
## <param name="domain">
-@@ -444,6 +481,24 @@ interface(`dev_getattr_generic_blk_files',`
+@@ -352,6 +389,24 @@ interface(`dev_read_generic_files',`
+ read_files_pattern($1, device_t, device_t)
+ ')
+
++#######################################
++## <summary>
++## Read generic files in /dev.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`dev_dontaudit_read_generic_files',`
++ gen_require(`
++ type device_t;
++ ')
++
++ dontaudit $1 device_t:file { read getattr };
++')
++
+ ########################################
+ ## <summary>
+ ## Read and write generic files in /dev.
+@@ -444,6 +499,24 @@ interface(`dev_getattr_generic_blk_files',`
########################################
## <summary>
@@ -11399,7 +11460,7 @@ index e9313fb..a09c590 100644
## Dontaudit getattr on generic block devices.
## </summary>
## <param name="domain">
-@@ -628,7 +683,7 @@ interface(`dev_rw_generic_blk_files',`
+@@ -628,7 +701,7 @@ interface(`dev_rw_generic_blk_files',`
## </summary>
## <param name="domain">
## <summary>
@@ -11408,7 +11469,7 @@ index e9313fb..a09c590 100644
## </summary>
## </param>
#
-@@ -715,7 +770,7 @@ interface(`dev_dontaudit_setattr_generic_symlinks',`
+@@ -715,7 +788,7 @@ interface(`dev_dontaudit_setattr_generic_symlinks',`
########################################
## <summary>
@@ -11417,7 +11478,7 @@ index e9313fb..a09c590 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -723,17 +778,17 @@ interface(`dev_dontaudit_setattr_generic_symlinks',`
+@@ -723,17 +796,17 @@ interface(`dev_dontaudit_setattr_generic_symlinks',`
## </summary>
## </param>
#
@@ -11438,7 +11499,7 @@ index e9313fb..a09c590 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -741,17 +796,17 @@ interface(`dev_read_generic_symlinks',`
+@@ -741,17 +814,17 @@ interface(`dev_read_generic_symlinks',`
## </summary>
## </param>
#
@@ -11459,7 +11520,7 @@ index e9313fb..a09c590 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -759,12 +814,12 @@ interface(`dev_create_generic_symlinks',`
+@@ -759,12 +832,12 @@ interface(`dev_create_generic_symlinks',`
## </summary>
## </param>
#
@@ -11474,7 +11535,7 @@ index e9313fb..a09c590 100644
')
########################################
-@@ -920,7 +975,7 @@ interface(`dev_filetrans',`
+@@ -920,7 +993,7 @@ interface(`dev_filetrans',`
type device_t;
')
@@ -11483,7 +11544,7 @@ index e9313fb..a09c590 100644
dev_associate($2)
files_associate_tmp($2)
-@@ -1006,6 +1061,7 @@ interface(`dev_dontaudit_getattr_all_blk_files',`
+@@ -1006,6 +1079,7 @@ interface(`dev_dontaudit_getattr_all_blk_files',`
interface(`dev_getattr_all_chr_files',`
gen_require(`
attribute device_node;
@@ -11491,7 +11552,7 @@ index e9313fb..a09c590 100644
')
getattr_chr_files_pattern($1, device_t, device_node)
-@@ -1178,6 +1234,42 @@ interface(`dev_create_all_chr_files',`
+@@ -1178,6 +1252,42 @@ interface(`dev_create_all_chr_files',`
########################################
## <summary>
@@ -11534,7 +11595,7 @@ index e9313fb..a09c590 100644
## Delete all block device files.
## </summary>
## <param name="domain">
-@@ -2663,7 +2755,7 @@ interface(`dev_write_misc',`
+@@ -2663,7 +2773,7 @@ interface(`dev_write_misc',`
## </summary>
## <param name="domain">
## <summary>
@@ -11543,7 +11604,7 @@ index e9313fb..a09c590 100644
## </summary>
## </param>
#
-@@ -3192,24 +3284,6 @@ interface(`dev_rw_printer',`
+@@ -3192,24 +3302,6 @@ interface(`dev_rw_printer',`
########################################
## <summary>
@@ -11568,7 +11629,7 @@ index e9313fb..a09c590 100644
## Get the attributes of the QEMU
## microcode and id interfaces.
## </summary>
-@@ -3793,6 +3867,24 @@ interface(`dev_getattr_sysfs_dirs',`
+@@ -3793,6 +3885,24 @@ interface(`dev_getattr_sysfs_dirs',`
########################################
## <summary>
@@ -11593,7 +11654,7 @@ index e9313fb..a09c590 100644
## Search the sysfs directories.
## </summary>
## <param name="domain">
-@@ -3884,25 +3976,6 @@ interface(`dev_dontaudit_write_sysfs_dirs',`
+@@ -3884,25 +3994,6 @@ interface(`dev_dontaudit_write_sysfs_dirs',`
########################################
## <summary>
@@ -11619,7 +11680,7 @@ index e9313fb..a09c590 100644
## Read hardware state information.
## </summary>
## <desc>
-@@ -3954,6 +4027,42 @@ interface(`dev_rw_sysfs',`
+@@ -3954,6 +4045,42 @@ interface(`dev_rw_sysfs',`
########################################
## <summary>
@@ -11662,7 +11723,7 @@ index e9313fb..a09c590 100644
## Read and write the TPM device.
## </summary>
## <param name="domain">
-@@ -4514,6 +4623,24 @@ interface(`dev_rwx_vmware',`
+@@ -4514,6 +4641,24 @@ interface(`dev_rwx_vmware',`
########################################
## <summary>
@@ -11687,7 +11748,7 @@ index e9313fb..a09c590 100644
## Write to watchdog devices.
## </summary>
## <param name="domain">
-@@ -4748,3 +4875,772 @@ interface(`dev_unconfined',`
+@@ -4748,3 +4893,772 @@ interface(`dev_unconfined',`
typeattribute $1 devices_unconfined_type;
')
@@ -11770,695 +11831,695 @@ index e9313fb..a09c590 100644
+ type mtrr_device_t;
+')
+
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, 3dfx)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, admmidi9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, adsp9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, aload9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amidi9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, amixer9)
-+ filetrans_pattern($1, device_t, apm_bios_t, chr_file, apm_bios)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, atibm)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, audio9)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs0)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs1)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs2)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs3)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs4)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs5)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs6)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs7)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs8)
-+ filetrans_pattern($1, device_t, autofs_device_t, chr_file, autofs9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, beep)
-+ filetrans_pattern($1, device_t, lvm_control_t, chr_file, btrfs-control)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, controlD64)
-+ filetrans_pattern($1, device_t, crash_device_t, chr_file, crash)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm0)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm1)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm2)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm3)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm4)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm5)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm6)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm7)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm8)
-+ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, dlm9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmfm)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dmmidi9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, dsp9)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, efirtc)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, e2201)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83000)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83001)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83002)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83003)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83004)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83005)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83006)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83007)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83008)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, em83009)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event0)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event1)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event2)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event3)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event4)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event5)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event6)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event7)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event8)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, event9)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, evtchn)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb0)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb1)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb2)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb3)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb4)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb5)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb6)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb7)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb8)
-+ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, fb9)
-+ filetrans_pattern($1, device_t, null_device_t, chr_file, full)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw0)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw1)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw2)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw3)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw4)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw5)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw6)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw7)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw8)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, fw9)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 000)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 001)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 002)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 003)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 004)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 005)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 006)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 007)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 008)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, 009)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, gfx)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, graphics)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc0)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc1)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc2)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc3)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc4)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc5)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc6)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc7)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc8)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, gtrsc9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, hfmodem)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev0)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev1)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev2)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev3)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev4)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev5)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev6)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev7)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev8)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hiddev9)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw0)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw1)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw2)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw3)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw4)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw5)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw6)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw7)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw8)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, hidraw9)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, hpet)
-+ filetrans_pattern($1, device_t, random_device_t, chr_file, hw_random)
-+ filetrans_pattern($1, device_t, random_device_t, chr_file, hwrng)
-+ filetrans_pattern($1, device_t, dri_device_t, chr_file, i915)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, inportbm)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi0)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi1)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi2)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi3)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi4)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi5)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi6)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi7)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi8)
-+ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, ipmi9)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt0)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt1)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt2)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt3)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt4)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt5)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt6)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt7)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt8)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, irlpt9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, jbm)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js0)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js1)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js2)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js3)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js4)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js5)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js6)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js7)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js8)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, js9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse0)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse1)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse2)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse3)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse4)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse5)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse6)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse7)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse8)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mouse9)
-+ filetrans_pattern($1, device_t, memory_device_t, chr_file, kmem)
-+ filetrans_pattern($1, device_t, kmsg_device_t, chr_file, kmsg)
-+ filetrans_pattern($1, device_t, qemu_device_t, chr_file, kqemu)
-+ filetrans_pattern($1, device_t, ksm_device_t, chr_file, ksm)
-+ filetrans_pattern($1, device_t, kvm_device_t, chr_file, kvm)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik0)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik1)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik2)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik3)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik4)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik5)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik6)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik7)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik8)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, lik9)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc0)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc1)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc2)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc3)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc4)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc5)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc6)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc7)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc8)
-+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, lirc9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, lircm)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, logibm)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp0)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp1)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp2)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp3)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp4)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp5)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp6)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp7)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp8)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, lp9)
-+ filetrans_pattern($1, device_t, kmsg_device_t, chr_file, mcelog)
-+ filetrans_pattern($1, device_t, memory_device_t, chr_file, mem)
-+ filetrans_pattern($1, device_t, memory_device_t, chr_file, mergemem)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid0)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid1)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid2)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid3)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid4)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid5)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid6)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid7)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid8)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, mga_vid9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mice)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, microcode)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, midi9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mixer9)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mmetfgrab)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, modem)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4010)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4011)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4012)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4013)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4014)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4015)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4016)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4017)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4018)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, mpu4019)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr0)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr1)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr2)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr3)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr4)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr5)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr6)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr7)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr8)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, msr9)
-+ filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost)
-+ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_latency)
-+ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, network_throughput)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz0)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz1)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz2)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz3)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz4)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz5)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz6)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz7)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz8)
-+ filetrans_pattern($1, device_t, modem_device_t, chr_file, noz9)
-+ filetrans_pattern($1, device_t, null_device_t, chr_file, null)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia0)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia1)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia2)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia3)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia4)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia5)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia6)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia7)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia8)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidia9)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, nvidiactl)
-+ filetrans_pattern($1, device_t, nvram_device_t, chr_file, nvram)
-+ filetrans_pattern($1, device_t, memory_device_t, chr_file, oldmem)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, opengl)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par0)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par1)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par2)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par3)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par4)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par5)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par6)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par7)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par8)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, par9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, pc110pad)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock0)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock1)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock2)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock3)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock4)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock5)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock6)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock7)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock8)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pcfclock9)
-+ filetrans_pattern($1, device_t, power_device_t, chr_file, pmu)
-+ filetrans_pattern($1, device_t, memory_device_t, chr_file, port)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps0)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps1)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps2)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps3)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps4)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps5)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps6)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps7)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps8)
-+ filetrans_pattern($1, device_t, clock_device_t, chr_file, pps9)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, rmidi9)
-+ filetrans_pattern($1, device_t, dri_device_t, chr_file, radeon)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio3)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio4)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio5)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio6)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio8)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, radio9)
-+ filetrans_pattern($1, device_t, random_device_t, chr_file, random)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13940)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13941)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13942)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13943)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13944)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13945)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13946)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13947)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13948)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, raw13949)
-+ filetrans_pattern($1, device_t, wireless_device_t, chr_file, rfkill)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, sequencer2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte7)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte8)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, smpte9)
-+ filetrans_pattern($1, device_t, power_device_t, chr_file, smu)
-+ filetrans_pattern($1, device_t, apm_bios_t, chr_file, snapshot)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, sndstat)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, sonypi)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm0)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm1)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm2)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm3)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm4)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm5)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm6)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm7)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm8)
-+ filetrans_pattern($1, device_t, tpm_device_t, chr_file, tpm9)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, uinput)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio0)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio1)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio2)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio3)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio4)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio5)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio6)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio7)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio8)
-+ filetrans_pattern($1, device_t, userio_device_t, chr_file, uio9)
-+ filetrans_pattern($1, device_t, urandom_device_t, chr_file, urandom)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb0)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb1)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb2)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb3)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb4)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb5)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb6)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb7)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, usb8)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp0)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp1)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp2)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp3)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp4)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp5)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp6)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp7)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp8)
-+ filetrans_pattern($1, device_t, printer_device_t, chr_file, usblp9)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon0)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon1)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon2)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon3)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon4)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon5)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon6)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon7)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon8)
-+ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, usbmon9)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, usbscanner)
-+ filetrans_pattern($1, device_t, vhost_device_t, chr_file, vhost-net)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi3)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi4)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi5)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi6)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi8)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vbi9)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox0)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox1)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox2)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox3)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox4)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox5)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox6)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox7)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox8)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vbox9)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, vga_arbiter)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmmon)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet0)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet1)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet2)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet3)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet4)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet5)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet6)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet7)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet8)
-+ filetrans_pattern($1, device_t, vmware_device_t, chr_file, vmnet9)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video3)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video4)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video5)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video6)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video8)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, video9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, vrtpanel)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vttuner)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx3)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx4)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx5)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx6)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx8)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, vtx9)
-+ filetrans_pattern($1, device_t, watchdog_device_t, chr_file, watchdog)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio3)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio4)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio5)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio6)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio8)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, winradio9)
-+ filetrans_pattern($1, device_t, crypt_device_t, chr_file, z90crypt)
-+ filetrans_pattern($1, device_t, zero_device_t, chr_file, zero)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card0)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card1)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card2)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card3)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card4)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card5)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card6)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card7)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card8)
-+ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, card9)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx0)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx1)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx2)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx3)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx4)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx5)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx6)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx7)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx8)
-+ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, cmx9)
-+ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, cpu_dma_latency)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu0)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu1)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu2)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu3)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu4)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu5)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu6)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu7)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu8)
-+ filetrans_pattern($1, device_t, cpu_device_t, chr_file, cpu9)
-+ filetrans_pattern($1, device_t, mtrr_device_t, chr_file, mtrr)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor0)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor1)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor2)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor3)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor4)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor5)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor6)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor7)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor8)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, sensor9)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m0)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m1)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m2)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m3)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m4)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m5)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m6)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m7)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m8)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, m9)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard0)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard1)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard2)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard3)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard4)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard5)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard6)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard7)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard8)
-+ filetrans_pattern($1, device_t, event_device_t, chr_file, keyboard9)
-+ filetrans_pattern($1, device_t, lvm_control_t, chr_file, control)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, ucb1x00)
-+ filetrans_pattern($1, device_t, mouse_device_t, chr_file, mk712)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx0)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx1)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx2)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx3)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx4)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx5)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx6)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx7)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx8)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, dc2xx9)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8000)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8001)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8002)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8003)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8004)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8005)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8006)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8007)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8008)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, mdc8009)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner0)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner1)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner2)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner3)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner4)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner5)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner6)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner7)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner8)
-+ filetrans_pattern($1, device_t, scanner_device_t, chr_file, scanner9)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap0)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap1)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap2)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap3)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap4)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap5)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap6)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap7)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap8)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, blktap9)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, gntdev)
-+ filetrans_pattern($1, device_t, xen_device_t, chr_file, gntalloc)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, patmgr1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd0)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd1)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd2)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd3)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd4)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd5)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd6)
-+ filetrans_pattern($1, device_t, sound_device_t, chr_file, srnd7)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk0)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk1)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk2)
-+ filetrans_pattern($1, device_t, v4l_device_t, chr_file, tlk3)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, uba)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, ubb)
-+ filetrans_pattern($1, device_t, usb_device_t, chr_file, ubc)
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "3dfx")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "admmidi9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "adsp9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "aload9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amidi9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "amixer9")
++ filetrans_pattern($1, device_t, apm_bios_t, chr_file, "apm_bios")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "atibm")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "audio9")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs0")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs1")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs2")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs3")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs4")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs5")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs6")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs7")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs8")
++ filetrans_pattern($1, device_t, autofs_device_t, chr_file, "autofs9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "beep")
++ filetrans_pattern($1, device_t, lvm_control_t, chr_file, "btrfs-control")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "controlD64")
++ filetrans_pattern($1, device_t, crash_device_t, chr_file, "crash")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm0")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm1")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm2")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm3")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm4")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm5")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm6")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm7")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm8")
++ filetrans_pattern($1, device_t, dlm_control_device_t, chr_file, "dlm9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmfm")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dmmidi9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "dsp9")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "efirtc")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "e2201")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83000")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83001")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83002")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83003")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83004")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83005")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83006")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83007")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83008")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "em83009")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event0")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event1")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event2")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event3")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event4")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event5")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event6")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event7")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event8")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "event9")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "evtchn")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb0")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb1")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb2")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb3")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb4")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb5")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb6")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb7")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb8")
++ filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb9")
++ filetrans_pattern($1, device_t, null_device_t, chr_file, "full")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw0")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw1")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw2")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw3")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw4")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw5")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw6")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw7")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw8")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw9")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "000")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "001")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "002")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "003")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "004")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "005")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "006")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "007")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "008")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "009")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "gfx")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "graphics")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc0")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc1")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc2")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc3")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc4")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc5")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc6")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc7")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc8")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "gtrsc9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "hfmodem")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev0")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev1")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev2")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev3")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev4")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev5")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev6")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev7")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev8")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hiddev9")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw0")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw1")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw2")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw3")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw4")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw5")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw6")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw7")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw8")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "hidraw9")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "hpet")
++ filetrans_pattern($1, device_t, random_device_t, chr_file, "hw_random")
++ filetrans_pattern($1, device_t, random_device_t, chr_file, "hwrng")
++ filetrans_pattern($1, device_t, dri_device_t, chr_file, "i915")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "inportbm")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi0")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi1")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi2")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi3")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi4")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi5")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi6")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi7")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi8")
++ filetrans_pattern($1, device_t, ipmi_device_t, chr_file, "ipmi9")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt0")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt1")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt2")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt3")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt4")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt5")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt6")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt7")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt8")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "irlpt9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "jbm")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js0")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js1")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js2")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js3")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js4")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js5")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js6")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js7")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js8")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "js9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse0")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse1")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse2")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse3")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse4")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse5")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse6")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse7")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse8")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mouse9")
++ filetrans_pattern($1, device_t, memory_device_t, chr_file, "kmem")
++ filetrans_pattern($1, device_t, kmsg_device_t, chr_file, "kmsg")
++ filetrans_pattern($1, device_t, qemu_device_t, chr_file, "kqemu")
++ filetrans_pattern($1, device_t, ksm_device_t, chr_file, "ksm")
++ filetrans_pattern($1, device_t, kvm_device_t, chr_file, "kvm")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik0")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik1")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik2")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik3")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik4")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik5")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik6")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik7")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik8")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "lik9")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc0")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc1")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc2")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc3")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc4")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc5")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc6")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc7")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc8")
++ filetrans_pattern($1, device_t, lirc_device_t, chr_file, "lirc9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "lircm")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "logibm")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp0")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp1")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp2")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp3")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp4")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp5")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp6")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp7")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp8")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "lp9")
++ filetrans_pattern($1, device_t, kmsg_device_t, chr_file, "mcelog")
++ filetrans_pattern($1, device_t, memory_device_t, chr_file, "mem")
++ filetrans_pattern($1, device_t, memory_device_t, chr_file, "mergemem")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid0")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid1")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid2")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid3")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid4")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid5")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid6")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid7")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid8")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "mga_vid9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mice")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "microcode")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "midi9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mixer9")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mmetfgrab")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "modem")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4010")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4011")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4012")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4013")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4014")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4015")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4016")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4017")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4018")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "mpu4019")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr0")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr1")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr2")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr3")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr4")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr5")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr6")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr7")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr8")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "msr9")
++ filetrans_pattern($1, device_t, vhost_device_t, chr_file, "vhost")
++ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, "network_latency")
++ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, "network_throughput")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz0")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz1")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz2")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz3")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz4")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz5")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz6")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz7")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz8")
++ filetrans_pattern($1, device_t, modem_device_t, chr_file, "noz9")
++ filetrans_pattern($1, device_t, null_device_t, chr_file, "null")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia0")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia1")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia2")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia3")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia4")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia5")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia6")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia7")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia8")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidia9")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "nvidiactl")
++ filetrans_pattern($1, device_t, nvram_device_t, chr_file, "nvram")
++ filetrans_pattern($1, device_t, memory_device_t, chr_file, "oldmem")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "opengl")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par0")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par1")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par2")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par3")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par4")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par5")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par6")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par7")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par8")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "par9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "pc110pad")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock0")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock1")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock2")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock3")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock4")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock5")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock6")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock7")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock8")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pcfclock9")
++ filetrans_pattern($1, device_t, power_device_t, chr_file, "pmu")
++ filetrans_pattern($1, device_t, memory_device_t, chr_file, "port")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps0")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps1")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps2")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps3")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps4")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps5")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps6")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps7")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps8")
++ filetrans_pattern($1, device_t, clock_device_t, chr_file, "pps9")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "rmidi9")
++ filetrans_pattern($1, device_t, dri_device_t, chr_file, "radeon")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio3")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio4")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio5")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio6")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio8")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "radio9")
++ filetrans_pattern($1, device_t, random_device_t, chr_file, "random")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13940")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13941")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13942")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13943")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13944")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13945")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13946")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13947")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13948")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "raw13949")
++ filetrans_pattern($1, device_t, wireless_device_t, chr_file, "rfkill")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "sequencer")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "sequencer2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte7")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte8")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "smpte9")
++ filetrans_pattern($1, device_t, power_device_t, chr_file, "smu")
++ filetrans_pattern($1, device_t, apm_bios_t, chr_file, "snapshot")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "sndstat")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "sonypi")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm0")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm1")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm2")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm3")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm4")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm5")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm6")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm7")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm8")
++ filetrans_pattern($1, device_t, tpm_device_t, chr_file, "tpm9")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "uinput")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio0")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio1")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio2")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio3")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio4")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio5")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio6")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio7")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio8")
++ filetrans_pattern($1, device_t, userio_device_t, chr_file, "uio9")
++ filetrans_pattern($1, device_t, urandom_device_t, chr_file, "urandom")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb0")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb1")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb2")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb3")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb4")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb5")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb6")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb7")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "usb8")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp0")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp1")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp2")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp3")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp4")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp5")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp6")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp7")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp8")
++ filetrans_pattern($1, device_t, printer_device_t, chr_file, "usblp9")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon0")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon1")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon2")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon3")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon4")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon5")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon6")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon7")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon8")
++ filetrans_pattern($1, device_t, usbmon_device_t, chr_file, "usbmon9")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "usbscanner")
++ filetrans_pattern($1, device_t, vhost_device_t, chr_file, "vhost-net")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi3")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi4")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi5")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi6")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi8")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vbi9")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox0")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox1")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox2")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox3")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox4")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox5")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox6")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox7")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox8")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vbox9")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "vga_arbiter")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmmon")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet0")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet1")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet2")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet3")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet4")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet5")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet6")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet7")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet8")
++ filetrans_pattern($1, device_t, vmware_device_t, chr_file, "vmnet9")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video3")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video4")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video5")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video6")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video8")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "video9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "vrtpanel")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vttuner")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx3")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx4")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx5")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx6")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx8")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "vtx9")
++ filetrans_pattern($1, device_t, watchdog_device_t, chr_file, "watchdog")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio3")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio4")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio5")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio6")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio8")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "winradio9")
++ filetrans_pattern($1, device_t, crypt_device_t, chr_file, "z90crypt")
++ filetrans_pattern($1, device_t, zero_device_t, chr_file, "zero")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card0")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card1")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card2")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card3")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card4")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card5")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card6")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card7")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card8")
++ filetrans_pattern($1, device_t, xserver_misc_device_t, chr_file, "card9")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx0")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx1")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx2")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx3")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx4")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx5")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx6")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx7")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx8")
++ filetrans_pattern($1, device_t, smartcard_device_t, chr_file, "cmx9")
++ filetrans_pattern($1, device_t, netcontrol_device_t, chr_file, "cpu_dma_latency")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu0")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu1")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu2")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu3")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu4")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu5")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu6")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu7")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu8")
++ filetrans_pattern($1, device_t, cpu_device_t, chr_file, "cpu9")
++ filetrans_pattern($1, device_t, mtrr_device_t, chr_file, "mtrr")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor0")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor1")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor2")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor3")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor4")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor5")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor6")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor7")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor8")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "sensor9")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m0")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m1")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m2")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m3")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m4")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m5")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m6")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m7")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m8")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "m9")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard0")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard1")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard2")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard3")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard4")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard5")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard6")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard7")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard8")
++ filetrans_pattern($1, device_t, event_device_t, chr_file, "keyboard9")
++ filetrans_pattern($1, device_t, lvm_control_t, chr_file, "control")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "ucb1x00")
++ filetrans_pattern($1, device_t, mouse_device_t, chr_file, "mk712")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx0")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx1")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx2")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx3")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx4")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx5")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx6")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx7")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx8")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "dc2xx9")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8000")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8001")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8002")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8003")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8004")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8005")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8006")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8007")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8008")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "mdc8009")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner0")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner1")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner2")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner3")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner4")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner5")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner6")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner7")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner8")
++ filetrans_pattern($1, device_t, scanner_device_t, chr_file, "scanner9")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap0")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap1")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap2")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap3")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap4")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap5")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap6")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap7")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap8")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "blktap9")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "gntdev")
++ filetrans_pattern($1, device_t, xen_device_t, chr_file, "gntalloc")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "patmgr0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "patmgr1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd0")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd1")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd2")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd3")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd4")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd5")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd6")
++ filetrans_pattern($1, device_t, sound_device_t, chr_file, "srnd7")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "tlk0")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "tlk1")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "tlk2")
++ filetrans_pattern($1, device_t, v4l_device_t, chr_file, "tlk3")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "uba")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "ubb")
++ filetrans_pattern($1, device_t, usb_device_t, chr_file, "ubc")
+')
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 3ff4f60..89ffda6 100644
@@ -15693,7 +15754,7 @@ index a9b8982..57c4a6a 100644
+/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
-index 3723150..b7b777d 100644
+index 3723150..346dfb1 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -101,6 +101,8 @@ interface(`storage_raw_read_fixed_disk',`
@@ -15741,339 +15802,339 @@ index 3723150..b7b777d 100644
+ type fuse_device_t;
+ ')
+
-+ dev_filetrans($1, tape_device_t, chr_file, ht00)
-+ dev_filetrans($1, tape_device_t, chr_file, ht01)
-+ dev_filetrans($1, tape_device_t, chr_file, ht02)
-+ dev_filetrans($1, tape_device_t, chr_file, ht03)
-+ dev_filetrans($1, tape_device_t, chr_file, ht04)
-+ dev_filetrans($1, tape_device_t, chr_file, ht05)
-+ dev_filetrans($1, tape_device_t, chr_file, ht06)
-+ dev_filetrans($1, tape_device_t, chr_file, ht07)
-+ dev_filetrans($1, tape_device_t, chr_file, ht08)
-+ dev_filetrans($1, tape_device_t, chr_file, ht09)
-+ dev_filetrans($1, tape_device_t, chr_file, st00)
-+ dev_filetrans($1, tape_device_t, chr_file, st01)
-+ dev_filetrans($1, tape_device_t, chr_file, st02)
-+ dev_filetrans($1, tape_device_t, chr_file, st03)
-+ dev_filetrans($1, tape_device_t, chr_file, st04)
-+ dev_filetrans($1, tape_device_t, chr_file, st05)
-+ dev_filetrans($1, tape_device_t, chr_file, st06)
-+ dev_filetrans($1, tape_device_t, chr_file, st07)
-+ dev_filetrans($1, tape_device_t, chr_file, st08)
-+ dev_filetrans($1, tape_device_t, chr_file, st09)
-+ dev_filetrans($1, tape_device_t, chr_file, qft0)
-+ dev_filetrans($1, tape_device_t, chr_file, qft1)
-+ dev_filetrans($1, tape_device_t, chr_file, qft2)
-+ dev_filetrans($1, tape_device_t, chr_file, qft3)
-+ dev_filetrans($1, tape_device_t, chr_file, osst00)
-+ dev_filetrans($1, tape_device_t, chr_file, osst01)
-+ dev_filetrans($1, tape_device_t, chr_file, osst02)
-+ dev_filetrans($1, tape_device_t, chr_file, osst03)
-+ dev_filetrans($1, tape_device_t, chr_file, osst04)
-+ dev_filetrans($1, tape_device_t, chr_file, osst05)
-+ dev_filetrans($1, tape_device_t, chr_file, osst06)
-+ dev_filetrans($1, tape_device_t, chr_file, osst07)
-+ dev_filetrans($1, tape_device_t, chr_file, osst08)
-+ dev_filetrans($1, tape_device_t, chr_file, osst09)
-+ dev_filetrans($1, tape_device_t, chr_file, pt0)
-+ dev_filetrans($1, tape_device_t, chr_file, pt1)
-+ dev_filetrans($1, tape_device_t, chr_file, pt2)
-+ dev_filetrans($1, tape_device_t, chr_file, pt3)
-+ dev_filetrans($1, tape_device_t, chr_file, pt4)
-+ dev_filetrans($1, tape_device_t, chr_file, pt5)
-+ dev_filetrans($1, tape_device_t, chr_file, pt6)
-+ dev_filetrans($1, tape_device_t, chr_file, pt7)
-+ dev_filetrans($1, tape_device_t, chr_file, pt8)
-+ dev_filetrans($1, tape_device_t, chr_file, pt9)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic0)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic1)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic2)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic3)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic4)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic5)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic6)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic7)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic8)
-+ dev_filetrans($1, tape_device_t, chr_file, tpqic9)
-+ dev_filetrans($1, removable_device_t, blk_file, aztcd)
-+ dev_filetrans($1, removable_device_t, blk_file, bpcd)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu0)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu1)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu2)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu3)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu4)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu5)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu6)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu7)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu8)
-+ dev_filetrans($1, removable_device_t, blk_file, cdu9)
-+ dev_filetrans($1, removable_device_t, blk_file, cm200)
-+ dev_filetrans($1, removable_device_t, blk_file, cm201)
-+ dev_filetrans($1, removable_device_t, blk_file, cm202)
-+ dev_filetrans($1, removable_device_t, blk_file, cm203)
-+ dev_filetrans($1, removable_device_t, blk_file, cm204)
-+ dev_filetrans($1, removable_device_t, blk_file, cm205)
-+ dev_filetrans($1, removable_device_t, blk_file, cm206)
-+ dev_filetrans($1, removable_device_t, blk_file, cm207)
-+ dev_filetrans($1, removable_device_t, blk_file, cm208)
-+ dev_filetrans($1, removable_device_t, blk_file, cm209)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sda9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdb9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdc9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdd9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sde9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdf9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, sdg9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, dm-9)
-+ dev_filetrans($1, removable_device_t, blk_file, gscd)
-+ dev_filetrans($1, removable_device_t, blk_file, hitcd)
-+ dev_filetrans($1, tape_device_t, blk_file, ht0)
-+ dev_filetrans($1, tape_device_t, blk_file, ht1)
-+ dev_filetrans($1, removable_device_t, blk_file, hwcdrom)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, initrd)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, jsfd)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, jsflash)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, loop9)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, lvm)
-+ dev_filetrans($1, removable_device_t, blk_file, mcd)
-+ dev_filetrans($1, removable_device_t, blk_file, mcdx)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev0)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev1)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev2)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev3)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev4)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev5)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev6)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev7)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev8)
-+ dev_filetrans($1, removable_device_t, chr_file, megadev9)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk0)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk1)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk2)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk3)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk4)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk5)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk6)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk7)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk8)
-+ dev_filetrans($1, removable_device_t, blk_file, mmcblk9)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk0)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk1)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk2)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk3)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk4)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk5)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk6)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk7)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk8)
-+ dev_filetrans($1, removable_device_t, blk_file, mspblk9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, mtd9)
-+ dev_filetrans($1, removable_device_t, blk_file, optcd)
-+ dev_filetrans($1, removable_device_t, blk_file, pf0)
-+ dev_filetrans($1, removable_device_t, blk_file, pf1)
-+ dev_filetrans($1, removable_device_t, blk_file, pf2)
-+ dev_filetrans($1, removable_device_t, blk_file, pf3)
-+ dev_filetrans($1, removable_device_t, blk_file, pg0)
-+ dev_filetrans($1, removable_device_t, blk_file, pg1)
-+ dev_filetrans($1, removable_device_t, blk_file, pg2)
-+ dev_filetrans($1, removable_device_t, blk_file, pg3)
-+ dev_filetrans($1, removable_device_t, blk_file, pcd0)
-+ dev_filetrans($1, removable_device_t, blk_file, pcd1)
-+ dev_filetrans($1, removable_device_t, blk_file, pcd2)
-+ dev_filetrans($1, removable_device_t, blk_file, pcd3)
-+ dev_filetrans($1, removable_device_t, chr_file, pg0)
-+ dev_filetrans($1, removable_device_t, chr_file, pg1)
-+ dev_filetrans($1, removable_device_t, chr_file, pg2)
-+ dev_filetrans($1, removable_device_t, chr_file, pg3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ps3d9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram10)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram11)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram12)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram13)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram14)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, ram15)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd0)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd1)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd2)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd3)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd4)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd5)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd6)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd7)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd8)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, rd9)
-+ dev_filetrans($1, fixed_disk_device_t, blk_file, root)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd0)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd1)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd2)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd3)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd4)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd5)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd6)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd7)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd8)
-+ dev_filetrans($1, removable_device_t, blk_file, sbpcd9)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg0)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg1)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg2)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg3)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg4)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg5)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg6)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg7)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg8)
-+ dev_filetrans($1, scsi_generic_device_t, chr_file, sg9)
-+ dev_filetrans($1, removable_device_t, blk_file, sr0)
-+ dev_filetrans($1, removable_device_t, blk_file, sr1)
-+ dev_filetrans($1, removable_device_t, blk_file, sr2)
-+ dev_filetrans($1, removable_device_t, blk_file, sr3)
-+ dev_filetrans($1, removable_device_t, blk_file, sr4)
-+ dev_filetrans($1, removable_device_t, blk_file, sr5)
-+ dev_filetrans($1, removable_device_t, blk_file, sr6)
-+ dev_filetrans($1, removable_device_t, blk_file, sr7)
-+ dev_filetrans($1, removable_device_t, blk_file, sr8)
-+ dev_filetrans($1, removable_device_t, blk_file, sr9)
-+ dev_filetrans($1, removable_device_t, blk_file, sjcd)
-+ dev_filetrans($1, removable_device_t, blk_file, sonycd)
-+ dev_filetrans($1, tape_device_t, chr_file, tape0)
-+ dev_filetrans($1, tape_device_t, chr_file, tape1)
-+ dev_filetrans($1, tape_device_t, chr_file, tape2)
-+ dev_filetrans($1, tape_device_t, chr_file, tape3)
-+ dev_filetrans($1, tape_device_t, chr_file, tape4)
-+ dev_filetrans($1, tape_device_t, chr_file, tape5)
-+ dev_filetrans($1, tape_device_t, chr_file, tape6)
-+ dev_filetrans($1, tape_device_t, chr_file, tape7)
-+ dev_filetrans($1, tape_device_t, chr_file, tape8)
-+ dev_filetrans($1, tape_device_t, chr_file, tape9)
-+ dev_filetrans($1, fuse_device_t, chr_file, fuse)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, device-mapper)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw0)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw1)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw2)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw3)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw4)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw5)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw6)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw7)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw8)
-+ dev_filetrans($1, fixed_disk_device_t, chr_file, raw9)
-+ dev_filetrans($1, removable_device_t, chr_file, rio500)
++ dev_filetrans($1, tape_device_t, chr_file, "ht00")
++ dev_filetrans($1, tape_device_t, chr_file, "ht01")
++ dev_filetrans($1, tape_device_t, chr_file, "ht02")
++ dev_filetrans($1, tape_device_t, chr_file, "ht03")
++ dev_filetrans($1, tape_device_t, chr_file, "ht04")
++ dev_filetrans($1, tape_device_t, chr_file, "ht05")
++ dev_filetrans($1, tape_device_t, chr_file, "ht06")
++ dev_filetrans($1, tape_device_t, chr_file, "ht07")
++ dev_filetrans($1, tape_device_t, chr_file, "ht08")
++ dev_filetrans($1, tape_device_t, chr_file, "ht09")
++ dev_filetrans($1, tape_device_t, chr_file, "st00")
++ dev_filetrans($1, tape_device_t, chr_file, "st01")
++ dev_filetrans($1, tape_device_t, chr_file, "st02")
++ dev_filetrans($1, tape_device_t, chr_file, "st03")
++ dev_filetrans($1, tape_device_t, chr_file, "st04")
++ dev_filetrans($1, tape_device_t, chr_file, "st05")
++ dev_filetrans($1, tape_device_t, chr_file, "st06")
++ dev_filetrans($1, tape_device_t, chr_file, "st07")
++ dev_filetrans($1, tape_device_t, chr_file, "st08")
++ dev_filetrans($1, tape_device_t, chr_file, "st09")
++ dev_filetrans($1, tape_device_t, chr_file, "qft0")
++ dev_filetrans($1, tape_device_t, chr_file, "qft1")
++ dev_filetrans($1, tape_device_t, chr_file, "qft2")
++ dev_filetrans($1, tape_device_t, chr_file, "qft3")
++ dev_filetrans($1, tape_device_t, chr_file, "osst00")
++ dev_filetrans($1, tape_device_t, chr_file, "osst01")
++ dev_filetrans($1, tape_device_t, chr_file, "osst02")
++ dev_filetrans($1, tape_device_t, chr_file, "osst03")
++ dev_filetrans($1, tape_device_t, chr_file, "osst04")
++ dev_filetrans($1, tape_device_t, chr_file, "osst05")
++ dev_filetrans($1, tape_device_t, chr_file, "osst06")
++ dev_filetrans($1, tape_device_t, chr_file, "osst07")
++ dev_filetrans($1, tape_device_t, chr_file, "osst08")
++ dev_filetrans($1, tape_device_t, chr_file, "osst09")
++ dev_filetrans($1, tape_device_t, chr_file, "pt0")
++ dev_filetrans($1, tape_device_t, chr_file, "pt1")
++ dev_filetrans($1, tape_device_t, chr_file, "pt2")
++ dev_filetrans($1, tape_device_t, chr_file, "pt3")
++ dev_filetrans($1, tape_device_t, chr_file, "pt4")
++ dev_filetrans($1, tape_device_t, chr_file, "pt5")
++ dev_filetrans($1, tape_device_t, chr_file, "pt6")
++ dev_filetrans($1, tape_device_t, chr_file, "pt7")
++ dev_filetrans($1, tape_device_t, chr_file, "pt8")
++ dev_filetrans($1, tape_device_t, chr_file, "pt9")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic0")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic1")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic2")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic3")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic4")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic5")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic6")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic7")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic8")
++ dev_filetrans($1, tape_device_t, chr_file, "tpqic9")
++ dev_filetrans($1, removable_device_t, blk_file, "aztcd")
++ dev_filetrans($1, removable_device_t, blk_file, "bpcd")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu0")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu1")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu2")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu3")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu4")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu5")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu6")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu7")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu8")
++ dev_filetrans($1, removable_device_t, blk_file, "cdu9")
++ dev_filetrans($1, removable_device_t, blk_file, "cm200")
++ dev_filetrans($1, removable_device_t, blk_file, "cm201")
++ dev_filetrans($1, removable_device_t, blk_file, "cm202")
++ dev_filetrans($1, removable_device_t, blk_file, "cm203")
++ dev_filetrans($1, removable_device_t, blk_file, "cm204")
++ dev_filetrans($1, removable_device_t, blk_file, "cm205")
++ dev_filetrans($1, removable_device_t, blk_file, "cm206")
++ dev_filetrans($1, removable_device_t, blk_file, "cm207")
++ dev_filetrans($1, removable_device_t, blk_file, "cm208")
++ dev_filetrans($1, removable_device_t, blk_file, "cm209")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sda9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdb9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdc9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdd9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sde9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdf9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "sdg9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "dm-9")
++ dev_filetrans($1, removable_device_t, blk_file, "gscd")
++ dev_filetrans($1, removable_device_t, blk_file, "hitcd")
++ dev_filetrans($1, tape_device_t, blk_file, "ht0")
++ dev_filetrans($1, tape_device_t, blk_file, "ht1")
++ dev_filetrans($1, removable_device_t, blk_file, "hwcdrom")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "initrd")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "jsfd")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "jsflash")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "loop9")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "lvm")
++ dev_filetrans($1, removable_device_t, blk_file, "mcd")
++ dev_filetrans($1, removable_device_t, blk_file, "mcdx")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev0")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev1")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev2")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev3")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev4")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev5")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev6")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev7")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev8")
++ dev_filetrans($1, removable_device_t, chr_file, "megadev9")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk0")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk1")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk2")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk3")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk4")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk5")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk6")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk7")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk8")
++ dev_filetrans($1, removable_device_t, blk_file, "mmcblk9")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk0")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk1")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk2")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk3")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk4")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk5")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk6")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk7")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk8")
++ dev_filetrans($1, removable_device_t, blk_file, "mspblk9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "mtd9")
++ dev_filetrans($1, removable_device_t, blk_file, "optcd")
++ dev_filetrans($1, removable_device_t, blk_file, "pf0")
++ dev_filetrans($1, removable_device_t, blk_file, "pf1")
++ dev_filetrans($1, removable_device_t, blk_file, "pf2")
++ dev_filetrans($1, removable_device_t, blk_file, "pf3")
++ dev_filetrans($1, removable_device_t, blk_file, "pg0")
++ dev_filetrans($1, removable_device_t, blk_file, "pg1")
++ dev_filetrans($1, removable_device_t, blk_file, "pg2")
++ dev_filetrans($1, removable_device_t, blk_file, "pg3")
++ dev_filetrans($1, removable_device_t, blk_file, "pcd0")
++ dev_filetrans($1, removable_device_t, blk_file, "pcd1")
++ dev_filetrans($1, removable_device_t, blk_file, "pcd2")
++ dev_filetrans($1, removable_device_t, blk_file, "pcd3")
++ dev_filetrans($1, removable_device_t, chr_file, "pg0")
++ dev_filetrans($1, removable_device_t, chr_file, "pg1")
++ dev_filetrans($1, removable_device_t, chr_file, "pg2")
++ dev_filetrans($1, removable_device_t, chr_file, "pg3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ps3d9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram10")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram11")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram12")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram13")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram14")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "ram15")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd0")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd1")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd2")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd3")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd4")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd5")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd6")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd7")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd8")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "rd9")
++ dev_filetrans($1, fixed_disk_device_t, blk_file, "root")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd0")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd1")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd2")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd3")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd4")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd5")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd6")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd7")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd8")
++ dev_filetrans($1, removable_device_t, blk_file, "sbpcd9")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg0")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg1")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg2")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg3")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg4")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg5")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg6")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg7")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg8")
++ dev_filetrans($1, scsi_generic_device_t, chr_file, "sg9")
++ dev_filetrans($1, removable_device_t, blk_file, "sr0")
++ dev_filetrans($1, removable_device_t, blk_file, "sr1")
++ dev_filetrans($1, removable_device_t, blk_file, "sr2")
++ dev_filetrans($1, removable_device_t, blk_file, "sr3")
++ dev_filetrans($1, removable_device_t, blk_file, "sr4")
++ dev_filetrans($1, removable_device_t, blk_file, "sr5")
++ dev_filetrans($1, removable_device_t, blk_file, "sr6")
++ dev_filetrans($1, removable_device_t, blk_file, "sr7")
++ dev_filetrans($1, removable_device_t, blk_file, "sr8")
++ dev_filetrans($1, removable_device_t, blk_file, "sr9")
++ dev_filetrans($1, removable_device_t, blk_file, "sjcd")
++ dev_filetrans($1, removable_device_t, blk_file, "sonycd")
++ dev_filetrans($1, tape_device_t, chr_file, "tape0")
++ dev_filetrans($1, tape_device_t, chr_file, "tape1")
++ dev_filetrans($1, tape_device_t, chr_file, "tape2")
++ dev_filetrans($1, tape_device_t, chr_file, "tape3")
++ dev_filetrans($1, tape_device_t, chr_file, "tape4")
++ dev_filetrans($1, tape_device_t, chr_file, "tape5")
++ dev_filetrans($1, tape_device_t, chr_file, "tape6")
++ dev_filetrans($1, tape_device_t, chr_file, "tape7")
++ dev_filetrans($1, tape_device_t, chr_file, "tape8")
++ dev_filetrans($1, tape_device_t, chr_file, "tape9")
++ dev_filetrans($1, fuse_device_t, chr_file, "fuse")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "device-mapper")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw0")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw1")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw2")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw3")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw4")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw5")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw6")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw7")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw8")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw9")
++ dev_filetrans($1, removable_device_t, chr_file, "rio500")
+')
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
index 3994e57..a1923fe 100644
@@ -16102,7 +16163,7 @@ index 3994e57..a1923fe 100644
+
+/lib/udev/devices/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
-index f3acfee..7691aff 100644
+index f3acfee..70c384c 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -208,6 +208,27 @@ interface(`term_use_all_terms',`
@@ -16407,351 +16468,351 @@ index f3acfee..7691aff 100644
+ type usbtty_device_t;
+')
+
-+ dev_filetrans($1, devtty_t, chr_file, tty)
-+ dev_filetrans($1, tty_device_t, chr_file, tty0)
-+ dev_filetrans($1, tty_device_t, chr_file, tty1)
-+ dev_filetrans($1, tty_device_t, chr_file, tty2)
-+ dev_filetrans($1, tty_device_t, chr_file, tty3)
-+ dev_filetrans($1, tty_device_t, chr_file, tty4)
-+ dev_filetrans($1, tty_device_t, chr_file, tty5)
-+ dev_filetrans($1, tty_device_t, chr_file, tty6)
-+ dev_filetrans($1, tty_device_t, chr_file, tty7)
-+ dev_filetrans($1, tty_device_t, chr_file, tty8)
-+ dev_filetrans($1, tty_device_t, chr_file, tty9)
-+ dev_filetrans($1, tty_device_t, chr_file, tty10)
-+ dev_filetrans($1, tty_device_t, chr_file, tty11)
-+ dev_filetrans($1, tty_device_t, chr_file, tty12)
-+ dev_filetrans($1, tty_device_t, chr_file, tty13)
-+ dev_filetrans($1, tty_device_t, chr_file, tty14)
-+ dev_filetrans($1, tty_device_t, chr_file, tty15)
-+ dev_filetrans($1, tty_device_t, chr_file, tty16)
-+ dev_filetrans($1, tty_device_t, chr_file, tty17)
-+ dev_filetrans($1, tty_device_t, chr_file, tty18)
-+ dev_filetrans($1, tty_device_t, chr_file, tty19)
-+ dev_filetrans($1, tty_device_t, chr_file, tty20)
-+ dev_filetrans($1, tty_device_t, chr_file, tty21)
-+ dev_filetrans($1, tty_device_t, chr_file, tty22)
-+ dev_filetrans($1, tty_device_t, chr_file, tty23)
-+ dev_filetrans($1, tty_device_t, chr_file, tty24)
-+ dev_filetrans($1, tty_device_t, chr_file, tty25)
-+ dev_filetrans($1, tty_device_t, chr_file, tty26)
-+ dev_filetrans($1, tty_device_t, chr_file, tty27)
-+ dev_filetrans($1, tty_device_t, chr_file, tty28)
-+ dev_filetrans($1, tty_device_t, chr_file, tty29)
-+ dev_filetrans($1, tty_device_t, chr_file, tty30)
-+ dev_filetrans($1, tty_device_t, chr_file, tty31)
-+ dev_filetrans($1, tty_device_t, chr_file, tty32)
-+ dev_filetrans($1, tty_device_t, chr_file, tty33)
-+ dev_filetrans($1, tty_device_t, chr_file, tty34)
-+ dev_filetrans($1, tty_device_t, chr_file, tty35)
-+ dev_filetrans($1, tty_device_t, chr_file, tty36)
-+ dev_filetrans($1, tty_device_t, chr_file, tty37)
-+ dev_filetrans($1, tty_device_t, chr_file, tty38)
-+ dev_filetrans($1, tty_device_t, chr_file, tty39)
-+ dev_filetrans($1, tty_device_t, chr_file, tty40)
-+ dev_filetrans($1, tty_device_t, chr_file, tty41)
-+ dev_filetrans($1, tty_device_t, chr_file, tty42)
-+ dev_filetrans($1, tty_device_t, chr_file, tty43)
-+ dev_filetrans($1, tty_device_t, chr_file, tty44)
-+ dev_filetrans($1, tty_device_t, chr_file, tty45)
-+ dev_filetrans($1, tty_device_t, chr_file, tty46)
-+ dev_filetrans($1, tty_device_t, chr_file, tty47)
-+ dev_filetrans($1, tty_device_t, chr_file, tty48)
-+ dev_filetrans($1, tty_device_t, chr_file, tty49)
-+ dev_filetrans($1, tty_device_t, chr_file, tty50)
-+ dev_filetrans($1, tty_device_t, chr_file, tty51)
-+ dev_filetrans($1, tty_device_t, chr_file, tty52)
-+ dev_filetrans($1, tty_device_t, chr_file, tty53)
-+ dev_filetrans($1, tty_device_t, chr_file, tty54)
-+ dev_filetrans($1, tty_device_t, chr_file, tty55)
-+ dev_filetrans($1, tty_device_t, chr_file, tty56)
-+ dev_filetrans($1, tty_device_t, chr_file, tty57)
-+ dev_filetrans($1, tty_device_t, chr_file, tty58)
-+ dev_filetrans($1, tty_device_t, chr_file, tty59)
-+ dev_filetrans($1, tty_device_t, chr_file, tty60)
-+ dev_filetrans($1, tty_device_t, chr_file, tty61)
-+ dev_filetrans($1, tty_device_t, chr_file, tty62)
-+ dev_filetrans($1, tty_device_t, chr_file, tty63)
-+ dev_filetrans($1, tty_device_t, chr_file, tty64)
-+ dev_filetrans($1, tty_device_t, chr_file, tty65)
-+ dev_filetrans($1, tty_device_t, chr_file, tty66)
-+ dev_filetrans($1, tty_device_t, chr_file, tty67)
-+ dev_filetrans($1, tty_device_t, chr_file, tty68)
-+ dev_filetrans($1, tty_device_t, chr_file, tty69)
-+ dev_filetrans($1, tty_device_t, chr_file, tty70)
-+ dev_filetrans($1, tty_device_t, chr_file, tty71)
-+ dev_filetrans($1, tty_device_t, chr_file, tty72)
-+ dev_filetrans($1, tty_device_t, chr_file, tty73)
-+ dev_filetrans($1, tty_device_t, chr_file, tty74)
-+ dev_filetrans($1, tty_device_t, chr_file, tty75)
-+ dev_filetrans($1, tty_device_t, chr_file, tty76)
-+ dev_filetrans($1, tty_device_t, chr_file, tty77)
-+ dev_filetrans($1, tty_device_t, chr_file, tty78)
-+ dev_filetrans($1, tty_device_t, chr_file, tty79)
-+ dev_filetrans($1, tty_device_t, chr_file, tty80)
-+ dev_filetrans($1, tty_device_t, chr_file, tty81)
-+ dev_filetrans($1, tty_device_t, chr_file, tty82)
-+ dev_filetrans($1, tty_device_t, chr_file, tty83)
-+ dev_filetrans($1, tty_device_t, chr_file, tty84)
-+ dev_filetrans($1, tty_device_t, chr_file, tty85)
-+ dev_filetrans($1, tty_device_t, chr_file, tty86)
-+ dev_filetrans($1, tty_device_t, chr_file, tty87)
-+ dev_filetrans($1, tty_device_t, chr_file, tty88)
-+ dev_filetrans($1, tty_device_t, chr_file, tty89)
-+ dev_filetrans($1, tty_device_t, chr_file, tty90)
-+ dev_filetrans($1, tty_device_t, chr_file, tty91)
-+ dev_filetrans($1, tty_device_t, chr_file, tty92)
-+ dev_filetrans($1, tty_device_t, chr_file, tty93)
-+ dev_filetrans($1, tty_device_t, chr_file, tty94)
-+ dev_filetrans($1, tty_device_t, chr_file, tty95)
-+ dev_filetrans($1, tty_device_t, chr_file, tty96)
-+ dev_filetrans($1, tty_device_t, chr_file, tty97)
-+ dev_filetrans($1, tty_device_t, chr_file, tty98)
-+ dev_filetrans($1, tty_device_t, chr_file, tty99)
-+ dev_filetrans($1, tty_device_t, chr_file, pty)
-+ dev_filetrans($1, tty_device_t, chr_file, pty0)
-+ dev_filetrans($1, tty_device_t, chr_file, pty1)
-+ dev_filetrans($1, tty_device_t, chr_file, pty2)
-+ dev_filetrans($1, tty_device_t, chr_file, pty3)
-+ dev_filetrans($1, tty_device_t, chr_file, pty4)
-+ dev_filetrans($1, tty_device_t, chr_file, pty5)
-+ dev_filetrans($1, tty_device_t, chr_file, pty6)
-+ dev_filetrans($1, tty_device_t, chr_file, pty7)
-+ dev_filetrans($1, tty_device_t, chr_file, pty8)
-+ dev_filetrans($1, tty_device_t, chr_file, pty9)
-+ dev_filetrans($1, tty_device_t, chr_file, pty10)
-+ dev_filetrans($1, tty_device_t, chr_file, pty11)
-+ dev_filetrans($1, tty_device_t, chr_file, pty12)
-+ dev_filetrans($1, tty_device_t, chr_file, pty13)
-+ dev_filetrans($1, tty_device_t, chr_file, pty14)
-+ dev_filetrans($1, tty_device_t, chr_file, pty15)
-+ dev_filetrans($1, tty_device_t, chr_file, pty16)
-+ dev_filetrans($1, tty_device_t, chr_file, pty17)
-+ dev_filetrans($1, tty_device_t, chr_file, pty18)
-+ dev_filetrans($1, tty_device_t, chr_file, pty19)
-+ dev_filetrans($1, tty_device_t, chr_file, pty20)
-+ dev_filetrans($1, tty_device_t, chr_file, pty21)
-+ dev_filetrans($1, tty_device_t, chr_file, pty22)
-+ dev_filetrans($1, tty_device_t, chr_file, pty23)
-+ dev_filetrans($1, tty_device_t, chr_file, pty24)
-+ dev_filetrans($1, tty_device_t, chr_file, pty25)
-+ dev_filetrans($1, tty_device_t, chr_file, pty26)
-+ dev_filetrans($1, tty_device_t, chr_file, pty27)
-+ dev_filetrans($1, tty_device_t, chr_file, pty28)
-+ dev_filetrans($1, tty_device_t, chr_file, pty29)
-+ dev_filetrans($1, tty_device_t, chr_file, pty30)
-+ dev_filetrans($1, tty_device_t, chr_file, pty31)
-+ dev_filetrans($1, tty_device_t, chr_file, pty32)
-+ dev_filetrans($1, tty_device_t, chr_file, pty33)
-+ dev_filetrans($1, tty_device_t, chr_file, pty34)
-+ dev_filetrans($1, tty_device_t, chr_file, pty35)
-+ dev_filetrans($1, tty_device_t, chr_file, pty36)
-+ dev_filetrans($1, tty_device_t, chr_file, pty37)
-+ dev_filetrans($1, tty_device_t, chr_file, pty38)
-+ dev_filetrans($1, tty_device_t, chr_file, pty39)
-+ dev_filetrans($1, tty_device_t, chr_file, pty40)
-+ dev_filetrans($1, tty_device_t, chr_file, pty41)
-+ dev_filetrans($1, tty_device_t, chr_file, pty42)
-+ dev_filetrans($1, tty_device_t, chr_file, pty43)
-+ dev_filetrans($1, tty_device_t, chr_file, pty44)
-+ dev_filetrans($1, tty_device_t, chr_file, pty45)
-+ dev_filetrans($1, tty_device_t, chr_file, pty46)
-+ dev_filetrans($1, tty_device_t, chr_file, pty47)
-+ dev_filetrans($1, tty_device_t, chr_file, pty48)
-+ dev_filetrans($1, tty_device_t, chr_file, pty49)
-+ dev_filetrans($1, tty_device_t, chr_file, pty50)
-+ dev_filetrans($1, tty_device_t, chr_file, pty51)
-+ dev_filetrans($1, tty_device_t, chr_file, pty52)
-+ dev_filetrans($1, tty_device_t, chr_file, pty53)
-+ dev_filetrans($1, tty_device_t, chr_file, pty54)
-+ dev_filetrans($1, tty_device_t, chr_file, pty55)
-+ dev_filetrans($1, tty_device_t, chr_file, pty56)
-+ dev_filetrans($1, tty_device_t, chr_file, pty57)
-+ dev_filetrans($1, tty_device_t, chr_file, pty58)
-+ dev_filetrans($1, tty_device_t, chr_file, pty59)
-+ dev_filetrans($1, tty_device_t, chr_file, pty60)
-+ dev_filetrans($1, tty_device_t, chr_file, pty61)
-+ dev_filetrans($1, tty_device_t, chr_file, pty62)
-+ dev_filetrans($1, tty_device_t, chr_file, pty63)
-+ dev_filetrans($1, tty_device_t, chr_file, pty64)
-+ dev_filetrans($1, tty_device_t, chr_file, pty65)
-+ dev_filetrans($1, tty_device_t, chr_file, pty66)
-+ dev_filetrans($1, tty_device_t, chr_file, pty67)
-+ dev_filetrans($1, tty_device_t, chr_file, pty68)
-+ dev_filetrans($1, tty_device_t, chr_file, pty69)
-+ dev_filetrans($1, tty_device_t, chr_file, pty70)
-+ dev_filetrans($1, tty_device_t, chr_file, pty71)
-+ dev_filetrans($1, tty_device_t, chr_file, pty72)
-+ dev_filetrans($1, tty_device_t, chr_file, pty73)
-+ dev_filetrans($1, tty_device_t, chr_file, pty74)
-+ dev_filetrans($1, tty_device_t, chr_file, pty75)
-+ dev_filetrans($1, tty_device_t, chr_file, pty76)
-+ dev_filetrans($1, tty_device_t, chr_file, pty77)
-+ dev_filetrans($1, tty_device_t, chr_file, pty78)
-+ dev_filetrans($1, tty_device_t, chr_file, pty79)
-+ dev_filetrans($1, tty_device_t, chr_file, pty80)
-+ dev_filetrans($1, tty_device_t, chr_file, pty81)
-+ dev_filetrans($1, tty_device_t, chr_file, pty82)
-+ dev_filetrans($1, tty_device_t, chr_file, pty83)
-+ dev_filetrans($1, tty_device_t, chr_file, pty84)
-+ dev_filetrans($1, tty_device_t, chr_file, pty85)
-+ dev_filetrans($1, tty_device_t, chr_file, pty86)
-+ dev_filetrans($1, tty_device_t, chr_file, pty87)
-+ dev_filetrans($1, tty_device_t, chr_file, pty88)
-+ dev_filetrans($1, tty_device_t, chr_file, pty89)
-+ dev_filetrans($1, tty_device_t, chr_file, pty90)
-+ dev_filetrans($1, tty_device_t, chr_file, pty91)
-+ dev_filetrans($1, tty_device_t, chr_file, pty92)
-+ dev_filetrans($1, tty_device_t, chr_file, pty93)
-+ dev_filetrans($1, tty_device_t, chr_file, pty94)
-+ dev_filetrans($1, tty_device_t, chr_file, pty95)
-+ dev_filetrans($1, tty_device_t, chr_file, pty96)
-+ dev_filetrans($1, tty_device_t, chr_file, pty97)
-+ dev_filetrans($1, tty_device_t, chr_file, pty98)
-+ dev_filetrans($1, tty_device_t, chr_file, pty99)
-+ dev_filetrans($1, tty_device_t, chr_file, adb0)
-+ dev_filetrans($1, tty_device_t, chr_file, adb1)
-+ dev_filetrans($1, tty_device_t, chr_file, adb2)
-+ dev_filetrans($1, tty_device_t, chr_file, adb3)
-+ dev_filetrans($1, tty_device_t, chr_file, adb4)
-+ dev_filetrans($1, tty_device_t, chr_file, adb5)
-+ dev_filetrans($1, tty_device_t, chr_file, adb6)
-+ dev_filetrans($1, tty_device_t, chr_file, adb7)
-+ dev_filetrans($1, tty_device_t, chr_file, adb8)
-+ dev_filetrans($1, tty_device_t, chr_file, adb9)
-+ dev_filetrans($1, tty_device_t, chr_file, capi0)
-+ dev_filetrans($1, tty_device_t, chr_file, capi1)
-+ dev_filetrans($1, tty_device_t, chr_file, capi2)
-+ dev_filetrans($1, tty_device_t, chr_file, capi3)
-+ dev_filetrans($1, tty_device_t, chr_file, capi4)
-+ dev_filetrans($1, tty_device_t, chr_file, capi5)
-+ dev_filetrans($1, tty_device_t, chr_file, capi6)
-+ dev_filetrans($1, tty_device_t, chr_file, capi7)
-+ dev_filetrans($1, tty_device_t, chr_file, capi8)
-+ dev_filetrans($1, tty_device_t, chr_file, capi9)
-+ dev_filetrans($1, console_device_t, chr_file, console)
-+ dev_filetrans($1, tty_device_t, chr_file, cu0)
-+ dev_filetrans($1, tty_device_t, chr_file, cu1)
-+ dev_filetrans($1, tty_device_t, chr_file, cu2)
-+ dev_filetrans($1, tty_device_t, chr_file, cu3)
-+ dev_filetrans($1, tty_device_t, chr_file, cu4)
-+ dev_filetrans($1, tty_device_t, chr_file, cu5)
-+ dev_filetrans($1, tty_device_t, chr_file, cu6)
-+ dev_filetrans($1, tty_device_t, chr_file, cu7)
-+ dev_filetrans($1, tty_device_t, chr_file, cu8)
-+ dev_filetrans($1, tty_device_t, chr_file, cu9)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri0)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri1)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri2)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri3)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri4)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri5)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri6)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri7)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri8)
-+ dev_filetrans($1, tty_device_t, chr_file, dcbri9)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc0)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc1)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc2)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc3)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc4)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc5)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc6)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc7)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc8)
-+ dev_filetrans($1, tty_device_t, chr_file, hvc9)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi0)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi1)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi2)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi3)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi4)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi5)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi6)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi7)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi8)
-+ dev_filetrans($1, tty_device_t, chr_file, hvsi9)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm0)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm1)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm2)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm3)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm4)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm5)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm6)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm7)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm8)
-+ dev_filetrans($1, tty_device_t, chr_file, ircomm9)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn0)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn1)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn2)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn3)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn4)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn5)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn6)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn7)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn8)
-+ dev_filetrans($1, tty_device_t, chr_file, isdn9)
-+ dev_filetrans($1, ptmx_t, chr_file, ptmx)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm0)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm1)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm2)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm3)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm4)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm5)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm6)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm7)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm8)
-+ dev_filetrans($1, tty_device_t, chr_file, rfcomm9)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr0)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr1)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr2)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr3)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr4)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr5)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr6)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr7)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr8)
-+ dev_filetrans($1, tty_device_t, chr_file, slamr9)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS0)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS1)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS2)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS3)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS4)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS5)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS6)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS7)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS8)
-+ dev_filetrans($1, tty_device_t, chr_file, ttyS9)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG0)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG1)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG2)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG3)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG4)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG5)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG6)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG7)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG8)
-+ dev_filetrans($1, tty_device_t, chr_file, ttySG9)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p0)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p1)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p2)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p3)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p4)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p5)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p6)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p7)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p8)
-+ dev_filetrans($1, virtio_device_t, chr_file, vport0p9)
-+ dev_filetrans($1, devpts_t, dir, pts)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc0)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc1)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc2)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc3)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc4)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc5)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc6)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc7)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc8)
-+ dev_filetrans($1, tty_device_t, chr_file, xvc9)
++ dev_filetrans($1, devtty_t, chr_file, "tty")
++ dev_filetrans($1, tty_device_t, chr_file, "tty0")
++ dev_filetrans($1, tty_device_t, chr_file, "tty1")
++ dev_filetrans($1, tty_device_t, chr_file, "tty2")
++ dev_filetrans($1, tty_device_t, chr_file, "tty3")
++ dev_filetrans($1, tty_device_t, chr_file, "tty4")
++ dev_filetrans($1, tty_device_t, chr_file, "tty5")
++ dev_filetrans($1, tty_device_t, chr_file, "tty6")
++ dev_filetrans($1, tty_device_t, chr_file, "tty7")
++ dev_filetrans($1, tty_device_t, chr_file, "tty8")
++ dev_filetrans($1, tty_device_t, chr_file, "tty9")
++ dev_filetrans($1, tty_device_t, chr_file, "tty10")
++ dev_filetrans($1, tty_device_t, chr_file, "tty11")
++ dev_filetrans($1, tty_device_t, chr_file, "tty12")
++ dev_filetrans($1, tty_device_t, chr_file, "tty13")
++ dev_filetrans($1, tty_device_t, chr_file, "tty14")
++ dev_filetrans($1, tty_device_t, chr_file, "tty15")
++ dev_filetrans($1, tty_device_t, chr_file, "tty16")
++ dev_filetrans($1, tty_device_t, chr_file, "tty17")
++ dev_filetrans($1, tty_device_t, chr_file, "tty18")
++ dev_filetrans($1, tty_device_t, chr_file, "tty19")
++ dev_filetrans($1, tty_device_t, chr_file, "tty20")
++ dev_filetrans($1, tty_device_t, chr_file, "tty21")
++ dev_filetrans($1, tty_device_t, chr_file, "tty22")
++ dev_filetrans($1, tty_device_t, chr_file, "tty23")
++ dev_filetrans($1, tty_device_t, chr_file, "tty24")
++ dev_filetrans($1, tty_device_t, chr_file, "tty25")
++ dev_filetrans($1, tty_device_t, chr_file, "tty26")
++ dev_filetrans($1, tty_device_t, chr_file, "tty27")
++ dev_filetrans($1, tty_device_t, chr_file, "tty28")
++ dev_filetrans($1, tty_device_t, chr_file, "tty29")
++ dev_filetrans($1, tty_device_t, chr_file, "tty30")
++ dev_filetrans($1, tty_device_t, chr_file, "tty31")
++ dev_filetrans($1, tty_device_t, chr_file, "tty32")
++ dev_filetrans($1, tty_device_t, chr_file, "tty33")
++ dev_filetrans($1, tty_device_t, chr_file, "tty34")
++ dev_filetrans($1, tty_device_t, chr_file, "tty35")
++ dev_filetrans($1, tty_device_t, chr_file, "tty36")
++ dev_filetrans($1, tty_device_t, chr_file, "tty37")
++ dev_filetrans($1, tty_device_t, chr_file, "tty38")
++ dev_filetrans($1, tty_device_t, chr_file, "tty39")
++ dev_filetrans($1, tty_device_t, chr_file, "tty40")
++ dev_filetrans($1, tty_device_t, chr_file, "tty41")
++ dev_filetrans($1, tty_device_t, chr_file, "tty42")
++ dev_filetrans($1, tty_device_t, chr_file, "tty43")
++ dev_filetrans($1, tty_device_t, chr_file, "tty44")
++ dev_filetrans($1, tty_device_t, chr_file, "tty45")
++ dev_filetrans($1, tty_device_t, chr_file, "tty46")
++ dev_filetrans($1, tty_device_t, chr_file, "tty47")
++ dev_filetrans($1, tty_device_t, chr_file, "tty48")
++ dev_filetrans($1, tty_device_t, chr_file, "tty49")
++ dev_filetrans($1, tty_device_t, chr_file, "tty50")
++ dev_filetrans($1, tty_device_t, chr_file, "tty51")
++ dev_filetrans($1, tty_device_t, chr_file, "tty52")
++ dev_filetrans($1, tty_device_t, chr_file, "tty53")
++ dev_filetrans($1, tty_device_t, chr_file, "tty54")
++ dev_filetrans($1, tty_device_t, chr_file, "tty55")
++ dev_filetrans($1, tty_device_t, chr_file, "tty56")
++ dev_filetrans($1, tty_device_t, chr_file, "tty57")
++ dev_filetrans($1, tty_device_t, chr_file, "tty58")
++ dev_filetrans($1, tty_device_t, chr_file, "tty59")
++ dev_filetrans($1, tty_device_t, chr_file, "tty60")
++ dev_filetrans($1, tty_device_t, chr_file, "tty61")
++ dev_filetrans($1, tty_device_t, chr_file, "tty62")
++ dev_filetrans($1, tty_device_t, chr_file, "tty63")
++ dev_filetrans($1, tty_device_t, chr_file, "tty64")
++ dev_filetrans($1, tty_device_t, chr_file, "tty65")
++ dev_filetrans($1, tty_device_t, chr_file, "tty66")
++ dev_filetrans($1, tty_device_t, chr_file, "tty67")
++ dev_filetrans($1, tty_device_t, chr_file, "tty68")
++ dev_filetrans($1, tty_device_t, chr_file, "tty69")
++ dev_filetrans($1, tty_device_t, chr_file, "tty70")
++ dev_filetrans($1, tty_device_t, chr_file, "tty71")
++ dev_filetrans($1, tty_device_t, chr_file, "tty72")
++ dev_filetrans($1, tty_device_t, chr_file, "tty73")
++ dev_filetrans($1, tty_device_t, chr_file, "tty74")
++ dev_filetrans($1, tty_device_t, chr_file, "tty75")
++ dev_filetrans($1, tty_device_t, chr_file, "tty76")
++ dev_filetrans($1, tty_device_t, chr_file, "tty77")
++ dev_filetrans($1, tty_device_t, chr_file, "tty78")
++ dev_filetrans($1, tty_device_t, chr_file, "tty79")
++ dev_filetrans($1, tty_device_t, chr_file, "tty80")
++ dev_filetrans($1, tty_device_t, chr_file, "tty81")
++ dev_filetrans($1, tty_device_t, chr_file, "tty82")
++ dev_filetrans($1, tty_device_t, chr_file, "tty83")
++ dev_filetrans($1, tty_device_t, chr_file, "tty84")
++ dev_filetrans($1, tty_device_t, chr_file, "tty85")
++ dev_filetrans($1, tty_device_t, chr_file, "tty86")
++ dev_filetrans($1, tty_device_t, chr_file, "tty87")
++ dev_filetrans($1, tty_device_t, chr_file, "tty88")
++ dev_filetrans($1, tty_device_t, chr_file, "tty89")
++ dev_filetrans($1, tty_device_t, chr_file, "tty90")
++ dev_filetrans($1, tty_device_t, chr_file, "tty91")
++ dev_filetrans($1, tty_device_t, chr_file, "tty92")
++ dev_filetrans($1, tty_device_t, chr_file, "tty93")
++ dev_filetrans($1, tty_device_t, chr_file, "tty94")
++ dev_filetrans($1, tty_device_t, chr_file, "tty95")
++ dev_filetrans($1, tty_device_t, chr_file, "tty96")
++ dev_filetrans($1, tty_device_t, chr_file, "tty97")
++ dev_filetrans($1, tty_device_t, chr_file, "tty98")
++ dev_filetrans($1, tty_device_t, chr_file, "tty99")
++ dev_filetrans($1, tty_device_t, chr_file, "pty")
++ dev_filetrans($1, tty_device_t, chr_file, "pty0")
++ dev_filetrans($1, tty_device_t, chr_file, "pty1")
++ dev_filetrans($1, tty_device_t, chr_file, "pty2")
++ dev_filetrans($1, tty_device_t, chr_file, "pty3")
++ dev_filetrans($1, tty_device_t, chr_file, "pty4")
++ dev_filetrans($1, tty_device_t, chr_file, "pty5")
++ dev_filetrans($1, tty_device_t, chr_file, "pty6")
++ dev_filetrans($1, tty_device_t, chr_file, "pty7")
++ dev_filetrans($1, tty_device_t, chr_file, "pty8")
++ dev_filetrans($1, tty_device_t, chr_file, "pty9")
++ dev_filetrans($1, tty_device_t, chr_file, "pty10")
++ dev_filetrans($1, tty_device_t, chr_file, "pty11")
++ dev_filetrans($1, tty_device_t, chr_file, "pty12")
++ dev_filetrans($1, tty_device_t, chr_file, "pty13")
++ dev_filetrans($1, tty_device_t, chr_file, "pty14")
++ dev_filetrans($1, tty_device_t, chr_file, "pty15")
++ dev_filetrans($1, tty_device_t, chr_file, "pty16")
++ dev_filetrans($1, tty_device_t, chr_file, "pty17")
++ dev_filetrans($1, tty_device_t, chr_file, "pty18")
++ dev_filetrans($1, tty_device_t, chr_file, "pty19")
++ dev_filetrans($1, tty_device_t, chr_file, "pty20")
++ dev_filetrans($1, tty_device_t, chr_file, "pty21")
++ dev_filetrans($1, tty_device_t, chr_file, "pty22")
++ dev_filetrans($1, tty_device_t, chr_file, "pty23")
++ dev_filetrans($1, tty_device_t, chr_file, "pty24")
++ dev_filetrans($1, tty_device_t, chr_file, "pty25")
++ dev_filetrans($1, tty_device_t, chr_file, "pty26")
++ dev_filetrans($1, tty_device_t, chr_file, "pty27")
++ dev_filetrans($1, tty_device_t, chr_file, "pty28")
++ dev_filetrans($1, tty_device_t, chr_file, "pty29")
++ dev_filetrans($1, tty_device_t, chr_file, "pty30")
++ dev_filetrans($1, tty_device_t, chr_file, "pty31")
++ dev_filetrans($1, tty_device_t, chr_file, "pty32")
++ dev_filetrans($1, tty_device_t, chr_file, "pty33")
++ dev_filetrans($1, tty_device_t, chr_file, "pty34")
++ dev_filetrans($1, tty_device_t, chr_file, "pty35")
++ dev_filetrans($1, tty_device_t, chr_file, "pty36")
++ dev_filetrans($1, tty_device_t, chr_file, "pty37")
++ dev_filetrans($1, tty_device_t, chr_file, "pty38")
++ dev_filetrans($1, tty_device_t, chr_file, "pty39")
++ dev_filetrans($1, tty_device_t, chr_file, "pty40")
++ dev_filetrans($1, tty_device_t, chr_file, "pty41")
++ dev_filetrans($1, tty_device_t, chr_file, "pty42")
++ dev_filetrans($1, tty_device_t, chr_file, "pty43")
++ dev_filetrans($1, tty_device_t, chr_file, "pty44")
++ dev_filetrans($1, tty_device_t, chr_file, "pty45")
++ dev_filetrans($1, tty_device_t, chr_file, "pty46")
++ dev_filetrans($1, tty_device_t, chr_file, "pty47")
++ dev_filetrans($1, tty_device_t, chr_file, "pty48")
++ dev_filetrans($1, tty_device_t, chr_file, "pty49")
++ dev_filetrans($1, tty_device_t, chr_file, "pty50")
++ dev_filetrans($1, tty_device_t, chr_file, "pty51")
++ dev_filetrans($1, tty_device_t, chr_file, "pty52")
++ dev_filetrans($1, tty_device_t, chr_file, "pty53")
++ dev_filetrans($1, tty_device_t, chr_file, "pty54")
++ dev_filetrans($1, tty_device_t, chr_file, "pty55")
++ dev_filetrans($1, tty_device_t, chr_file, "pty56")
++ dev_filetrans($1, tty_device_t, chr_file, "pty57")
++ dev_filetrans($1, tty_device_t, chr_file, "pty58")
++ dev_filetrans($1, tty_device_t, chr_file, "pty59")
++ dev_filetrans($1, tty_device_t, chr_file, "pty60")
++ dev_filetrans($1, tty_device_t, chr_file, "pty61")
++ dev_filetrans($1, tty_device_t, chr_file, "pty62")
++ dev_filetrans($1, tty_device_t, chr_file, "pty63")
++ dev_filetrans($1, tty_device_t, chr_file, "pty64")
++ dev_filetrans($1, tty_device_t, chr_file, "pty65")
++ dev_filetrans($1, tty_device_t, chr_file, "pty66")
++ dev_filetrans($1, tty_device_t, chr_file, "pty67")
++ dev_filetrans($1, tty_device_t, chr_file, "pty68")
++ dev_filetrans($1, tty_device_t, chr_file, "pty69")
++ dev_filetrans($1, tty_device_t, chr_file, "pty70")
++ dev_filetrans($1, tty_device_t, chr_file, "pty71")
++ dev_filetrans($1, tty_device_t, chr_file, "pty72")
++ dev_filetrans($1, tty_device_t, chr_file, "pty73")
++ dev_filetrans($1, tty_device_t, chr_file, "pty74")
++ dev_filetrans($1, tty_device_t, chr_file, "pty75")
++ dev_filetrans($1, tty_device_t, chr_file, "pty76")
++ dev_filetrans($1, tty_device_t, chr_file, "pty77")
++ dev_filetrans($1, tty_device_t, chr_file, "pty78")
++ dev_filetrans($1, tty_device_t, chr_file, "pty79")
++ dev_filetrans($1, tty_device_t, chr_file, "pty80")
++ dev_filetrans($1, tty_device_t, chr_file, "pty81")
++ dev_filetrans($1, tty_device_t, chr_file, "pty82")
++ dev_filetrans($1, tty_device_t, chr_file, "pty83")
++ dev_filetrans($1, tty_device_t, chr_file, "pty84")
++ dev_filetrans($1, tty_device_t, chr_file, "pty85")
++ dev_filetrans($1, tty_device_t, chr_file, "pty86")
++ dev_filetrans($1, tty_device_t, chr_file, "pty87")
++ dev_filetrans($1, tty_device_t, chr_file, "pty88")
++ dev_filetrans($1, tty_device_t, chr_file, "pty89")
++ dev_filetrans($1, tty_device_t, chr_file, "pty90")
++ dev_filetrans($1, tty_device_t, chr_file, "pty91")
++ dev_filetrans($1, tty_device_t, chr_file, "pty92")
++ dev_filetrans($1, tty_device_t, chr_file, "pty93")
++ dev_filetrans($1, tty_device_t, chr_file, "pty94")
++ dev_filetrans($1, tty_device_t, chr_file, "pty95")
++ dev_filetrans($1, tty_device_t, chr_file, "pty96")
++ dev_filetrans($1, tty_device_t, chr_file, "pty97")
++ dev_filetrans($1, tty_device_t, chr_file, "pty98")
++ dev_filetrans($1, tty_device_t, chr_file, "pty99")
++ dev_filetrans($1, tty_device_t, chr_file, "adb0")
++ dev_filetrans($1, tty_device_t, chr_file, "adb1")
++ dev_filetrans($1, tty_device_t, chr_file, "adb2")
++ dev_filetrans($1, tty_device_t, chr_file, "adb3")
++ dev_filetrans($1, tty_device_t, chr_file, "adb4")
++ dev_filetrans($1, tty_device_t, chr_file, "adb5")
++ dev_filetrans($1, tty_device_t, chr_file, "adb6")
++ dev_filetrans($1, tty_device_t, chr_file, "adb7")
++ dev_filetrans($1, tty_device_t, chr_file, "adb8")
++ dev_filetrans($1, tty_device_t, chr_file, "adb9")
++ dev_filetrans($1, tty_device_t, chr_file, "capi0")
++ dev_filetrans($1, tty_device_t, chr_file, "capi1")
++ dev_filetrans($1, tty_device_t, chr_file, "capi2")
++ dev_filetrans($1, tty_device_t, chr_file, "capi3")
++ dev_filetrans($1, tty_device_t, chr_file, "capi4")
++ dev_filetrans($1, tty_device_t, chr_file, "capi5")
++ dev_filetrans($1, tty_device_t, chr_file, "capi6")
++ dev_filetrans($1, tty_device_t, chr_file, "capi7")
++ dev_filetrans($1, tty_device_t, chr_file, "capi8")
++ dev_filetrans($1, tty_device_t, chr_file, "capi9")
++ dev_filetrans($1, console_device_t, chr_file, "console")
++ dev_filetrans($1, tty_device_t, chr_file, "cu0")
++ dev_filetrans($1, tty_device_t, chr_file, "cu1")
++ dev_filetrans($1, tty_device_t, chr_file, "cu2")
++ dev_filetrans($1, tty_device_t, chr_file, "cu3")
++ dev_filetrans($1, tty_device_t, chr_file, "cu4")
++ dev_filetrans($1, tty_device_t, chr_file, "cu5")
++ dev_filetrans($1, tty_device_t, chr_file, "cu6")
++ dev_filetrans($1, tty_device_t, chr_file, "cu7")
++ dev_filetrans($1, tty_device_t, chr_file, "cu8")
++ dev_filetrans($1, tty_device_t, chr_file, "cu9")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri0")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri1")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri2")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri3")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri4")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri5")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri6")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri7")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri8")
++ dev_filetrans($1, tty_device_t, chr_file, "dcbri9")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc0")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc1")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc2")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc3")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc4")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc5")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc6")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc7")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc8")
++ dev_filetrans($1, tty_device_t, chr_file, "hvc9")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi0")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi1")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi2")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi3")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi4")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi5")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi6")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi7")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi8")
++ dev_filetrans($1, tty_device_t, chr_file, "hvsi9")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm0")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm1")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm2")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm3")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm4")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm5")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm6")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm7")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm8")
++ dev_filetrans($1, tty_device_t, chr_file, "ircomm9")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn0")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn1")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn2")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn3")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn4")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn5")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn6")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn7")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn8")
++ dev_filetrans($1, tty_device_t, chr_file, "isdn9")
++ dev_filetrans($1, ptmx_t, chr_file, "ptmx")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm0")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm1")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm2")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm3")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm4")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm5")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm6")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm7")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm8")
++ dev_filetrans($1, tty_device_t, chr_file, "rfcomm9")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr0")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr1")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr2")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr3")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr4")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr5")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr6")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr7")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr8")
++ dev_filetrans($1, tty_device_t, chr_file, "slamr9")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS0")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS1")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS2")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS3")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS4")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS5")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS6")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS7")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS8")
++ dev_filetrans($1, tty_device_t, chr_file, "ttyS9")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG0")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG1")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG2")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG3")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG4")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG5")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG6")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG7")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG8")
++ dev_filetrans($1, tty_device_t, chr_file, "ttySG9")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p0")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p1")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p2")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p3")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p4")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p5")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p6")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p7")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p8")
++ dev_filetrans($1, virtio_device_t, chr_file, "vport0p9")
++ dev_filetrans($1, devpts_t, dir, "pts")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc0")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc1")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc2")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc3")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc4")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc5")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc6")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc7")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc8")
++ dev_filetrans($1, tty_device_t, chr_file, "xvc9")
+')
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 361692e..0f09fb5 100644
@@ -16866,7 +16927,7 @@ index 1cb7311..1de82b2 100644
+
+gen_user(guest_u, user, guest_r, s0, s0)
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
-index be4de58..cce681a 100644
+index be4de58..2efb6e9 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -9,6 +9,8 @@ role secadm_r;
@@ -16878,8 +16939,18 @@ index be4de58..cce681a 100644
########################################
#
+@@ -39,6 +41,9 @@ logging_read_audit_log(secadm_t)
+ logging_read_generic_logs(secadm_t)
+ logging_read_audit_config(secadm_t)
+
++seutil_rw_config(secadm_t)
++seutil_rw_default_contexts(secadm_t)
++
+ optional_policy(`
+ aide_run(secadm_t, secadm_r)
+ ')
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 2be17d2..7f56ac0 100644
+index 2be17d2..9482840 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -8,12 +8,51 @@ policy_module(staff, 2.2.0)
@@ -16934,7 +17005,7 @@ index 2be17d2..7f56ac0 100644
optional_policy(`
apache_role(staff_r, staff_t)
')
-@@ -27,25 +66,138 @@ optional_policy(`
+@@ -27,19 +66,95 @@ optional_policy(`
')
optional_policy(`
@@ -17032,10 +17103,10 @@ index 2be17d2..7f56ac0 100644
')
optional_policy(`
- sysadm_role_change(staff_r)
- userdom_dontaudit_use_user_terminals(staff_t)
+@@ -48,10 +163,48 @@ optional_policy(`
')
-+optional_policy(`
+
+ optional_policy(`
+ setroubleshoot_stream_connect(staff_t)
+ setroubleshoot_dbus_chat(staff_t)
+ setroubleshoot_dbus_chat_fixit(staff_t)
@@ -17066,16 +17137,22 @@ index 2be17d2..7f56ac0 100644
+')
+
+optional_policy(`
+ vlock_run(staff_t, staff_r)
+ ')
+
+ optional_policy(`
+ vnstatd_read_lib_files(staff_t)
+')
+
+optional_policy(`
+ webadm_role_change(staff_r)
+')
++
++optional_policy(`
+ xserver_role(staff_r, staff_t)
+ ')
- optional_policy(`
- vlock_run(staff_t, staff_r)
-@@ -89,10 +241,6 @@ ifndef(`distro_redhat',`
+@@ -89,10 +242,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -17086,7 +17163,7 @@ index 2be17d2..7f56ac0 100644
gpg_role(staff_r, staff_t)
')
-@@ -137,10 +285,6 @@ ifndef(`distro_redhat',`
+@@ -137,10 +286,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -17097,7 +17174,7 @@ index 2be17d2..7f56ac0 100644
spamassassin_role(staff_r, staff_t)
')
-@@ -172,3 +316,7 @@ ifndef(`distro_redhat',`
+@@ -172,3 +317,7 @@ ifndef(`distro_redhat',`
wireshark_role(staff_r, staff_t)
')
')
@@ -17106,7 +17183,7 @@ index 2be17d2..7f56ac0 100644
+ userdom_execmod_user_home_files(staff_usertype)
+')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index 4a8d146..4fb9455 100644
+index 4a8d146..2aa3ce0 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -24,20 +24,55 @@ ifndef(`enable_mls',`
@@ -17144,11 +17221,11 @@ index 4a8d146..4fb9455 100644
+
+miscfiles_read_hwdata(sysadm_t)
+
-+sysnet_etc_filetrans_config(sysadm_t, resolv.conf)
-+sysnet_etc_filetrans_config(sysadm_t, denyhosts)
-+sysnet_etc_filetrans_config(sysadm_t, hosts)
-+sysnet_etc_filetrans_config(sysadm_t, ethers)
-+sysnet_etc_filetrans_config(sysadm_t, yp.conf)
++sysnet_etc_filetrans_config(sysadm_t, "resolv.conf")
++sysnet_etc_filetrans_config(sysadm_t, "denyhosts")
++sysnet_etc_filetrans_config(sysadm_t, "hosts")
++sysnet_etc_filetrans_config(sysadm_t, "ethers")
++sysnet_etc_filetrans_config(sysadm_t, "yp.conf")
# Add/remove user home directories
userdom_manage_user_home_dirs(sysadm_t)
@@ -17319,7 +17396,18 @@ index 4a8d146..4fb9455 100644
optional_policy(`
rsync_exec(sysadm_t)
-@@ -307,7 +354,7 @@ optional_policy(`
+@@ -302,12 +349,18 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ setroubleshoot_stream_connect(sysadm_t)
++ setroubleshoot_dbus_chat(sysadm_t)
++ setroubleshoot_dbus_chat_fixit(sysadm_t)
++')
++
++optional_policy(`
+ seutil_run_setfiles(sysadm_t, sysadm_r)
+ seutil_run_runinit(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -17328,7 +17416,7 @@ index 4a8d146..4fb9455 100644
')
optional_policy(`
-@@ -332,10 +379,6 @@ optional_policy(`
+@@ -332,10 +385,6 @@ optional_policy(`
')
optional_policy(`
@@ -17339,7 +17427,7 @@ index 4a8d146..4fb9455 100644
tripwire_run_siggen(sysadm_t, sysadm_r)
tripwire_run_tripwire(sysadm_t, sysadm_r)
tripwire_run_twadmin(sysadm_t, sysadm_r)
-@@ -343,19 +386,15 @@ optional_policy(`
+@@ -343,19 +392,15 @@ optional_policy(`
')
optional_policy(`
@@ -17361,7 +17449,7 @@ index 4a8d146..4fb9455 100644
')
optional_policy(`
-@@ -367,17 +406,14 @@ optional_policy(`
+@@ -367,45 +412,45 @@ optional_policy(`
')
optional_policy(`
@@ -17374,31 +17462,42 @@ index 4a8d146..4fb9455 100644
usermanage_run_useradd(sysadm_t, sysadm_r)
')
-+
optional_policy(`
- vmware_role(sysadm_r, sysadm_t)
-+ vpn_run(sysadm_t, sysadm_r)
++ virt_stream_connect(sysadm_t)
++ virt_filetrans_home_content(sysadm_t)
')
optional_policy(`
-@@ -389,7 +425,8 @@ optional_policy(`
+- vpn_run(sysadm_t, sysadm_r)
++ vlock_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+- webalizer_run(sysadm_t, sysadm_r)
++ vpn_run(sysadm_t, sysadm_r)
')
optional_policy(`
- wireshark_role(sysadm_r, sysadm_t)
-+ virt_stream_connect(sysadm_t)
-+ virt_filetrans_home_content(sysadm_t)
++ webalizer_run(sysadm_t, sysadm_r)
')
optional_policy(`
-@@ -404,8 +441,15 @@ optional_policy(`
- yam_run(sysadm_t, sysadm_r)
+- vlock_run(sysadm_t, sysadm_r)
++ xserver_role(sysadm_r, sysadm_t)
')
-+optional_policy(`
+ optional_policy(`
+- xserver_role(sysadm_r, sysadm_t)
++ yam_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+- yam_run(sysadm_t, sysadm_r)
+ zebra_stream_connect(sysadm_t)
-+')
-+
+ ')
+
ifndef(`distro_redhat',`
optional_policy(`
+ apache_role(sysadm_r, sysadm_t)
@@ -17407,7 +17506,7 @@ index 4a8d146..4fb9455 100644
auth_role(sysadm_r, sysadm_t)
')
-@@ -439,6 +483,7 @@ ifndef(`distro_redhat',`
+@@ -439,6 +484,7 @@ ifndef(`distro_redhat',`
optional_policy(`
gnome_role(sysadm_r, sysadm_t)
@@ -17415,7 +17514,7 @@ index 4a8d146..4fb9455 100644
')
optional_policy(`
-@@ -452,5 +497,60 @@ ifndef(`distro_redhat',`
+@@ -452,5 +498,60 @@ ifndef(`distro_redhat',`
optional_policy(`
java_role(sysadm_r, sysadm_t)
')
@@ -18186,10 +18285,10 @@ index 0000000..8b2cdf3
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..b3b2479
+index 0000000..25eea4a
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,526 @@
+@@ -0,0 +1,527 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -18282,11 +18381,11 @@ index 0000000..b3b2479
+storage_filetrans_all_named_dev(unconfined_t)
+term_filetrans_all_named_dev(unconfined_t)
+
-+sysnet_etc_filetrans_config(unconfined_t, resolv.conf)
-+sysnet_etc_filetrans_config(unconfined_t, denyhosts)
-+sysnet_etc_filetrans_config(unconfined_t, hosts)
-+sysnet_etc_filetrans_config(unconfined_t, ethers)
-+sysnet_etc_filetrans_config(unconfined_t, yp.conf)
++sysnet_etc_filetrans_config(unconfined_t, "resolv.conf")
++sysnet_etc_filetrans_config(unconfined_t, "denyhosts")
++sysnet_etc_filetrans_config(unconfined_t, "hosts")
++sysnet_etc_filetrans_config(unconfined_t, "ethers")
++sysnet_etc_filetrans_config(unconfined_t, "yp.conf")
+
+optional_policy(`
+ ssh_filetrans_admin_home_content(unconfined_t)
@@ -18311,6 +18410,7 @@ index 0000000..b3b2479
+ mount_domtrans_unconfined(unconfined_t)
+')
+
++seutil_run_loadpolicy(unconfined_t, unconfined_r)
+seutil_run_setsebool(unconfined_t, unconfined_r)
+seutil_run_setfiles(unconfined_t, unconfined_r)
+seutil_run_semanage(unconfined_t, unconfined_r)
@@ -20236,7 +20336,7 @@ index 9e39aa5..ec27284 100644
+/var/run/dirsrv/admin-serv.* gen_context(system_u:object_r:httpd_var_run_t,s0)
+/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
-index 6480167..1440827 100644
+index 6480167..63822c0 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -13,17 +13,13 @@
@@ -20844,12 +20944,12 @@ index 6480167..1440827 100644
+ type httpd_user_content_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, public_html)
-+ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, www)
-+ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, web)
++ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, "public_html")
++ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, "www")
++ userdom_user_home_dir_filetrans($1, httpd_user_content_t, dir, "web")
')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
-index 3136c6a..02f0378 100644
+index 3136c6a..6a6fdc5 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -18,130 +18,195 @@ policy_module(apache, 2.2.1)
@@ -21194,7 +21294,7 @@ index 3136c6a..02f0378 100644
corenet_all_recvfrom_unlabeled(httpd_t)
corenet_all_recvfrom_netlabel(httpd_t)
-@@ -365,8 +452,10 @@ corenet_udp_sendrecv_generic_node(httpd_t)
+@@ -365,8 +452,11 @@ corenet_udp_sendrecv_generic_node(httpd_t)
corenet_tcp_sendrecv_all_ports(httpd_t)
corenet_udp_sendrecv_all_ports(httpd_t)
corenet_tcp_bind_generic_node(httpd_t)
@@ -21202,10 +21302,11 @@ index 3136c6a..02f0378 100644
corenet_tcp_bind_http_port(httpd_t)
corenet_tcp_bind_http_cache_port(httpd_t)
+corenet_tcp_bind_ntop_port(httpd_t)
++corenet_tcp_bind_jboss_management_port(httpd_t)
corenet_sendrecv_http_server_packets(httpd_t)
# Signal self for shutdown
corenet_tcp_connect_http_port(httpd_t)
-@@ -378,12 +467,12 @@ dev_rw_crypto(httpd_t)
+@@ -378,12 +468,12 @@ dev_rw_crypto(httpd_t)
fs_getattr_all_fs(httpd_t)
fs_search_auto_mountpoints(httpd_t)
@@ -21221,7 +21322,7 @@ index 3136c6a..02f0378 100644
domain_use_interactive_fds(httpd_t)
-@@ -391,6 +480,7 @@ files_dontaudit_getattr_all_pids(httpd_t)
+@@ -391,6 +481,7 @@ files_dontaudit_getattr_all_pids(httpd_t)
files_read_usr_files(httpd_t)
files_list_mnt(httpd_t)
files_search_spool(httpd_t)
@@ -21229,7 +21330,7 @@ index 3136c6a..02f0378 100644
files_read_var_lib_files(httpd_t)
files_search_home(httpd_t)
files_getattr_home_dir(httpd_t)
-@@ -402,6 +492,13 @@ files_read_etc_files(httpd_t)
+@@ -402,6 +493,13 @@ files_read_etc_files(httpd_t)
files_read_var_lib_symlinks(httpd_t)
fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -21243,7 +21344,7 @@ index 3136c6a..02f0378 100644
libs_read_lib_files(httpd_t)
-@@ -416,34 +513,74 @@ seutil_dontaudit_search_config(httpd_t)
+@@ -416,34 +514,74 @@ seutil_dontaudit_search_config(httpd_t)
userdom_use_unpriv_users_fds(httpd_t)
@@ -21320,7 +21421,7 @@ index 3136c6a..02f0378 100644
')
tunable_policy(`httpd_enable_cgi && httpd_use_nfs',`
-@@ -456,6 +593,10 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
+@@ -456,6 +594,10 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
@@ -21331,7 +21432,7 @@ index 3136c6a..02f0378 100644
manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-@@ -466,15 +607,27 @@ tunable_policy(`httpd_enable_ftp_server',`
+@@ -466,15 +608,27 @@ tunable_policy(`httpd_enable_ftp_server',`
corenet_tcp_bind_ftp_port(httpd_t)
')
@@ -21361,7 +21462,7 @@ index 3136c6a..02f0378 100644
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_t)
fs_read_cifs_symlinks(httpd_t)
-@@ -484,7 +637,16 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -484,7 +638,16 @@ tunable_policy(`httpd_can_sendmail',`
# allow httpd to connect to mail servers
corenet_tcp_connect_smtp_port(httpd_t)
corenet_sendrecv_smtp_client_packets(httpd_t)
@@ -21378,7 +21479,7 @@ index 3136c6a..02f0378 100644
')
tunable_policy(`httpd_ssi_exec',`
-@@ -499,9 +661,19 @@ tunable_policy(`httpd_ssi_exec',`
+@@ -499,9 +662,19 @@ tunable_policy(`httpd_ssi_exec',`
# to run correctly without this permission, so the permission
# are dontaudited here.
tunable_policy(`httpd_tty_comm',`
@@ -21399,7 +21500,7 @@ index 3136c6a..02f0378 100644
')
optional_policy(`
-@@ -513,7 +685,13 @@ optional_policy(`
+@@ -513,7 +686,13 @@ optional_policy(`
')
optional_policy(`
@@ -21414,7 +21515,7 @@ index 3136c6a..02f0378 100644
')
optional_policy(`
-@@ -528,7 +706,18 @@ optional_policy(`
+@@ -528,7 +707,18 @@ optional_policy(`
daemontools_service_domain(httpd_t, httpd_exec_t)
')
@@ -21434,7 +21535,7 @@ index 3136c6a..02f0378 100644
dbus_system_bus_client(httpd_t)
tunable_policy(`httpd_dbus_avahi',`
-@@ -537,8 +726,13 @@ optional_policy(`
+@@ -537,8 +727,13 @@ optional_policy(`
')
optional_policy(`
@@ -21449,7 +21550,7 @@ index 3136c6a..02f0378 100644
')
')
-@@ -556,7 +750,13 @@ optional_policy(`
+@@ -556,7 +751,13 @@ optional_policy(`
')
optional_policy(`
@@ -21463,7 +21564,7 @@ index 3136c6a..02f0378 100644
mysql_stream_connect(httpd_t)
mysql_rw_db_sockets(httpd_t)
-@@ -567,6 +767,7 @@ optional_policy(`
+@@ -567,6 +768,7 @@ optional_policy(`
optional_policy(`
nagios_read_config(httpd_t)
@@ -21471,7 +21572,7 @@ index 3136c6a..02f0378 100644
')
optional_policy(`
-@@ -577,6 +778,16 @@ optional_policy(`
+@@ -577,6 +779,16 @@ optional_policy(`
')
optional_policy(`
@@ -21488,7 +21589,7 @@ index 3136c6a..02f0378 100644
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
postgresql_unpriv_client(httpd_t)
-@@ -591,6 +802,11 @@ optional_policy(`
+@@ -591,6 +803,11 @@ optional_policy(`
')
optional_policy(`
@@ -21500,7 +21601,7 @@ index 3136c6a..02f0378 100644
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
-@@ -603,6 +819,11 @@ optional_policy(`
+@@ -603,6 +820,11 @@ optional_policy(`
yam_read_content(httpd_t)
')
@@ -21512,7 +21613,7 @@ index 3136c6a..02f0378 100644
########################################
#
# Apache helper local policy
-@@ -616,7 +837,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
+@@ -616,7 +838,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
logging_send_syslog_msg(httpd_helper_t)
@@ -21525,7 +21626,7 @@ index 3136c6a..02f0378 100644
########################################
#
-@@ -654,28 +879,30 @@ libs_exec_lib_files(httpd_php_t)
+@@ -654,28 +880,30 @@ libs_exec_lib_files(httpd_php_t)
userdom_use_unpriv_users_fds(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
@@ -21569,7 +21670,16 @@ index 3136c6a..02f0378 100644
')
########################################
-@@ -699,17 +926,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+@@ -685,6 +913,8 @@ optional_policy(`
+
+ allow httpd_suexec_t self:capability { setuid setgid };
+ allow httpd_suexec_t self:process signal_perms;
++
++allow httpd_suexec_t self:fifo_file rw_fifo_file_perms;
+ allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
+
+ domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
+@@ -699,17 +929,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
@@ -21595,7 +21705,7 @@ index 3136c6a..02f0378 100644
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -740,13 +972,27 @@ tunable_policy(`httpd_can_network_connect',`
+@@ -740,13 +975,31 @@ tunable_policy(`httpd_can_network_connect',`
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -21609,6 +21719,10 @@ index 3136c6a..02f0378 100644
+
+domain_entry_file(httpd_sys_script_t, httpd_sys_content_t)
+
++tunable_policy(`httpd_can_sendmail',`
++ mta_send_mail(httpd_suexec_t)
++')
++
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_sys_script_t httpdcontent:file entrypoint;
domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
@@ -21624,7 +21738,7 @@ index 3136c6a..02f0378 100644
fs_read_nfs_files(httpd_suexec_t)
fs_read_nfs_symlinks(httpd_suexec_t)
fs_exec_nfs_files(httpd_suexec_t)
-@@ -769,6 +1015,25 @@ optional_policy(`
+@@ -769,6 +1022,25 @@ optional_policy(`
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -21650,7 +21764,7 @@ index 3136c6a..02f0378 100644
########################################
#
# Apache system script local policy
-@@ -789,12 +1054,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
+@@ -789,12 +1061,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
kernel_read_kernel_sysctls(httpd_sys_script_t)
@@ -21668,7 +21782,7 @@ index 3136c6a..02f0378 100644
ifdef(`distro_redhat',`
allow httpd_sys_script_t httpd_log_t:file append_file_perms;
')
-@@ -803,18 +1073,50 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -803,18 +1080,50 @@ tunable_policy(`httpd_can_sendmail',`
mta_send_mail(httpd_sys_script_t)
')
@@ -21725,7 +21839,7 @@ index 3136c6a..02f0378 100644
corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
corenet_tcp_connect_all_ports(httpd_sys_script_t)
-@@ -822,14 +1124,29 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
+@@ -822,14 +1131,29 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
')
tunable_policy(`httpd_enable_homedirs',`
@@ -21756,7 +21870,7 @@ index 3136c6a..02f0378 100644
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,10 +1159,20 @@ optional_policy(`
+@@ -842,10 +1166,20 @@ optional_policy(`
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -21777,7 +21891,7 @@ index 3136c6a..02f0378 100644
')
########################################
-@@ -891,11 +1218,21 @@ optional_policy(`
+@@ -891,11 +1225,21 @@ optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -21803,10 +21917,19 @@ index 3136c6a..02f0378 100644
+ userdom_read_user_home_content_files(httpd_user_script_t)
')
diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc
-index cd07b96..a87d1dd 100644
+index cd07b96..9b7742f 100644
--- a/policy/modules/services/apcupsd.fc
+++ b/policy/modules/services/apcupsd.fc
-@@ -13,3 +13,4 @@
+@@ -4,6 +4,8 @@
+
+ /usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
+
++/var/lock/subsys/apcupsd -- gen_context(system_u:object_r:apcupsd_lock_t,s0)
++
+ /var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
+ /var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
+
+@@ -13,3 +15,4 @@
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
@@ -22119,10 +22242,18 @@ index d80a16b..a43e006 100644
init_labeled_script_domtrans($1, automount_initrc_exec_t)
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
-index 39799db..d174b05 100644
+index 39799db..9390ef1 100644
--- a/policy/modules/services/automount.te
+++ b/policy/modules/services/automount.te
-@@ -143,9 +143,6 @@ logging_search_logs(automount_t)
+@@ -64,6 +64,7 @@ kernel_read_network_state(automount_t)
+ kernel_list_proc(automount_t)
+ kernel_dontaudit_search_xen_state(automount_t)
+
++files_read_usr_files(automount_t)
+ files_search_boot(automount_t)
+ # Automount is slowly adding all mount functionality internally
+ files_search_all(automount_t)
+@@ -143,9 +144,6 @@ logging_search_logs(automount_t)
miscfiles_read_localization(automount_t)
miscfiles_read_generic_certs(automount_t)
@@ -22132,7 +22263,7 @@ index 39799db..d174b05 100644
userdom_dontaudit_use_unpriv_user_fds(automount_t)
userdom_dontaudit_search_user_home_dirs(automount_t)
-@@ -155,6 +152,13 @@ optional_policy(`
+@@ -155,6 +153,13 @@ optional_policy(`
')
optional_policy(`
@@ -22742,10 +22873,10 @@ index 0000000..fa9b95a
+')
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
new file mode 100644
-index 0000000..11ad49a
+index 0000000..1442451
--- /dev/null
+++ b/policy/modules/services/boinc.te
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,172 @@
+policy_module(boinc, 1.0.0)
+
+########################################
@@ -22828,6 +22959,7 @@ index 0000000..11ad49a
+corenet_tcp_bind_generic_node(boinc_t)
+corenet_udp_bind_generic_node(boinc_t)
+corenet_tcp_bind_boinc_port(boinc_t)
++corenet_tcp_bind_boinc_client_ctrl_port(boinc_t)
+corenet_tcp_connect_boinc_port(boinc_t)
+corenet_tcp_connect_http_port(boinc_t)
+corenet_tcp_connect_http_cache_port(boinc_t)
@@ -23322,10 +23454,10 @@ index 0000000..3e15c63
+/var/spool/callweaver(/.*)? gen_context(system_u:object_r:callweaver_spool_t,s0)
diff --git a/policy/modules/services/callweaver.if b/policy/modules/services/callweaver.if
new file mode 100644
-index 0000000..c8d7b83
+index 0000000..ad3d3c0
--- /dev/null
+++ b/policy/modules/services/callweaver.if
-@@ -0,0 +1,338 @@
+@@ -0,0 +1,358 @@
+## <summary>Open source PBX project.</summary>
+
+########################################
@@ -23351,6 +23483,26 @@ index 0000000..c8d7b83
+########################################
+## <summary>
+## Execute callweaver in the
++## callers domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`callweaver_exec',`
++ gen_require(`
++ type callweaver_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ can_exec($1, callweaver_exec_t)
++')
++
++########################################
++## <summary>
++## Execute callweaver in the
+## callweaver domain.
+## </summary>
+## <param name="domain">
@@ -24077,7 +24229,7 @@ index d020c93..e5cbcef 100644
cgroup_initrc_domtrans_cgconfig($1)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/cgroup.te b/policy/modules/services/cgroup.te
-index 8ca2333..09a114b 100644
+index 8ca2333..93c7789 100644
--- a/policy/modules/services/cgroup.te
+++ b/policy/modules/services/cgroup.te
@@ -16,14 +16,17 @@ init_daemon_domain(cgred_t, cgred_exec_t)
@@ -24143,6 +24295,15 @@ index 8ca2333..09a114b 100644
# rc script creates pid file
manage_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
manage_sock_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
+@@ -97,6 +103,8 @@ files_read_etc_files(cgred_t)
+
+ fs_write_cgroup_files(cgred_t)
+
++auth_use_nsswitch(cgred_t)
++
+ logging_send_syslog_msg(cgred_t)
+
+ miscfiles_read_localization(cgred_t)
diff --git a/policy/modules/services/chronyd.if b/policy/modules/services/chronyd.if
index 9a0da94..2ede737 100644
--- a/policy/modules/services/chronyd.if
@@ -24325,17 +24486,19 @@ index fa82327..db20d26 100644
gpsd_rw_shm(chronyd_t)
')
diff --git a/policy/modules/services/clamav.fc b/policy/modules/services/clamav.fc
-index e8e9a21..0af0260 100644
+index e8e9a21..89fc935 100644
--- a/policy/modules/services/clamav.fc
+++ b/policy/modules/services/clamav.fc
-@@ -10,6 +10,7 @@
+@@ -10,7 +10,9 @@
/var/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
/var/lib/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
+/var/lib/clamd.* gen_context(system_u:object_r:clamd_var_lib_t,s0)
/var/log/clamav.* gen_context(system_u:object_r:clamd_var_log_t,s0)
++/var/log/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0)
/var/log/clamav/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0)
/var/log/clamd.* gen_context(system_u:object_r:clamd_var_log_t,s0)
+ /var/run/amavis(d)?/clamd\.pid -- gen_context(system_u:object_r:clamd_var_run_t,s0)
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 1f11572..7f6a7ab 100644
--- a/policy/modules/services/clamav.if
@@ -24377,7 +24540,7 @@ index 1f11572..7f6a7ab 100644
')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
-index f758323..28166c1 100644
+index f758323..a2e2d35 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -1,9 +1,9 @@
@@ -24526,7 +24689,7 @@ index f758323..28166c1 100644
files_read_etc_files(clamscan_t)
files_read_etc_runtime_files(clamscan_t)
-@@ -264,7 +286,12 @@ miscfiles_read_public_files(clamscan_t)
+@@ -264,10 +286,15 @@ miscfiles_read_public_files(clamscan_t)
clamav_stream_connect(clamscan_t)
@@ -24539,7 +24702,11 @@ index f758323..28166c1 100644
+')
optional_policy(`
- amavis_read_spool_files(clamscan_t)
+- amavis_read_spool_files(clamscan_t)
++ amavis_manage_spool_files(clamscan_t)
+ ')
+
+ optional_policy(`
diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te
index b40f3f7..3676ecc 100644
--- a/policy/modules/services/clockspeed.te
@@ -25318,10 +25485,10 @@ index 0000000..939d76e
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
new file mode 100644
-index 0000000..74788d2
+index 0000000..837a832
--- /dev/null
+++ b/policy/modules/services/colord.te
-@@ -0,0 +1,108 @@
+@@ -0,0 +1,114 @@
+policy_module(colord,1.0.0)
+
+########################################
@@ -25367,6 +25534,7 @@ index 0000000..74788d2
+
+kernel_getattr_proc_files(colord_t)
+kernel_read_device_sysctls(colord_t)
++kernel_request_load_module(colord_t)
+
+corenet_udp_bind_generic_node(colord_t)
+corenet_udp_bind_ipp_port(colord_t)
@@ -25382,6 +25550,7 @@ index 0000000..74788d2
+dev_read_urand(colord_t)
+dev_list_sysfs(colord_t)
+dev_rw_generic_usb_dev(colord_t)
++
+storage_getattr_fixed_disk_dev(colord_t)
+storage_read_scsi_generic(colord_t)
+storage_write_scsi_generic(colord_t)
@@ -25392,15 +25561,19 @@ index 0000000..74788d2
+files_read_etc_files(colord_t)
+files_read_usr_files(colord_t)
+
++fs_search_all(colord_t)
++fs_read_noxattr_fs_files(colord_t)
++
++storage_read_scsi_generic(colord_t)
++storage_write_scsi_generic(colord_t)
++storage_getattr_fixed_disk_dev(colord_t)
++
+logging_send_syslog_msg(colord_t)
+
+miscfiles_read_localization(colord_t)
+
+sysnet_dns_name_resolve(colord_t)
+
-+fs_search_all(colord_t)
-+fs_read_noxattr_fs_files(colord_t)
-+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_read_nfs_files(colord_t)
+')
@@ -25843,7 +26016,7 @@ index 2eefc08..6030f34 100644
+
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
-index 35241ed..b6c4cc9 100644
+index 35241ed..9ba011e 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -12,6 +12,11 @@
@@ -25858,8 +26031,12 @@ index 35241ed..b6c4cc9 100644
##############################
#
# Declarations
-@@ -34,8 +39,12 @@ template(`cron_common_crontab_template',`
- allow $1_t self:process { setsched signal_perms };
+@@ -31,11 +36,15 @@ template(`cron_common_crontab_template',`
+
+ # dac_override is to create the file in the directory under /tmp
+ allow $1_t self:capability { fowner setuid setgid chown dac_override };
+- allow $1_t self:process { setsched signal_perms };
++ allow $1_t self:process { getcap setsched signal_perms };
allow $1_t self:fifo_file rw_fifo_file_perms;
- allow $1_t $1_tmp_t:file manage_file_perms;
@@ -25882,7 +26059,20 @@ index 35241ed..b6c4cc9 100644
kernel_read_system_state($1_t)
-@@ -62,6 +71,7 @@ template(`cron_common_crontab_template',`
+@@ -51,6 +60,8 @@ template(`cron_common_crontab_template',`
+ selinux_dontaudit_search_fs($1_t)
+
+ fs_getattr_xattr_fs($1_t)
++ fs_manage_cgroup_dirs($1_t)
++ fs_manage_cgroup_files($1_t)
+
+ domain_use_interactive_fds($1_t)
+
+@@ -59,12 +70,15 @@ template(`cron_common_crontab_template',`
+ files_dontaudit_search_pids($1_t)
+
+ auth_domtrans_chk_passwd($1_t)
++ auth_rw_var_auth($1_t)
logging_send_syslog_msg($1_t)
logging_send_audit_msgs($1_t)
@@ -25890,7 +26080,11 @@ index 35241ed..b6c4cc9 100644
init_dontaudit_write_utmp($1_t)
init_read_utmp($1_t)
-@@ -73,9 +83,10 @@ template(`cron_common_crontab_template',`
++ init_read_state($1_t)
+
+ miscfiles_read_localization($1_t)
+
+@@ -73,9 +87,10 @@ template(`cron_common_crontab_template',`
userdom_manage_user_tmp_dirs($1_t)
userdom_manage_user_tmp_files($1_t)
# Access terminals.
@@ -25902,7 +26096,7 @@ index 35241ed..b6c4cc9 100644
tunable_policy(`fcron_crond',`
# fcron wants an instant update of a crontab change for the administrator
-@@ -102,10 +113,12 @@ template(`cron_common_crontab_template',`
+@@ -102,10 +117,12 @@ template(`cron_common_crontab_template',`
## User domain for the role
## </summary>
## </param>
@@ -25915,7 +26109,7 @@ index 35241ed..b6c4cc9 100644
')
role $1 types { cronjob_t crontab_t };
-@@ -116,9 +129,16 @@ interface(`cron_role',`
+@@ -116,9 +133,16 @@ interface(`cron_role',`
# Transition from the user domain to the derived domain.
domtrans_pattern($2, crontab_exec_t, crontab_t)
@@ -25924,7 +26118,7 @@ index 35241ed..b6c4cc9 100644
+ allow $2 crond_t:process sigchld;
+
+ # needs to be authorized SELinux context for cron
-+ allow $2 user_cron_spool_t:file entrypoint;
++ allow $2 user_cron_spool_t:file { getattr read write ioctl entrypoint };
+
# crontab shows up in user ps
ps_process_pattern($2, crontab_t)
@@ -25933,7 +26127,7 @@ index 35241ed..b6c4cc9 100644
# Run helper programs as the user domain
#corecmd_bin_domtrans(crontab_t, $2)
-@@ -132,9 +152,8 @@ interface(`cron_role',`
+@@ -132,9 +156,8 @@ interface(`cron_role',`
')
dbus_stub(cronjob_t)
@@ -25944,7 +26138,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -151,29 +170,18 @@ interface(`cron_role',`
+@@ -151,29 +174,18 @@ interface(`cron_role',`
## User domain for the role
## </summary>
## </param>
@@ -25978,7 +26172,7 @@ index 35241ed..b6c4cc9 100644
optional_policy(`
gen_require(`
-@@ -181,9 +189,8 @@ interface(`cron_unconfined_role',`
+@@ -181,9 +193,8 @@ interface(`cron_unconfined_role',`
')
dbus_stub(unconfined_cronjob_t)
@@ -25989,7 +26183,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -200,6 +207,7 @@ interface(`cron_unconfined_role',`
+@@ -200,6 +211,7 @@ interface(`cron_unconfined_role',`
## User domain for the role
## </summary>
## </param>
@@ -25997,7 +26191,7 @@ index 35241ed..b6c4cc9 100644
#
interface(`cron_admin_role',`
gen_require(`
-@@ -220,7 +228,7 @@ interface(`cron_admin_role',`
+@@ -220,7 +232,7 @@ interface(`cron_admin_role',`
# crontab shows up in user ps
ps_process_pattern($2, admin_crontab_t)
@@ -26006,7 +26200,7 @@ index 35241ed..b6c4cc9 100644
# Run helper programs as the user domain
#corecmd_bin_domtrans(admin_crontab_t, $2)
-@@ -234,9 +242,8 @@ interface(`cron_admin_role',`
+@@ -234,9 +246,8 @@ interface(`cron_admin_role',`
')
dbus_stub(admin_cronjob_t)
@@ -26017,7 +26211,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -304,7 +311,7 @@ interface(`cron_exec',`
+@@ -304,7 +315,7 @@ interface(`cron_exec',`
########################################
## <summary>
@@ -26026,7 +26220,7 @@ index 35241ed..b6c4cc9 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -408,7 +415,43 @@ interface(`cron_rw_pipes',`
+@@ -408,7 +419,43 @@ interface(`cron_rw_pipes',`
type crond_t;
')
@@ -26071,7 +26265,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -481,6 +524,7 @@ interface(`cron_manage_pid_files',`
+@@ -481,6 +528,7 @@ interface(`cron_manage_pid_files',`
type crond_var_run_t;
')
@@ -26079,7 +26273,7 @@ index 35241ed..b6c4cc9 100644
manage_files_pattern($1, crond_var_run_t, crond_var_run_t)
')
-@@ -536,7 +580,7 @@ interface(`cron_write_system_job_pipes',`
+@@ -536,7 +584,7 @@ interface(`cron_write_system_job_pipes',`
type system_cronjob_t;
')
@@ -26088,7 +26282,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -554,7 +598,7 @@ interface(`cron_rw_system_job_pipes',`
+@@ -554,7 +602,7 @@ interface(`cron_rw_system_job_pipes',`
type system_cronjob_t;
')
@@ -26097,7 +26291,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -587,11 +631,14 @@ interface(`cron_rw_system_job_stream_sockets',`
+@@ -587,11 +635,14 @@ interface(`cron_rw_system_job_stream_sockets',`
#
interface(`cron_read_system_job_tmp_files',`
gen_require(`
@@ -26113,7 +26307,7 @@ index 35241ed..b6c4cc9 100644
')
########################################
-@@ -627,7 +674,47 @@ interface(`cron_dontaudit_append_system_job_tmp_files',`
+@@ -627,7 +678,47 @@ interface(`cron_dontaudit_append_system_job_tmp_files',`
interface(`cron_dontaudit_write_system_job_tmp_files',`
gen_require(`
type system_cronjob_tmp_t;
@@ -26162,7 +26356,7 @@ index 35241ed..b6c4cc9 100644
+ manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
-index f7583ab..254e671 100644
+index f7583ab..e6ddde9 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -10,18 +10,18 @@ gen_require(`
@@ -26278,9 +26472,12 @@ index f7583ab..254e671 100644
# fcron wants an instant update of a crontab change for the administrator
# also crontab does a security check for crontab -u
allow admin_crontab_t self:process setfscreate;
-@@ -138,7 +151,7 @@ tunable_policy(`fcron_crond', `
+@@ -136,9 +149,9 @@ tunable_policy(`fcron_crond', `
+ # Cron daemon local policy
+ #
- allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
+-allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
++allow crond_t self:capability { dac_override chown setgid setuid sys_nice dac_read_search };
dontaudit crond_t self:capability { sys_resource sys_tty_config };
-allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
@@ -27031,7 +27228,7 @@ index 81eba14..d0ab56c 100644
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
-index 0d5711c..1564a13 100644
+index 0d5711c..6e35cb2 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -41,9 +41,9 @@ interface(`dbus_stub',`
@@ -27242,29 +27439,54 @@ index 0d5711c..1564a13 100644
dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
')
')
-@@ -497,3 +554,23 @@ interface(`dbus_unconfined',`
+@@ -463,26 +520,25 @@ interface(`dbus_use_system_bus_fds',`
- typeattribute $1 dbusd_unconfined;
+ ########################################
+ ## <summary>
+-## Dontaudit Read, and write system dbus TCP sockets.
++## Allow unconfined access to the system DBUS.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+-## Domain to not audit.
++## Domain allowed access.
+ ## </summary>
+ ## </param>
+ #
+-interface(`dbus_dontaudit_system_bus_rw_tcp_sockets',`
++interface(`dbus_unconfined',`
+ gen_require(`
+- type system_dbusd_t;
++ attribute dbusd_unconfined;
+ ')
+
+- allow $1 system_dbusd_t:tcp_socket { read write };
+- allow $1 system_dbusd_t:fd use;
++ typeattribute $1 dbusd_unconfined;
')
-+
-+########################################
-+## <summary>
+
+ ########################################
+ ## <summary>
+-## Allow unconfined access to the system DBUS.
+## Delete all dbus pid files
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+@@ -490,10 +546,12 @@ interface(`dbus_dontaudit_system_bus_rw_tcp_sockets',`
+ ## </summary>
+ ## </param>
+ #
+-interface(`dbus_unconfined',`
+interface(`dbus_delete_pid_files',`
-+ gen_require(`
+ gen_require(`
+- attribute dbusd_unconfined;
+ type system_dbusd_var_run_t;
-+ ')
-+
+ ')
+
+- typeattribute $1 dbusd_unconfined;
+ files_search_pids($1)
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
-+')
+ ')
+
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 86d09b4..8e05351 100644
@@ -29550,8 +29772,20 @@ index f28f64b..0b19f11 100644
')
optional_policy(`
+diff --git a/policy/modules/services/fail2ban.fc b/policy/modules/services/fail2ban.fc
+index 0de2b83..b93171c 100644
+--- a/policy/modules/services/fail2ban.fc
++++ b/policy/modules/services/fail2ban.fc
+@@ -1,6 +1,7 @@
+ /etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
+
+ /usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
++/usr/bin/fail2ban-client -- gen_context(system_u:object_r:fail2ban_client_exec_t,s0)
+ /usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
+
+ /var/lib/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
-index f590a1f..3cc3f80 100644
+index f590a1f..338e5bf 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -5,9 +5,9 @@
@@ -29566,7 +29800,42 @@ index f590a1f..3cc3f80 100644
## </param>
#
interface(`fail2ban_domtrans',`
-@@ -102,9 +102,9 @@ interface(`fail2ban_read_log',`
+@@ -40,6 +40,25 @@ interface(`fail2ban_stream_connect',`
+
+ ########################################
+ ## <summary>
++## Read and write inherited temporary files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fail2ban_rw_inherited_tmp_files',`
++ gen_require(`
++ type fail2ban_tmp_t;
++ ')
++
++ files_search_tmp($1)
++ allow $1 fail2ban_tmp_t:file rw_inherited_file_perms;
++')
++
++########################################
++## <summary>
+ ## Read and write to an fail2ban unix stream socket.
+ ## </summary>
+ ## <param name="domain">
+@@ -72,7 +91,7 @@ interface(`fail2ban_read_lib_files',`
+ ')
+
+ files_search_var_lib($1)
+- allow $1 fail2ban_var_lib_t:file read_file_perms;
++ read_files_pattern($1, fail2ban_var_lib_t, fail2ban_var_lib_t)
+ ')
+
+ ########################################
+@@ -102,9 +121,9 @@ interface(`fail2ban_read_log',`
## fail2ban log files.
## </summary>
## <param name="domain">
@@ -29578,7 +29847,7 @@ index f590a1f..3cc3f80 100644
## </param>
#
interface(`fail2ban_append_log',`
-@@ -138,6 +138,26 @@ interface(`fail2ban_read_pid_files',`
+@@ -138,6 +157,26 @@ interface(`fail2ban_read_pid_files',`
########################################
## <summary>
@@ -29605,23 +29874,57 @@ index f590a1f..3cc3f80 100644
## All of the rules required to administrate
## an fail2ban environment
## </summary>
-@@ -155,8 +175,8 @@ interface(`fail2ban_read_pid_files',`
+@@ -155,12 +194,13 @@ interface(`fail2ban_read_pid_files',`
#
interface(`fail2ban_admin',`
gen_require(`
- type fail2ban_t, fail2ban_log_t;
- type fail2ban_var_run_t, fail2ban_initrc_exec_t;
+ type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
-+ type fail2ban_var_run_t;
++ type fail2ban_var_run_t, fail2ban_var_lib_t, fail2ban_tmp_t;
++ type fail2ban_client_t;
')
- allow $1 fail2ban_t:process { ptrace signal_perms };
+- allow $1 fail2ban_t:process { ptrace signal_perms };
+- ps_process_pattern($1, fail2ban_t)
++ allow $1 { fail2ban_t fail2ban_client_t }:process { ptrace signal_perms };
++ ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
+
+ init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
+ domain_system_change_exemption($1)
+@@ -172,4 +212,10 @@ interface(`fail2ban_admin',`
+
+ files_list_pids($1)
+ admin_pattern($1, fail2ban_var_run_t)
++
++ files_list_var_lib($1)
++ admin_pattern($1, fail2ban_var_lib_t)
++
++ files_list_tmp($1)
++ admin_pattern($1, fail2ban_tmp_t)
+ ')
diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te
-index 2a69e5e..84e7ce2 100644
+index 2a69e5e..e6d2dd2 100644
--- a/policy/modules/services/fail2ban.te
+++ b/policy/modules/services/fail2ban.te
-@@ -28,7 +28,7 @@ files_pid_file(fail2ban_var_run_t)
- # fail2ban local policy
+@@ -23,12 +23,22 @@ files_type(fail2ban_var_lib_t)
+ type fail2ban_var_run_t;
+ files_pid_file(fail2ban_var_run_t)
+
++type fail2ban_tmp_t;
++files_tmp_file(fail2ban_tmp_t)
++
++type fail2ban_client_t;
++type fail2ban_client_exec_t;
++init_daemon_domain(fail2ban_client_t, fail2ban_client_exec_t)
++
++# new in F16
++permissive fail2ban_client_t;
++
+ ########################################
+ #
+-# fail2ban local policy
++# fail2ban server local policy
#
-allow fail2ban_t self:capability { sys_tty_config };
@@ -29629,7 +29932,7 @@ index 2a69e5e..84e7ce2 100644
allow fail2ban_t self:process signal;
allow fail2ban_t self:fifo_file rw_fifo_file_perms;
allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
-@@ -36,7 +36,7 @@ allow fail2ban_t self:unix_dgram_socket create_socket_perms;
+@@ -36,7 +46,7 @@ allow fail2ban_t self:unix_dgram_socket create_socket_perms;
allow fail2ban_t self:tcp_socket create_stream_socket_perms;
# log files
@@ -29638,7 +29941,18 @@ index 2a69e5e..84e7ce2 100644
manage_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
-@@ -66,6 +66,7 @@ corenet_sendrecv_whois_client_packets(fail2ban_t)
+@@ -50,6 +60,10 @@ manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+ manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+ files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { dir file sock_file })
+
++manage_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
++exec_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
++files_tmp_filetrans(fail2ban_t, fail2ban_tmp_t, file)
++
+ kernel_read_system_state(fail2ban_t)
+
+ corecmd_exec_bin(fail2ban_t)
+@@ -66,6 +80,7 @@ corenet_sendrecv_whois_client_packets(fail2ban_t)
dev_read_urand(fail2ban_t)
domain_use_interactive_fds(fail2ban_t)
@@ -29646,7 +29960,7 @@ index 2a69e5e..84e7ce2 100644
files_read_etc_files(fail2ban_t)
files_read_etc_runtime_files(fail2ban_t)
-@@ -94,5 +95,9 @@ optional_policy(`
+@@ -94,5 +109,34 @@ optional_policy(`
')
optional_policy(`
@@ -29656,6 +29970,31 @@ index 2a69e5e..84e7ce2 100644
+optional_policy(`
iptables_domtrans(fail2ban_t)
')
++
++optional_policy(`
++ libs_exec_ldconfig(fail2ban_t)
++')
++
++########################################
++#
++# fail2ban client local policy
++#
++
++domtrans_pattern(fail2ban_client_t, fail2ban_exec_t, fail2ban_t)
++
++stream_connect_pattern(fail2ban_client_t, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
++
++kernel_read_system_state(fail2ban_client_t)
++
++# python
++corecmd_exec_bin(fail2ban_client_t)
++
++# nsswitch.conf, passwd
++files_read_etc_files(fail2ban_client_t)
++files_read_usr_files(fail2ban_client_t)
++files_search_pids(fail2ban_client_t)
++
++miscfiles_read_localization(fail2ban_client_t)
diff --git a/policy/modules/services/fetchmail.if b/policy/modules/services/fetchmail.if
index 6537214..7d64c0a 100644
--- a/policy/modules/services/fetchmail.if
@@ -29938,7 +30277,7 @@ index bc27421..a65582e 100644
## <summary>
## Allow domain dyntransition to sftpd_anon domain.
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
-index 8a74a83..a75cf2c 100644
+index 8a74a83..0e56a5d 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -40,6 +40,13 @@ gen_tunable(allow_ftpd_use_nfs, false)
@@ -30040,7 +30379,18 @@ index 8a74a83..a75cf2c 100644
')
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
-@@ -316,6 +338,25 @@ optional_policy(`
+@@ -309,6 +331,10 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ fail2ban_read_lib_files(ftpd_t)
++')
++
++optional_policy(`
+ selinux_validate_context(ftpd_t)
+
+ kerberos_keytab_template(ftpd, ftpd_t)
+@@ -316,6 +342,25 @@ optional_policy(`
')
optional_policy(`
@@ -30066,7 +30416,7 @@ index 8a74a83..a75cf2c 100644
inetd_tcp_service_domain(ftpd_t, ftpd_exec_t)
optional_policy(`
-@@ -347,16 +388,17 @@ optional_policy(`
+@@ -347,16 +392,17 @@ optional_policy(`
# Allow ftpdctl to talk to ftpd over a socket connection
stream_connect_pattern(ftpdctl_t, ftpd_var_run_t, ftpd_var_run_t, ftpd_t)
@@ -30086,7 +30436,7 @@ index 8a74a83..a75cf2c 100644
########################################
#
-@@ -368,15 +410,28 @@ files_read_etc_files(sftpd_t)
+@@ -368,15 +414,28 @@ files_read_etc_files(sftpd_t)
# allow read access to /home by default
userdom_read_user_home_content_files(sftpd_t)
userdom_read_user_home_content_symlinks(sftpd_t)
@@ -30936,10 +31286,10 @@ index 671d8fd..25c7ab8 100644
+ dontaudit gnomeclock_t $1:dbus send_msg;
+')
diff --git a/policy/modules/services/gnomeclock.te b/policy/modules/services/gnomeclock.te
-index 4fde46b..4417f4e 100644
+index 4fde46b..b9032a7 100644
--- a/policy/modules/services/gnomeclock.te
+++ b/policy/modules/services/gnomeclock.te
-@@ -9,24 +9,31 @@ type gnomeclock_t;
+@@ -9,24 +9,32 @@ type gnomeclock_t;
type gnomeclock_exec_t;
dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)
@@ -30961,6 +31311,7 @@ index 4fde46b..4417f4e 100644
+
corecmd_exec_bin(gnomeclock_t)
+corecmd_exec_shell(gnomeclock_t)
++corecmd_dontaudit_access_check_bin(gnomeclock_t)
files_read_etc_files(gnomeclock_t)
+files_read_etc_runtime_files(gnomeclock_t)
@@ -30974,7 +31325,7 @@ index 4fde46b..4417f4e 100644
miscfiles_read_localization(gnomeclock_t)
miscfiles_manage_localization(gnomeclock_t)
-@@ -35,12 +42,51 @@ miscfiles_etc_filetrans_localization(gnomeclock_t)
+@@ -35,12 +43,51 @@ miscfiles_etc_filetrans_localization(gnomeclock_t)
userdom_read_all_users_state(gnomeclock_t)
optional_policy(`
@@ -32166,7 +32517,7 @@ index 3525d24..923e979 100644
/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
+/var/tmp/HTTP_23 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
-index 604f67b..04309ea 100644
+index 604f67b..1692784 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -26,9 +26,9 @@
@@ -32354,7 +32705,7 @@ index 604f67b..04309ea 100644
+ type kerberos_home_t;
+ ')
+
-+ userdom_admin_home_dir_filetrans($1, kerberos_home_t, file, .k5login)
++ userdom_admin_home_dir_filetrans($1, kerberos_home_t, file, ".k5login")
+')
+
+########################################
@@ -32372,7 +32723,7 @@ index 604f67b..04309ea 100644
+ type kerberos_home_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, kerberos_home_t, file, .k5login)
++ userdom_user_home_dir_filetrans($1, kerberos_home_t, file, ".k5login")
+')
+
+########################################
@@ -32391,18 +32742,18 @@ index 604f67b..04309ea 100644
+ type krb5kdc_principal_t;
+ ')
+
-+ files_etc_filetrans($1, krb5_conf_t, file, krb5.conf)
-+ filetrans_pattern($1, krb5kdc_conf_t, krb5_keytab_t, file, kadm5.keytab)
-+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal)
-+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal0)
-+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal1)
-+ #filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal1)
++ files_etc_filetrans($1, krb5_conf_t, file, "krb5.conf")
++ filetrans_pattern($1, krb5kdc_conf_t, krb5_keytab_t, file, "kadm5.keytab")
++ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal")
++ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal0")
++ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal1")
++ #filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal1")
+
-+ kerberos_etc_filetrans_keytab($1, krb5.keytab)
++ kerberos_etc_filetrans_keytab($1, "krb5.keytab")
+ kerberos_filetrans_admin_home_content($1)
+
-+ kerberos_tmp_filetrans_host_rcache($1, host_0)
-+ kerberos_tmp_filetrans_host_rcache($1, HTTP_23)
++ kerberos_tmp_filetrans_host_rcache($1, "host_0")
++ kerberos_tmp_filetrans_host_rcache($1, "HTTP_23")
+')
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index 8edc29b..92dde2c 100644
@@ -32999,7 +33350,7 @@ index 49e04e5..69db026 100644
/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
diff --git a/policy/modules/services/lircd.te b/policy/modules/services/lircd.te
-index 6a78de1..ae8af5b 100644
+index 6a78de1..0aebce6 100644
--- a/policy/modules/services/lircd.te
+++ b/policy/modules/services/lircd.te
@@ -13,7 +13,7 @@ type lircd_initrc_exec_t;
@@ -33011,7 +33362,15 @@ index 6a78de1..ae8af5b 100644
type lircd_var_run_t alias lircd_sock_t;
files_pid_file(lircd_var_run_t)
-@@ -44,13 +44,13 @@ corenet_tcp_bind_lirc_port(lircd_t)
+@@ -24,6 +24,7 @@ files_pid_file(lircd_var_run_t)
+ #
+
+ allow lircd_t self:capability { chown kill sys_admin };
++allow lircd_t self:process signal;
+ allow lircd_t self:fifo_file rw_fifo_file_perms;
+ allow lircd_t self:unix_dgram_socket create_socket_perms;
+ allow lircd_t self:tcp_socket create_stream_socket_perms;
+@@ -44,13 +45,13 @@ corenet_tcp_bind_lirc_port(lircd_t)
corenet_tcp_sendrecv_all_ports(lircd_t)
corenet_tcp_connect_lirc_port(lircd_t)
@@ -34866,7 +35225,7 @@ index 256166a..df99841 100644
/usr/sbin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
-index 343cee3..0fbbe06 100644
+index 343cee3..a1094e2 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -37,9 +37,9 @@ interface(`mta_stub',`
@@ -35152,8 +35511,8 @@ index 343cee3..0fbbe06 100644
+ type mail_home_t;
+ ')
+
-+ userdom_admin_home_dir_filetrans($1, mail_home_t, file, dead.letter)
-+ userdom_admin_home_dir_filetrans($1, mail_home_t, file, .forward)
++ userdom_admin_home_dir_filetrans($1, mail_home_t, file, "dead.letter")
++ userdom_admin_home_dir_filetrans($1, mail_home_t, file, ".forward")
+')
+
+########################################
@@ -35171,8 +35530,8 @@ index 343cee3..0fbbe06 100644
+ type mail_home_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, mail_home_t, file, dead.letter)
-+ userdom_user_home_dir_filetrans($1, mail_home_t, file, .forward)
++ userdom_user_home_dir_filetrans($1, mail_home_t, file, "dead.letter")
++ userdom_user_home_dir_filetrans($1, mail_home_t, file, ".forward")
+')
+
+########################################
@@ -35192,13 +35551,13 @@ index 343cee3..0fbbe06 100644
+ ')
+
+ filetrans_pattern($1, etc_mail_t, etc_aliases_t, { dir file })
-+ mta_etc_filetrans_aliases($1, aliases)
-+ mta_etc_filetrans_aliases($1, aliases.db)
++ mta_etc_filetrans_aliases($1, "aliases")
++ mta_etc_filetrans_aliases($1, "aliases.db")
+ mta_filetrans_home_content($1)
+ mta_filetrans_admin_home_content($1)
+')
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
-index 64268e4..9ddac52 100644
+index 64268e4..24ab364 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -20,8 +20,8 @@ files_type(etc_aliases_t)
@@ -35291,7 +35650,7 @@ index 64268e4..9ddac52 100644
')
optional_policy(`
-@@ -124,12 +132,8 @@ optional_policy(`
+@@ -124,12 +132,9 @@ optional_policy(`
')
optional_policy(`
@@ -35302,10 +35661,11 @@ index 64268e4..9ddac52 100644
-optional_policy(`
fail2ban_append_log(system_mail_t)
+ fail2ban_dontaudit_leaks(system_mail_t)
++ fail2ban_rw_inherited_tmp_files(system_mail_t)
')
optional_policy(`
-@@ -146,6 +150,10 @@ optional_policy(`
+@@ -146,6 +151,10 @@ optional_policy(`
')
optional_policy(`
@@ -35316,7 +35676,7 @@ index 64268e4..9ddac52 100644
nagios_read_tmp_files(system_mail_t)
')
-@@ -158,18 +166,6 @@ optional_policy(`
+@@ -158,18 +167,6 @@ optional_policy(`
files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
domain_use_interactive_fds(system_mail_t)
@@ -35335,7 +35695,7 @@ index 64268e4..9ddac52 100644
')
optional_policy(`
-@@ -189,6 +185,10 @@ optional_policy(`
+@@ -189,6 +186,10 @@ optional_policy(`
')
optional_policy(`
@@ -35346,7 +35706,7 @@ index 64268e4..9ddac52 100644
smartmon_read_tmp_files(system_mail_t)
')
-@@ -199,7 +199,7 @@ optional_policy(`
+@@ -199,7 +200,7 @@ optional_policy(`
arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(mta_user_agent)
@@ -35355,7 +35715,7 @@ index 64268e4..9ddac52 100644
arpwatch_dontaudit_rw_packet_sockets(mta_user_agent)
')
-@@ -220,7 +220,8 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+@@ -220,7 +221,8 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
@@ -35365,7 +35725,7 @@ index 64268e4..9ddac52 100644
read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
-@@ -242,6 +243,10 @@ optional_policy(`
+@@ -242,6 +244,10 @@ optional_policy(`
')
optional_policy(`
@@ -35376,7 +35736,7 @@ index 64268e4..9ddac52 100644
# so MTA can access /var/lib/mailman/mail/wrapper
files_search_var_lib(mailserver_delivery)
-@@ -249,16 +254,21 @@ optional_policy(`
+@@ -249,16 +255,21 @@ optional_policy(`
mailman_read_data_symlinks(mailserver_delivery)
')
@@ -35400,7 +35760,7 @@ index 64268e4..9ddac52 100644
# Create dead.letter in user home directories.
userdom_manage_user_home_content_files(user_mail_t)
userdom_user_home_dir_filetrans_user_home_content(user_mail_t, file)
-@@ -292,3 +302,44 @@ optional_policy(`
+@@ -292,3 +303,44 @@ optional_policy(`
postfix_read_config(user_mail_t)
postfix_list_spool(user_mail_t)
')
@@ -39301,7 +39661,7 @@ index 55e62d2..6082184 100644
/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)
/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
-index 46bee12..37bd751 100644
+index 46bee12..f064487 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -34,8 +34,9 @@ template(`postfix_domain_template',`
@@ -39332,7 +39692,16 @@ index 46bee12..37bd751 100644
files_read_usr_symlinks(postfix_$1_t)
files_search_spool(postfix_$1_t)
files_getattr_tmp_dirs(postfix_$1_t)
-@@ -272,7 +274,8 @@ interface(`postfix_read_local_state',`
+@@ -165,6 +167,8 @@ template(`postfix_user_domain_template',`
+ domtrans_pattern(postfix_user_domtrans, postfix_$1_exec_t, postfix_$1_t)
+
+ domain_use_interactive_fds(postfix_$1_t)
++
++ application_domain(postfix_$1_t, postfix_$1_exec_t)
+ ')
+
+ ########################################
+@@ -272,7 +276,8 @@ interface(`postfix_read_local_state',`
type postfix_local_t;
')
@@ -39342,7 +39711,7 @@ index 46bee12..37bd751 100644
')
########################################
-@@ -290,7 +293,8 @@ interface(`postfix_read_master_state',`
+@@ -290,7 +295,8 @@ interface(`postfix_read_master_state',`
type postfix_master_t;
')
@@ -39352,7 +39721,7 @@ index 46bee12..37bd751 100644
')
########################################
-@@ -376,6 +380,25 @@ interface(`postfix_domtrans_master',`
+@@ -376,6 +382,25 @@ interface(`postfix_domtrans_master',`
domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
')
@@ -39378,7 +39747,7 @@ index 46bee12..37bd751 100644
########################################
## <summary>
## Execute the master postfix program in the
-@@ -404,7 +427,6 @@ interface(`postfix_exec_master',`
+@@ -404,7 +429,6 @@ interface(`postfix_exec_master',`
## Domain allowed access.
## </summary>
## </param>
@@ -39386,7 +39755,7 @@ index 46bee12..37bd751 100644
#
interface(`postfix_stream_connect_master',`
gen_require(`
-@@ -416,6 +438,24 @@ interface(`postfix_stream_connect_master',`
+@@ -416,6 +440,24 @@ interface(`postfix_stream_connect_master',`
########################################
## <summary>
@@ -39411,7 +39780,7 @@ index 46bee12..37bd751 100644
## Execute the master postdrop in the
## postfix_postdrop domain.
## </summary>
-@@ -462,7 +502,7 @@ interface(`postfix_domtrans_postqueue',`
+@@ -462,7 +504,7 @@ interface(`postfix_domtrans_postqueue',`
## </summary>
## </param>
#
@@ -39420,7 +39789,7 @@ index 46bee12..37bd751 100644
gen_require(`
type postfix_postqueue_exec_t;
')
-@@ -529,6 +569,25 @@ interface(`postfix_domtrans_smtp',`
+@@ -529,6 +571,25 @@ interface(`postfix_domtrans_smtp',`
########################################
## <summary>
@@ -39446,7 +39815,7 @@ index 46bee12..37bd751 100644
## Search postfix mail spool directories.
## </summary>
## <param name="domain">
-@@ -539,10 +598,10 @@ interface(`postfix_domtrans_smtp',`
+@@ -539,10 +600,10 @@ interface(`postfix_domtrans_smtp',`
#
interface(`postfix_search_spool',`
gen_require(`
@@ -39459,7 +39828,7 @@ index 46bee12..37bd751 100644
files_search_spool($1)
')
-@@ -558,10 +617,10 @@ interface(`postfix_search_spool',`
+@@ -558,10 +619,10 @@ interface(`postfix_search_spool',`
#
interface(`postfix_list_spool',`
gen_require(`
@@ -39472,7 +39841,7 @@ index 46bee12..37bd751 100644
files_search_spool($1)
')
-@@ -577,11 +636,11 @@ interface(`postfix_list_spool',`
+@@ -577,11 +638,11 @@ interface(`postfix_list_spool',`
#
interface(`postfix_read_spool_files',`
gen_require(`
@@ -39486,7 +39855,7 @@ index 46bee12..37bd751 100644
')
########################################
-@@ -596,11 +655,11 @@ interface(`postfix_read_spool_files',`
+@@ -596,11 +657,11 @@ interface(`postfix_read_spool_files',`
#
interface(`postfix_manage_spool_files',`
gen_require(`
@@ -39500,7 +39869,7 @@ index 46bee12..37bd751 100644
')
########################################
-@@ -621,3 +680,103 @@ interface(`postfix_domtrans_user_mail_handler',`
+@@ -621,3 +682,103 @@ interface(`postfix_domtrans_user_mail_handler',`
typeattribute $1 postfix_user_domtrans;
')
@@ -42570,10 +42939,10 @@ index de37806..229a3c7 100644
+ read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+')
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
-index 93c896a..883f6f5 100644
+index 93c896a..2331615 100644
--- a/policy/modules/services/rhcs.te
+++ b/policy/modules/services/rhcs.te
-@@ -6,13 +6,15 @@ policy_module(rhcs, 1.1.0)
+@@ -6,13 +6,22 @@ policy_module(rhcs, 1.1.0)
#
## <desc>
@@ -42586,13 +42955,20 @@ index 93c896a..883f6f5 100644
## </desc>
gen_tunable(fenced_can_network_connect, false)
++## <desc>
++## <p>
++## Allow fenced domain to execute ssh.
++## </p>
++## </desc>
++gen_tunable(fenced_can_ssh, false)
++
attribute cluster_domain;
+attribute cluster_tmpfs;
+attribute cluster_pid;
rhcs_domain_template(dlm_controld)
-@@ -24,6 +26,8 @@ files_lock_file(fenced_lock_t)
+@@ -24,6 +33,8 @@ files_lock_file(fenced_lock_t)
type fenced_tmp_t;
files_tmp_file(fenced_tmp_t)
@@ -42601,7 +42977,7 @@ index 93c896a..883f6f5 100644
rhcs_domain_template(gfs_controld)
rhcs_domain_template(groupd)
-@@ -33,6 +37,10 @@ rhcs_domain_template(qdiskd)
+@@ -33,6 +44,10 @@ rhcs_domain_template(qdiskd)
type qdiskd_var_lib_t;
files_type(qdiskd_var_lib_t)
@@ -42612,7 +42988,7 @@ index 93c896a..883f6f5 100644
#####################################
#
# dlm_controld local policy
-@@ -55,20 +63,17 @@ fs_manage_configfs_dirs(dlm_controld_t)
+@@ -55,20 +70,17 @@ fs_manage_configfs_dirs(dlm_controld_t)
init_rw_script_tmp_files(dlm_controld_t)
@@ -42635,7 +43011,7 @@ index 93c896a..883f6f5 100644
can_exec(fenced_t, fenced_exec_t)
-@@ -82,7 +87,10 @@ files_tmp_filetrans(fenced_t, fenced_tmp_t, { file fifo_file dir })
+@@ -82,8 +94,12 @@ files_tmp_filetrans(fenced_t, fenced_tmp_t, { file fifo_file dir })
stream_connect_pattern(fenced_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
@@ -42644,24 +43020,37 @@ index 93c896a..883f6f5 100644
corecmd_exec_bin(fenced_t)
+corecmd_exec_shell(fenced_t)
++corenet_tcp_bind_zented_port(fenced_t)
corenet_tcp_connect_http_port(fenced_t)
-@@ -104,9 +112,13 @@ tunable_policy(`fenced_can_network_connect',`
- corenet_tcp_connect_all_ports(fenced_t)
+ dev_read_sysfs(fenced_t)
+@@ -105,8 +121,24 @@ tunable_policy(`fenced_can_network_connect',`
')
+ optional_policy(`
++ tunable_policy(`fenced_can_ssh',`
++
++ allow fenced_t self:capability { setuid setgid };
++
++ corenet_tcp_connect_ssh_port(fenced_t)
++
++ ssh_exec(fenced_t)
++ ssh_read_user_home_files(fenced_t)
++ ')
++')
++
+# needed by fence_scsi
+optional_policy(`
+ corosync_exec(fenced_t)
+')
+
- optional_policy(`
++optional_policy(`
ccs_read_config(fenced_t)
- ccs_stream_connect(fenced_t)
')
optional_policy(`
-@@ -114,13 +126,37 @@ optional_policy(`
+@@ -114,13 +146,37 @@ optional_policy(`
lvm_read_config(fenced_t)
')
@@ -42700,7 +43089,7 @@ index 93c896a..883f6f5 100644
allow gfs_controld_t self:shm create_shm_perms;
allow gfs_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
-@@ -139,10 +175,6 @@ storage_getattr_removable_dev(gfs_controld_t)
+@@ -139,10 +195,6 @@ storage_getattr_removable_dev(gfs_controld_t)
init_rw_script_tmp_files(gfs_controld_t)
optional_policy(`
@@ -42711,7 +43100,7 @@ index 93c896a..883f6f5 100644
lvm_exec(gfs_controld_t)
dev_rw_lvm_control(gfs_controld_t)
')
-@@ -154,9 +186,10 @@ optional_policy(`
+@@ -154,9 +206,10 @@ optional_policy(`
allow groupd_t self:capability { sys_nice sys_resource };
allow groupd_t self:process setsched;
@@ -42723,7 +43112,7 @@ index 93c896a..883f6f5 100644
dev_list_sysfs(groupd_t)
files_read_etc_files(groupd_t)
-@@ -168,8 +201,7 @@ init_rw_script_tmp_files(groupd_t)
+@@ -168,8 +221,7 @@ init_rw_script_tmp_files(groupd_t)
# qdiskd local policy
#
@@ -42733,7 +43122,7 @@ index 93c896a..883f6f5 100644
allow qdiskd_t self:tcp_socket create_stream_socket_perms;
allow qdiskd_t self:udp_socket create_socket_perms;
-@@ -199,6 +231,8 @@ files_dontaudit_getattr_all_sockets(qdiskd_t)
+@@ -199,6 +251,8 @@ files_dontaudit_getattr_all_sockets(qdiskd_t)
files_dontaudit_getattr_all_pipes(qdiskd_t)
files_read_etc_files(qdiskd_t)
@@ -42742,7 +43131,7 @@ index 93c896a..883f6f5 100644
storage_raw_read_removable_device(qdiskd_t)
storage_raw_write_removable_device(qdiskd_t)
storage_raw_read_fixed_disk(qdiskd_t)
-@@ -207,10 +241,6 @@ storage_raw_write_fixed_disk(qdiskd_t)
+@@ -207,10 +261,6 @@ storage_raw_write_fixed_disk(qdiskd_t)
auth_use_nsswitch(qdiskd_t)
optional_policy(`
@@ -42753,7 +43142,7 @@ index 93c896a..883f6f5 100644
netutils_domtrans_ping(qdiskd_t)
')
-@@ -223,18 +253,28 @@ optional_policy(`
+@@ -223,18 +273,28 @@ optional_policy(`
# rhcs domains common policy
#
@@ -44490,6 +44879,181 @@ index 150c85d..71e9315 100644
########################################
#
+diff --git a/policy/modules/services/sanlock.fc b/policy/modules/services/sanlock.fc
+new file mode 100644
+index 0000000..19d7347
+--- /dev/null
++++ b/policy/modules/services/sanlock.fc
+@@ -0,0 +1,6 @@
++
++/etc/rc\.d/init\.d/sanlock -- gen_context(system_u:object_r:sanlock_initrc_exec_t,s0)
++
++/var/run/sanlock(/.*)? gen_context(system_u:object_r:sanlock_var_run_t,s0)
++
++/usr/sbin/sanlock -- gen_context(system_u:object_r:sanlock_exec_t,s0)
+diff --git a/policy/modules/services/sanlock.if b/policy/modules/services/sanlock.if
+new file mode 100644
+index 0000000..21a17ce
+--- /dev/null
++++ b/policy/modules/services/sanlock.if
+@@ -0,0 +1,92 @@
++
++## <summary>policy for sanlock</summary>
++
++
++########################################
++## <summary>
++## Execute a domain transition to run sanlock.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`sanlock_domtrans',`
++ gen_require(`
++ type sanlock_t, sanlock_exec_t;
++ ')
++
++ domtrans_pattern($1, sanlock_exec_t, sanlock_t)
++')
++
++
++########################################
++## <summary>
++## Execute sanlock server in the sanlock domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`sanlock_initrc_domtrans',`
++ gen_require(`
++ type sanlock_initrc_exec_t;
++ ')
++
++ init_labeled_script_domtrans($1, sanlock_initrc_exec_t)
++')
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an sanlock environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`sanlock_admin',`
++ gen_require(`
++ type sanlock_t;
++ type sanlock_initrc_exec_t;
++ ')
++
++ allow $1 sanlock_t:process { ptrace signal_perms };
++ ps_process_pattern($1, sanlock_t)
++
++ sanlock_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 sanlock_initrc_exec_t system_r;
++ allow $2 system_r;
++
++')
++
++########################################
++## <summary>
++## Connect to sanlock over an unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`sanlock_stream_connect',`
++ gen_require(`
++ type sanlock_t, sanlock_var_run_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, sanlock_var_run_t, sanlock_var_run_t, sanlock_t)
++')
+diff --git a/policy/modules/services/sanlock.te b/policy/modules/services/sanlock.te
+new file mode 100644
+index 0000000..86d947e
+--- /dev/null
++++ b/policy/modules/services/sanlock.te
+@@ -0,0 +1,59 @@
++policy_module(sanlock,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type sanlock_t;
++type sanlock_exec_t;
++init_daemon_domain(sanlock_t, sanlock_exec_t)
++
++permissive sanlock_t;
++
++type sanlock_var_run_t;
++files_pid_file(sanlock_var_run_t)
++
++type sanlock_initrc_exec_t;
++init_script_file(sanlock_initrc_exec_t)
++
++########################################
++#
++# sanlock local policy
++#
++allow sanlock_t self:capability { sys_nice ipc_lock };
++allow sanlock_t self:process { setsched signull };
++
++allow sanlock_t self:fifo_file rw_fifo_file_perms;
++allow sanlock_t self:unix_stream_socket create_stream_socket_perms;
++
++manage_dirs_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
++manage_files_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
++manage_sock_files_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
++
++domain_use_interactive_fds(sanlock_t)
++
++files_read_etc_files(sanlock_t)
++
++logging_send_syslog_msg(sanlock_t)
++
++init_read_utmp(sanlock_t)
++init_dontaudit_write_utmp(sanlock_t)
++
++miscfiles_read_localization(sanlock_t)
++
++wdmd_stream_connect(sanlock_t)
++require {
++ type sanlock_t;
++}
++
++#============= sanlock_t ==============
++storage_raw_rw_fixed_disk(sanlock_t)
++
++gen_require(`
++ attribute virt_domain;
++')
++
++# virt_kill_svirt(sanlock_t)
++# virt_signal_svirt(sanlock_t)
++allow sanlock_t virt_domain:process { signal sigkill };
diff --git a/policy/modules/services/sasl.if b/policy/modules/services/sasl.if
index f1aea88..a5a75a8 100644
--- a/policy/modules/services/sasl.if
@@ -45943,7 +46507,7 @@ index 078bcd7..2d60774 100644
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..0ecf6e4 100644
+index 22adaca..76e8829 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,10 +32,10 @@
@@ -46299,8 +46863,8 @@ index 22adaca..0ecf6e4 100644
+ type ssh_home_t;
+ ')
+
-+ userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
-+ userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, .shosts)
++ userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, ".ssh")
++ userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, ".shosts")
+')
+
+########################################
@@ -46320,8 +46884,8 @@ index 22adaca..0ecf6e4 100644
+ type ssh_home_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
-+ userdom_user_home_dir_filetrans($1, ssh_home_t, dir, .shosts)
++ userdom_user_home_dir_filetrans($1, ssh_home_t, dir, ".ssh")
++ userdom_user_home_dir_filetrans($1, ssh_home_t, dir, ".shosts")
+')
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 2dad3c8..c71bdb9 100644
@@ -47907,7 +48471,7 @@ index 2124b6a..9682c44 100644
+/var/lib/oz(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
+/var/lib/oz/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
-index 7c5d8d8..16f69c9 100644
+index 7c5d8d8..0516ded 100644
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -13,14 +13,15 @@
@@ -48342,11 +48906,11 @@ index 7c5d8d8..16f69c9 100644
+ type virt_home_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, virt_home_t, dir, .libvirt)
-+ userdom_user_home_dir_filetrans($1, virt_home_t, dir, .virtinst)
++ userdom_user_home_dir_filetrans($1, virt_home_t, dir, ".libvirt")
++ userdom_user_home_dir_filetrans($1, virt_home_t, dir, ".virtinst")
')
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..f715498 100644
+index 3eca020..0caac74 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -5,56 +5,66 @@ policy_module(virt, 1.4.0)
@@ -48724,7 +49288,7 @@ index 3eca020..f715498 100644
')
optional_policy(`
-@@ -385,23 +486,35 @@ optional_policy(`
+@@ -385,23 +486,37 @@ optional_policy(`
udev_read_db(virtd_t)
')
@@ -48762,10 +49326,12 @@ index 3eca020..f715498 100644
+
+dontaudit virtd_t virt_domain:process { siginh noatsecure rlimitinh };
+
++dontaudit virt_domain virt_tmpfs_type:file { read write };
++
append_files_pattern(virt_domain, virt_log_t, virt_log_t)
append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t)
-@@ -422,6 +535,7 @@ corenet_rw_tun_tap_dev(virt_domain)
+@@ -422,6 +537,7 @@ corenet_rw_tun_tap_dev(virt_domain)
corenet_tcp_bind_virt_migration_port(virt_domain)
corenet_tcp_connect_virt_migration_port(virt_domain)
@@ -48773,7 +49339,7 @@ index 3eca020..f715498 100644
dev_read_rand(virt_domain)
dev_read_sound(virt_domain)
dev_read_urand(virt_domain)
-@@ -429,10 +543,12 @@ dev_write_sound(virt_domain)
+@@ -429,10 +545,12 @@ dev_write_sound(virt_domain)
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
@@ -48786,7 +49352,7 @@ index 3eca020..f715498 100644
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -440,8 +556,16 @@ files_search_all(virt_domain)
+@@ -440,8 +558,16 @@ files_search_all(virt_domain)
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
@@ -48804,7 +49370,7 @@ index 3eca020..f715498 100644
term_getattr_pty_fs(virt_domain)
term_use_generic_ptys(virt_domain)
term_use_ptmx(virt_domain)
-@@ -457,8 +581,117 @@ optional_policy(`
+@@ -457,8 +583,117 @@ optional_policy(`
')
optional_policy(`
@@ -49199,6 +49765,174 @@ index 1174ad8..f4c4c1b 100644
sysnet_dns_name_resolve(httpd_w3c_validator_script_t)
+
+apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
+diff --git a/policy/modules/services/wdmd.fc b/policy/modules/services/wdmd.fc
+new file mode 100644
+index 0000000..2f21759
+--- /dev/null
++++ b/policy/modules/services/wdmd.fc
+@@ -0,0 +1,6 @@
++
++/etc/rc\.d/init\.d/wdmd -- gen_context(system_u:object_r:wdmd_initrc_exec_t,s0)
++
++/var/run/wdmd(/.*)? gen_context(system_u:object_r:wdmd_var_run_t,s0)
++
++/usr/sbin/wdmd -- gen_context(system_u:object_r:wdmd_exec_t,s0)
+diff --git a/policy/modules/services/wdmd.if b/policy/modules/services/wdmd.if
+new file mode 100644
+index 0000000..51831f9
+--- /dev/null
++++ b/policy/modules/services/wdmd.if
+@@ -0,0 +1,92 @@
++
++## <summary>policy for wdmd</summary>
++
++
++########################################
++## <summary>
++## Execute a domain transition to run wdmd.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`wdmd_domtrans',`
++ gen_require(`
++ type wdmd_t, wdmd_exec_t;
++ ')
++
++ domtrans_pattern($1, wdmd_exec_t, wdmd_t)
++')
++
++
++########################################
++## <summary>
++## Execute wdmd server in the wdmd domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`wdmd_initrc_domtrans',`
++ gen_require(`
++ type wdmd_initrc_exec_t;
++ ')
++
++ init_labeled_script_domtrans($1, wdmd_initrc_exec_t)
++')
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an wdmd environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`wdmd_admin',`
++ gen_require(`
++ type wdmd_t;
++ type wdmd_initrc_exec_t;
++ ')
++
++ allow $1 wdmd_t:process { ptrace signal_perms };
++ ps_process_pattern($1, wdmd_t)
++
++ wdmd_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 wdmd_initrc_exec_t system_r;
++ allow $2 system_r;
++
++')
++
++########################################
++## <summary>
++## Connect to wdmd over an unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`wdmd_stream_connect',`
++ gen_require(`
++ type wdmd_t, wdmd_var_run_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, wdmd_var_run_t, wdmd_var_run_t, wdmd_t)
++')
+diff --git a/policy/modules/services/wdmd.te b/policy/modules/services/wdmd.te
+new file mode 100644
+index 0000000..9017079
+--- /dev/null
++++ b/policy/modules/services/wdmd.te
+@@ -0,0 +1,52 @@
++policy_module(wdmd,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type wdmd_t;
++type wdmd_exec_t;
++init_daemon_domain(wdmd_t, wdmd_exec_t)
++
++permissive wdmd_t;
++
++type wdmd_var_run_t;
++files_pid_file(wdmd_var_run_t)
++
++type wdmd_initrc_exec_t;
++init_script_file(wdmd_initrc_exec_t)
++
++########################################
++#
++# wdmd local policy
++#
++allow wdmd_t self:capability { sys_nice ipc_lock };
++allow wdmd_t self:process { setsched signal };
++
++allow wdmd_t self:fifo_file rw_fifo_file_perms;
++allow wdmd_t self:unix_stream_socket create_stream_socket_perms;
++
++manage_dirs_pattern(wdmd_t, wdmd_var_run_t, wdmd_var_run_t)
++manage_files_pattern(wdmd_t, wdmd_var_run_t, wdmd_var_run_t)
++manage_sock_files_pattern(wdmd_t, wdmd_var_run_t, wdmd_var_run_t)
++
++dev_write_watchdog(wdmd_t)
++
++domain_use_interactive_fds(wdmd_t)
++
++files_read_etc_files(wdmd_t)
++
++logging_send_syslog_msg(wdmd_t)
++
++miscfiles_read_localization(wdmd_t)
++
++fs_read_anon_inodefs_files(wdmd_t)
++
++gen_require(`
++ type watchdog_device_t;
++')
++
++#dev_read_watchdog(wdmd_t)
++#============= wdmd_t ==============
++allow wdmd_t watchdog_device_t:chr_file read;
diff --git a/policy/modules/services/xfs.if b/policy/modules/services/xfs.if
index aa6e5a8..42a0efb 100644
--- a/policy/modules/services/xfs.if
@@ -49344,7 +50078,7 @@ index 6f1e3c7..a3986f4 100644
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
-index 130ced9..463447d 100644
+index 130ced9..092ae1d 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -19,9 +19,10 @@
@@ -49585,12 +50319,12 @@ index 130ced9..463447d 100644
allow $2 xauth_home_t:file read_file_perms;
allow $2 iceauth_home_t:file read_file_perms;
-+ userdom_user_home_dir_filetrans($2, iceauth_home_t, file, .DCOP)
-+ userdom_user_home_dir_filetrans($2, iceauth_home_t, file, .ICEauthority)
-+ userdom_user_home_dir_filetrans($2, xauth_home_t, file, .Xauthority)
-+ userdom_user_home_dir_filetrans($2, xauth_home_t, file, .xauth)
-+ userdom_user_home_dir_filetrans($2, xdm_home_t, file, .xsession-errors)
-+ userdom_user_home_dir_filetrans($2, xdm_home_t, file, .dmrc)
++ userdom_user_home_dir_filetrans($2, iceauth_home_t, file, ".DCOP")
++ userdom_user_home_dir_filetrans($2, iceauth_home_t, file, ".ICEauthority")
++ userdom_user_home_dir_filetrans($2, xauth_home_t, file, ".Xauthority")
++ userdom_user_home_dir_filetrans($2, xauth_home_t, file, ".xauth")
++ userdom_user_home_dir_filetrans($2, xdm_home_t, file, ".xsession-errors")
++ userdom_user_home_dir_filetrans($2, xdm_home_t, file, ".dmrc")
+
# for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use;
@@ -50389,9 +51123,9 @@ index 130ced9..463447d 100644
+
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+
-+# userdom_user_home_dir_filetrans($1, user_fonts_t, dir, .fonts.d)
-+# userdom_user_home_dir_filetrans($1, user_fonts_t, dir, .fonts)
-+# userdom_user_home_dir_filetrans($1, user_fonts_cache_t, dir, .fontconfig)
++# userdom_user_home_dir_filetrans($1, user_fonts_t, dir, ".fonts.d")
++# userdom_user_home_dir_filetrans($1, user_fonts_t, dir, ".fonts")
++# userdom_user_home_dir_filetrans($1, user_fonts_cache_t, dir, ".fontconfig")
+')
+
+########################################
@@ -50415,21 +51149,21 @@ index 130ced9..463447d 100644
+ type user_fonts_config_t;
+ ')
+
-+ userdom_user_home_dir_filetrans($1, xdm_home_t, file, .dmrc)
-+ userdom_user_home_dir_filetrans($1, xdm_home_t, file, .xsession-errors)
-+ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, .DCOP)
-+ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, .ICEauthority)
-+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, .Xauthority)
-+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, .xauth)
-+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, .Xauth)
-+ userdom_user_home_dir_filetrans($1, user_fonts_config_t, file, .fonts.conf)
-+ userdom_user_home_dir_filetrans($1, user_fonts_config_t, dir, .fonts.d)
-+ userdom_user_home_dir_filetrans($1, user_fonts_t, dir, .fonts)
-+ userdom_user_home_dir_filetrans($1, user_fonts_cache_t, dir, .fontconfig)
-+ filetrans_pattern($1, user_fonts_t, user_fonts_cache_t, dir, auto)
++ userdom_user_home_dir_filetrans($1, xdm_home_t, file, ".dmrc")
++ userdom_user_home_dir_filetrans($1, xdm_home_t, file, ".xsession-errors")
++ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, ".DCOP")
++ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, ".ICEauthority")
++ userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauthority")
++ userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".xauth")
++ userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauth")
++ userdom_user_home_dir_filetrans($1, user_fonts_config_t, file, ".fonts.conf")
++ userdom_user_home_dir_filetrans($1, user_fonts_config_t, dir, ".fonts.d")
++ userdom_user_home_dir_filetrans($1, user_fonts_t, dir, ".fonts")
++ userdom_user_home_dir_filetrans($1, user_fonts_cache_t, dir, ".fontconfig")
++ filetrans_pattern($1, user_fonts_t, user_fonts_cache_t, dir, "auto")
+')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 6c01261..1a345d6 100644
+index 6c01261..fb82ba3 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -26,27 +26,50 @@ gen_require(`
@@ -50635,7 +51369,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files(iceauth_t)
-@@ -247,50 +301,109 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -247,50 +301,110 @@ tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(iceauth_t)
')
@@ -50663,6 +51397,7 @@ index 6c01261..1a345d6 100644
+allow xauth_t self:capability dac_override;
allow xauth_t self:process signal;
++allow xauth_t self:shm create_shm_perms;
allow xauth_t self:unix_stream_socket create_stream_socket_perms;
+allow xauth_t xdm_t:process sigchld;
@@ -50751,7 +51486,7 @@ index 6c01261..1a345d6 100644
optional_policy(`
ssh_sigchld(xauth_t)
ssh_read_pipes(xauth_t)
-@@ -302,20 +415,34 @@ optional_policy(`
+@@ -302,20 +416,34 @@ optional_policy(`
# XDM Local policy
#
@@ -50790,7 +51525,7 @@ index 6c01261..1a345d6 100644
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -323,43 +450,62 @@ can_exec(xdm_t, xdm_exec_t)
+@@ -323,43 +451,62 @@ can_exec(xdm_t, xdm_exec_t)
allow xdm_t xdm_lock_t:file manage_file_perms;
files_lock_filetrans(xdm_t, xdm_lock_t, file)
@@ -50859,7 +51594,7 @@ index 6c01261..1a345d6 100644
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -368,18 +514,26 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
+@@ -368,18 +515,26 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
@@ -50883,11 +51618,11 @@ index 6c01261..1a345d6 100644
corecmd_exec_shell(xdm_t)
corecmd_exec_bin(xdm_t)
-+corecmd_dontaudit_write_bin_files(xdm_t)
++corecmd_dontaudit_access_check_bin(xdm_t)
corenet_all_recvfrom_unlabeled(xdm_t)
corenet_all_recvfrom_netlabel(xdm_t)
-@@ -391,18 +545,22 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
+@@ -391,18 +546,22 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_generic_node(xdm_t)
corenet_udp_bind_generic_node(xdm_t)
@@ -50911,7 +51646,7 @@ index 6c01261..1a345d6 100644
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -411,18 +569,24 @@ dev_setattr_xserver_misc_dev(xdm_t)
+@@ -411,18 +570,24 @@ dev_setattr_xserver_misc_dev(xdm_t)
dev_getattr_misc_dev(xdm_t)
dev_setattr_misc_dev(xdm_t)
dev_dontaudit_rw_misc(xdm_t)
@@ -50939,7 +51674,7 @@ index 6c01261..1a345d6 100644
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
-@@ -433,9 +597,23 @@ files_list_mnt(xdm_t)
+@@ -433,9 +598,23 @@ files_list_mnt(xdm_t)
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -50963,7 +51698,7 @@ index 6c01261..1a345d6 100644
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -444,28 +622,36 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
+@@ -444,28 +623,36 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -51002,7 +51737,7 @@ index 6c01261..1a345d6 100644
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -474,9 +660,30 @@ userdom_read_user_home_content_files(xdm_t)
+@@ -474,9 +661,30 @@ userdom_read_user_home_content_files(xdm_t)
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -51033,7 +51768,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_t)
-@@ -492,6 +699,14 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -492,6 +700,14 @@ tunable_policy(`use_samba_home_dirs',`
fs_exec_cifs_files(xdm_t)
')
@@ -51048,7 +51783,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`xdm_sysadm_login',`
userdom_xsession_spec_domtrans_all_users(xdm_t)
# FIXME:
-@@ -505,11 +720,21 @@ tunable_policy(`xdm_sysadm_login',`
+@@ -505,11 +721,21 @@ tunable_policy(`xdm_sysadm_login',`
')
optional_policy(`
@@ -51070,7 +51805,7 @@ index 6c01261..1a345d6 100644
')
optional_policy(`
-@@ -517,7 +742,43 @@ optional_policy(`
+@@ -517,7 +743,43 @@ optional_policy(`
')
optional_policy(`
@@ -51115,7 +51850,7 @@ index 6c01261..1a345d6 100644
')
optional_policy(`
-@@ -527,6 +788,16 @@ optional_policy(`
+@@ -527,6 +789,16 @@ optional_policy(`
')
optional_policy(`
@@ -51132,7 +51867,7 @@ index 6c01261..1a345d6 100644
hostname_exec(xdm_t)
')
-@@ -544,28 +815,65 @@ optional_policy(`
+@@ -544,28 +816,65 @@ optional_policy(`
')
optional_policy(`
@@ -51207,7 +51942,7 @@ index 6c01261..1a345d6 100644
')
optional_policy(`
-@@ -577,6 +885,14 @@ optional_policy(`
+@@ -577,6 +886,14 @@ optional_policy(`
')
optional_policy(`
@@ -51222,7 +51957,7 @@ index 6c01261..1a345d6 100644
xfs_stream_connect(xdm_t)
')
-@@ -601,7 +917,7 @@ allow xserver_t input_xevent_t:x_event send;
+@@ -601,7 +918,7 @@ allow xserver_t input_xevent_t:x_event send;
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -51231,7 +51966,7 @@ index 6c01261..1a345d6 100644
dontaudit xserver_t self:capability chown;
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:fd use;
-@@ -615,8 +931,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
+@@ -615,8 +932,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -51247,7 +51982,7 @@ index 6c01261..1a345d6 100644
manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-@@ -635,12 +958,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
+@@ -635,12 +959,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -51269,7 +52004,7 @@ index 6c01261..1a345d6 100644
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -648,6 +978,7 @@ kernel_read_modprobe_sysctls(xserver_t)
+@@ -648,6 +979,7 @@ kernel_read_modprobe_sysctls(xserver_t)
# Xorg wants to check if kernel is tainted
kernel_read_kernel_sysctls(xserver_t)
kernel_write_proc_files(xserver_t)
@@ -51277,7 +52012,7 @@ index 6c01261..1a345d6 100644
# Run helper programs in xserver_t.
corecmd_exec_bin(xserver_t)
-@@ -674,7 +1005,6 @@ dev_rw_apm_bios(xserver_t)
+@@ -674,7 +1006,6 @@ dev_rw_apm_bios(xserver_t)
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -51285,7 +52020,7 @@ index 6c01261..1a345d6 100644
dev_create_generic_dirs(xserver_t)
dev_setattr_generic_dirs(xserver_t)
# raw memory access is needed if not using the frame buffer
-@@ -684,11 +1014,17 @@ dev_wx_raw_memory(xserver_t)
+@@ -684,11 +1015,17 @@ dev_wx_raw_memory(xserver_t)
dev_rw_xserver_misc(xserver_t)
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev(xserver_t)
@@ -51303,7 +52038,7 @@ index 6c01261..1a345d6 100644
# brought on by rhgb
files_search_mnt(xserver_t)
-@@ -699,8 +1035,13 @@ fs_getattr_xattr_fs(xserver_t)
+@@ -699,8 +1036,13 @@ fs_getattr_xattr_fs(xserver_t)
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -51317,7 +52052,7 @@ index 6c01261..1a345d6 100644
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -713,8 +1054,6 @@ init_getpgid(xserver_t)
+@@ -713,8 +1055,6 @@ init_getpgid(xserver_t)
term_setattr_unallocated_ttys(xserver_t)
term_use_unallocated_ttys(xserver_t)
@@ -51326,7 +52061,7 @@ index 6c01261..1a345d6 100644
locallogin_use_fds(xserver_t)
logging_send_syslog_msg(xserver_t)
-@@ -722,11 +1061,12 @@ logging_send_audit_msgs(xserver_t)
+@@ -722,11 +1062,12 @@ logging_send_audit_msgs(xserver_t)
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -51341,7 +52076,7 @@ index 6c01261..1a345d6 100644
userdom_search_user_home_dirs(xserver_t)
userdom_use_user_ttys(xserver_t)
-@@ -780,16 +1120,36 @@ optional_policy(`
+@@ -780,16 +1121,36 @@ optional_policy(`
')
optional_policy(`
@@ -51379,7 +52114,7 @@ index 6c01261..1a345d6 100644
unconfined_domtrans(xserver_t)
')
-@@ -798,6 +1158,10 @@ optional_policy(`
+@@ -798,6 +1159,10 @@ optional_policy(`
')
optional_policy(`
@@ -51390,7 +52125,7 @@ index 6c01261..1a345d6 100644
xfs_stream_connect(xserver_t)
')
-@@ -813,10 +1177,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
+@@ -813,10 +1178,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
# NB we do NOT allow xserver_t xdm_var_lib_t:dir, only access to an open
# handle of a file inside the dir!!!
@@ -51404,7 +52139,7 @@ index 6c01261..1a345d6 100644
# Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -824,7 +1188,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
+@@ -824,7 +1189,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
# Run xkbcomp.
@@ -51413,7 +52148,7 @@ index 6c01261..1a345d6 100644
can_exec(xserver_t, xkb_var_lib_t)
# VNC v4 module in X server
-@@ -837,6 +1201,9 @@ init_use_fds(xserver_t)
+@@ -837,6 +1202,9 @@ init_use_fds(xserver_t)
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -51423,7 +52158,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
-@@ -844,6 +1211,11 @@ tunable_policy(`use_nfs_home_dirs',`
+@@ -844,6 +1212,11 @@ tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_symlinks(xserver_t)
')
@@ -51435,7 +52170,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_dirs(xserver_t)
fs_manage_cifs_files(xserver_t)
-@@ -852,11 +1224,14 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -852,11 +1225,14 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -51452,7 +52187,7 @@ index 6c01261..1a345d6 100644
')
optional_policy(`
-@@ -864,6 +1239,10 @@ optional_policy(`
+@@ -864,6 +1240,10 @@ optional_policy(`
rhgb_rw_tmpfs_files(xserver_t)
')
@@ -51463,7 +52198,7 @@ index 6c01261..1a345d6 100644
########################################
#
# Rules common to all X window domains
-@@ -907,7 +1286,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
+@@ -907,7 +1287,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -51472,7 +52207,7 @@ index 6c01261..1a345d6 100644
# operations allowed on all windows
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
-@@ -961,11 +1340,31 @@ allow x_domain self:x_resource { read write };
+@@ -961,11 +1341,31 @@ allow x_domain self:x_resource { read write };
# can mess with the screensaver
allow x_domain xserver_t:x_screen { getattr saver_getattr };
@@ -51504,7 +52239,7 @@ index 6c01261..1a345d6 100644
tunable_policy(`! xserver_object_manager',`
# should be xserver_unconfined(x_domain),
# but typeattribute doesnt work in conditionals
-@@ -987,18 +1386,32 @@ tunable_policy(`! xserver_object_manager',`
+@@ -987,18 +1387,32 @@ tunable_policy(`! xserver_object_manager',`
allow x_domain xevent_type:{ x_event x_synthetic_event } *;
')
@@ -53920,7 +54655,7 @@ index cc83689..48662f1 100644
+')
+
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index ea29513..787ac51 100644
+index ea29513..353ef34 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -16,6 +16,34 @@ gen_require(`
@@ -54209,7 +54944,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -199,10 +359,25 @@ optional_policy(`
+@@ -199,10 +359,26 @@ optional_policy(`
')
optional_policy(`
@@ -54224,6 +54959,7 @@ index ea29513..787ac51 100644
optional_policy(`
+ udev_read_db(init_t)
+ udev_relabelto_db(init_t)
++ udev_create_kobject_uevent_socket(init_t)
+')
+
+optional_policy(`
@@ -54235,7 +54971,7 @@ index ea29513..787ac51 100644
unconfined_domain(init_t)
')
-@@ -212,7 +387,7 @@ optional_policy(`
+@@ -212,7 +388,7 @@ optional_policy(`
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -54244,7 +54980,7 @@ index ea29513..787ac51 100644
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -241,12 +416,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+@@ -241,12 +417,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -54260,7 +54996,7 @@ index ea29513..787ac51 100644
init_write_initctl(initrc_t)
-@@ -258,20 +436,32 @@ kernel_change_ring_buffer_level(initrc_t)
+@@ -258,20 +437,32 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -54297,7 +55033,7 @@ index ea29513..787ac51 100644
corenet_tcp_sendrecv_all_ports(initrc_t)
corenet_udp_sendrecv_all_ports(initrc_t)
corenet_tcp_connect_all_ports(initrc_t)
-@@ -279,6 +469,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
+@@ -279,6 +470,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
dev_read_rand(initrc_t)
dev_read_urand(initrc_t)
@@ -54305,7 +55041,7 @@ index ea29513..787ac51 100644
dev_write_kmsg(initrc_t)
dev_write_rand(initrc_t)
dev_write_urand(initrc_t)
-@@ -289,8 +480,10 @@ dev_write_framebuffer(initrc_t)
+@@ -289,8 +481,10 @@ dev_write_framebuffer(initrc_t)
dev_read_realtime_clock(initrc_t)
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
@@ -54316,7 +55052,7 @@ index ea29513..787ac51 100644
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -298,13 +491,13 @@ dev_manage_generic_files(initrc_t)
+@@ -298,13 +492,13 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -54332,7 +55068,7 @@ index ea29513..787ac51 100644
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
-@@ -316,6 +509,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
+@@ -316,6 +510,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
domain_dontaudit_getattr_all_pipes(initrc_t)
@@ -54340,7 +55076,7 @@ index ea29513..787ac51 100644
files_getattr_all_dirs(initrc_t)
files_getattr_all_files(initrc_t)
-@@ -323,8 +517,10 @@ files_getattr_all_symlinks(initrc_t)
+@@ -323,8 +518,10 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -54352,7 +55088,7 @@ index ea29513..787ac51 100644
files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t)
-@@ -340,8 +536,12 @@ files_list_isid_type_dirs(initrc_t)
+@@ -340,8 +537,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -54366,7 +55102,7 @@ index ea29513..787ac51 100644
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
-@@ -351,6 +551,8 @@ fs_mount_all_fs(initrc_t)
+@@ -351,6 +552,8 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -54375,7 +55111,7 @@ index ea29513..787ac51 100644
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
-@@ -363,6 +565,7 @@ mls_process_read_up(initrc_t)
+@@ -363,6 +566,7 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -54383,7 +55119,7 @@ index ea29513..787ac51 100644
selinux_get_enforce_mode(initrc_t)
-@@ -374,6 +577,7 @@ term_use_all_terms(initrc_t)
+@@ -374,6 +578,7 @@ term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
@@ -54391,7 +55127,7 @@ index ea29513..787ac51 100644
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
-@@ -394,18 +598,17 @@ logging_read_audit_config(initrc_t)
+@@ -394,18 +599,17 @@ logging_read_audit_config(initrc_t)
miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript
@@ -54413,7 +55149,7 @@ index ea29513..787ac51 100644
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
-@@ -458,6 +661,10 @@ ifdef(`distro_gentoo',`
+@@ -458,6 +662,10 @@ ifdef(`distro_gentoo',`
sysnet_setattr_config(initrc_t)
optional_policy(`
@@ -54424,7 +55160,7 @@ index ea29513..787ac51 100644
alsa_read_lib(initrc_t)
')
-@@ -478,7 +685,7 @@ ifdef(`distro_redhat',`
+@@ -478,7 +686,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -54433,7 +55169,7 @@ index ea29513..787ac51 100644
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -493,6 +700,7 @@ ifdef(`distro_redhat',`
+@@ -493,6 +701,7 @@ ifdef(`distro_redhat',`
files_create_boot_dirs(initrc_t)
files_create_boot_flag(initrc_t)
files_rw_boot_symlinks(initrc_t)
@@ -54441,7 +55177,7 @@ index ea29513..787ac51 100644
# wants to read /.fonts directory
files_read_default_files(initrc_t)
files_mountpoint(initrc_tmp_t)
-@@ -522,8 +730,29 @@ ifdef(`distro_redhat',`
+@@ -522,8 +731,29 @@ ifdef(`distro_redhat',`
')
optional_policy(`
@@ -54471,7 +55207,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -531,10 +760,22 @@ ifdef(`distro_redhat',`
+@@ -531,10 +761,22 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -54486,15 +55222,15 @@ index ea29513..787ac51 100644
+ sysnet_relabelfrom_dhcpc_state(initrc_t)
+ sysnet_relabelfrom_net_conf(initrc_t)
+ sysnet_relabelto_net_conf(initrc_t)
-+ sysnet_etc_filetrans_config(initrc_t, resolv.conf)
-+ sysnet_etc_filetrans_config(initrc_t, denyhosts)
-+ sysnet_etc_filetrans_config(initrc_t, hosts)
-+ sysnet_etc_filetrans_config(initrc_t, ethers)
-+ sysnet_etc_filetrans_config(initrc_t, yp.conf)
++ sysnet_etc_filetrans_config(initrc_t, "resolv.conf")
++ sysnet_etc_filetrans_config(initrc_t, "denyhosts")
++ sysnet_etc_filetrans_config(initrc_t, "hosts")
++ sysnet_etc_filetrans_config(initrc_t, "ethers")
++ sysnet_etc_filetrans_config(initrc_t, "yp.conf")
')
optional_policy(`
-@@ -549,6 +790,39 @@ ifdef(`distro_suse',`
+@@ -549,6 +791,39 @@ ifdef(`distro_suse',`
')
')
@@ -54534,7 +55270,7 @@ index ea29513..787ac51 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -561,6 +835,8 @@ optional_policy(`
+@@ -561,6 +836,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -54543,7 +55279,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -577,6 +853,7 @@ optional_policy(`
+@@ -577,6 +854,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -54551,7 +55287,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -589,6 +866,11 @@ optional_policy(`
+@@ -589,6 +867,11 @@ optional_policy(`
')
optional_policy(`
@@ -54563,7 +55299,7 @@ index ea29513..787ac51 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -605,9 +887,13 @@ optional_policy(`
+@@ -605,9 +888,13 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -54577,7 +55313,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -649,6 +935,11 @@ optional_policy(`
+@@ -649,6 +936,11 @@ optional_policy(`
')
optional_policy(`
@@ -54589,7 +55325,7 @@ index ea29513..787ac51 100644
inn_exec_config(initrc_t)
')
-@@ -706,7 +997,13 @@ optional_policy(`
+@@ -706,7 +998,13 @@ optional_policy(`
')
optional_policy(`
@@ -54603,7 +55339,7 @@ index ea29513..787ac51 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -729,6 +1026,10 @@ optional_policy(`
+@@ -729,6 +1027,10 @@ optional_policy(`
')
optional_policy(`
@@ -54614,7 +55350,7 @@ index ea29513..787ac51 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -738,10 +1039,20 @@ optional_policy(`
+@@ -738,10 +1040,20 @@ optional_policy(`
')
optional_policy(`
@@ -54635,7 +55371,7 @@ index ea29513..787ac51 100644
quota_manage_flags(initrc_t)
')
-@@ -750,6 +1061,10 @@ optional_policy(`
+@@ -750,6 +1062,10 @@ optional_policy(`
')
optional_policy(`
@@ -54646,7 +55382,7 @@ index ea29513..787ac51 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -771,8 +1086,6 @@ optional_policy(`
+@@ -771,8 +1087,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -54655,7 +55391,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -781,14 +1094,21 @@ optional_policy(`
+@@ -781,14 +1095,21 @@ optional_policy(`
')
optional_policy(`
@@ -54677,7 +55413,7 @@ index ea29513..787ac51 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -800,7 +1120,6 @@ optional_policy(`
+@@ -800,7 +1121,6 @@ optional_policy(`
')
optional_policy(`
@@ -54685,7 +55421,7 @@ index ea29513..787ac51 100644
udev_manage_pid_files(initrc_t)
udev_manage_rules_files(initrc_t)
')
-@@ -810,11 +1129,24 @@ optional_policy(`
+@@ -810,11 +1130,24 @@ optional_policy(`
')
optional_policy(`
@@ -54711,7 +55447,7 @@ index ea29513..787ac51 100644
ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited
-@@ -824,6 +1156,25 @@ optional_policy(`
+@@ -824,6 +1157,25 @@ optional_policy(`
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -54737,7 +55473,7 @@ index ea29513..787ac51 100644
')
optional_policy(`
-@@ -849,3 +1200,42 @@ optional_policy(`
+@@ -849,3 +1201,42 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -57171,15 +57907,16 @@ index 72c746e..704d2d7 100644
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
+/var/run/mount(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
-index 8b5c196..f66d272 100644
+index 8b5c196..ae934cd 100644
--- a/policy/modules/system/mount.if
+++ b/policy/modules/system/mount.if
-@@ -16,6 +16,16 @@ interface(`mount_domtrans',`
+@@ -16,6 +16,17 @@ interface(`mount_domtrans',`
')
domtrans_pattern($1, mount_exec_t, mount_t)
+ mount_domtrans_fusermount($1)
+
++ allow $1 mount_t:fd use;
+ ps_process_pattern(mount_t, $1)
+
+ifdef(`hide_broken_symptoms', `
@@ -57191,7 +57928,7 @@ index 8b5c196..f66d272 100644
')
########################################
-@@ -45,8 +55,73 @@ interface(`mount_run',`
+@@ -45,8 +56,73 @@ interface(`mount_run',`
role $2 types mount_t;
optional_policy(`
@@ -57266,7 +58003,7 @@ index 8b5c196..f66d272 100644
')
########################################
-@@ -84,9 +159,11 @@ interface(`mount_exec',`
+@@ -84,9 +160,11 @@ interface(`mount_exec',`
interface(`mount_signal',`
gen_require(`
type mount_t;
@@ -57278,7 +58015,7 @@ index 8b5c196..f66d272 100644
')
########################################
-@@ -95,7 +172,7 @@ interface(`mount_signal',`
+@@ -95,7 +173,7 @@ interface(`mount_signal',`
## </summary>
## <param name="domain">
## <summary>
@@ -57287,7 +58024,7 @@ index 8b5c196..f66d272 100644
## </summary>
## </param>
#
-@@ -135,6 +212,24 @@ interface(`mount_send_nfs_client_request',`
+@@ -135,6 +213,24 @@ interface(`mount_send_nfs_client_request',`
########################################
## <summary>
@@ -57312,7 +58049,7 @@ index 8b5c196..f66d272 100644
## Execute mount in the unconfined mount domain.
## </summary>
## <param name="domain">
-@@ -176,4 +271,110 @@ interface(`mount_run_unconfined',`
+@@ -176,4 +272,110 @@ interface(`mount_run_unconfined',`
mount_domtrans_unconfined($1)
role $2 types unconfined_mount_t;
@@ -58004,7 +58741,7 @@ index 2cc4bda..167c358 100644
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
-index 170e2c7..0aa893a 100644
+index 170e2c7..e64d6e8 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -85,6 +85,10 @@ interface(`seutil_domtrans_loadpolicy',`
@@ -58130,7 +58867,37 @@ index 170e2c7..0aa893a 100644
manage_files_pattern($1, selinux_config_t, selinux_config_t)
read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
')
-@@ -1005,6 +1086,30 @@ interface(`seutil_domtrans_semanage',`
+@@ -756,6 +837,29 @@ interface(`seutil_read_default_contexts',`
+ read_files_pattern($1, default_context_t, default_context_t)
+ ')
+
++#######################################
++## <summary>
++## Read and write the default_contexts files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`seutil_rw_default_contexts',`
++ gen_require(`
++ type default_context_t;
++ type selinux_config_t;
++ ')
++
++ files_search_etc($1)
++ allow $1 selinux_config_t:dir list_dir_perms;
++ allow $1 default_context_t:dir list_dir_perms;
++ rw_files_pattern($1, default_context_t, default_context_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Create, read, write, and delete the default_contexts files.
+@@ -1005,6 +1109,30 @@ interface(`seutil_domtrans_semanage',`
files_search_usr($1)
corecmd_search_bin($1)
domtrans_pattern($1, semanage_exec_t, semanage_t)
@@ -58161,7 +58928,7 @@ index 170e2c7..0aa893a 100644
')
########################################
-@@ -1038,6 +1143,54 @@ interface(`seutil_run_semanage',`
+@@ -1038,6 +1166,54 @@ interface(`seutil_run_semanage',`
########################################
## <summary>
@@ -58216,7 +58983,7 @@ index 170e2c7..0aa893a 100644
## Full management of the semanage
## module store.
## </summary>
-@@ -1149,3 +1302,194 @@ interface(`seutil_dontaudit_libselinux_linked',`
+@@ -1149,3 +1325,194 @@ interface(`seutil_dontaudit_libselinux_linked',`
selinux_dontaudit_get_fs_mount($1)
seutil_dontaudit_read_config($1)
')
@@ -59177,7 +59944,7 @@ index ff80d0a..95e705c 100644
+ role_transition $1 dhcpc_exec_t system_r;
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index df32316..5dfe875 100644
+index df32316..14df5cf 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.11.1)
@@ -59289,7 +60056,7 @@ index df32316..5dfe875 100644
userdom_dontaudit_search_user_home_dirs(dhcpc_t)
ifdef(`distro_redhat', `
-@@ -155,6 +173,14 @@ optional_policy(`
+@@ -155,6 +173,15 @@ optional_policy(`
')
optional_policy(`
@@ -59297,6 +60064,7 @@ index df32316..5dfe875 100644
+')
+
+optional_policy(`
++ devicekit_dontaudit_rw_log(dhcpc_t)
+ devicekit_dontaudit_read_pid_files(dhcpc_t)
+')
+
@@ -59304,7 +60072,7 @@ index df32316..5dfe875 100644
init_dbus_chat_script(dhcpc_t)
dbus_system_bus_client(dhcpc_t)
-@@ -171,6 +197,8 @@ optional_policy(`
+@@ -171,6 +198,8 @@ optional_policy(`
optional_policy(`
hal_dontaudit_rw_dgram_sockets(dhcpc_t)
@@ -59313,7 +60081,7 @@ index df32316..5dfe875 100644
')
optional_policy(`
-@@ -192,6 +220,17 @@ optional_policy(`
+@@ -192,6 +221,17 @@ optional_policy(`
')
optional_policy(`
@@ -59331,7 +60099,7 @@ index df32316..5dfe875 100644
nis_read_ypbind_pid(dhcpc_t)
')
-@@ -213,6 +252,10 @@ optional_policy(`
+@@ -213,6 +253,10 @@ optional_policy(`
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
@@ -59342,7 +60110,7 @@ index df32316..5dfe875 100644
')
optional_policy(`
-@@ -276,8 +319,11 @@ dev_read_urand(ifconfig_t)
+@@ -276,8 +320,11 @@ dev_read_urand(ifconfig_t)
domain_use_interactive_fds(ifconfig_t)
@@ -59354,7 +60122,7 @@ index df32316..5dfe875 100644
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
-@@ -301,11 +347,12 @@ logging_send_syslog_msg(ifconfig_t)
+@@ -301,11 +348,12 @@ logging_send_syslog_msg(ifconfig_t)
miscfiles_read_localization(ifconfig_t)
@@ -59369,7 +60137,7 @@ index df32316..5dfe875 100644
userdom_use_all_users_fds(ifconfig_t)
ifdef(`distro_ubuntu',`
-@@ -314,7 +361,14 @@ ifdef(`distro_ubuntu',`
+@@ -314,7 +362,14 @@ ifdef(`distro_ubuntu',`
')
')
@@ -59384,7 +60152,7 @@ index df32316..5dfe875 100644
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
')
-@@ -325,12 +379,31 @@ ifdef(`hide_broken_symptoms',`
+@@ -325,12 +380,31 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
@@ -59416,7 +60184,7 @@ index df32316..5dfe875 100644
')
optional_policy(`
-@@ -355,3 +428,9 @@ optional_policy(`
+@@ -355,3 +429,9 @@ optional_policy(`
xen_append_log(ifconfig_t)
xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
@@ -59448,10 +60216,10 @@ index 0000000..c7476cb
+
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
new file mode 100644
-index 0000000..71398e5
+index 0000000..c59c37c
--- /dev/null
+++ b/policy/modules/system/systemd.if
-@@ -0,0 +1,246 @@
+@@ -0,0 +1,248 @@
+## <summary>SELinux policy for systemd components</summary>
+
+#######################################
@@ -59483,6 +60251,8 @@ index 0000000..71398e5
+ role system_r types $1_systemctl_t;
+
+ domtrans_pattern($1_t, systemd_systemctl_exec_t , $1_systemctl_t)
++
++ init_use_fds($1_t)
+')
+
+########################################
@@ -59912,7 +60682,7 @@ index 0291685..7e94f4b 100644
+/var/run/libgpod(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
+/var/run/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
-index 025348a..4e2ca03 100644
+index 025348a..c15e57c 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -34,6 +34,7 @@ interface(`udev_domtrans',`
@@ -60024,7 +60794,7 @@ index 025348a..4e2ca03 100644
')
########################################
-@@ -228,6 +264,65 @@ interface(`udev_manage_pid_files',`
+@@ -228,6 +264,84 @@ interface(`udev_manage_pid_files',`
type udev_var_run_t;
')
@@ -60059,6 +60829,25 @@ index 025348a..4e2ca03 100644
+ role $2 types udev_t;
+')
+
++#######################################
++## <summary>
++## Allow caller to create kobject uevent socket for udev
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`udev_create_kobject_uevent_socket',`
++ gen_require(`
++ type udev_t;
++ role system_r;
++ ')
++
++ allow $1 udev_t:netlink_kobject_uevent_socket create_socket_perms;
++')
++
+########################################
+## <summary>
+## Create a domain for processes
@@ -61053,7 +61842,7 @@ index db75976..392d1ee 100644
+HOME_DIR/\.gvfs(/.*)? <<none>>
+HOME_DIR/\.debug(/.*)? <<none>>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 28b88de..73fd082 100644
+index 28b88de..66557b6 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,8 +30,9 @@ template(`userdom_base_user_template',`
@@ -62334,7 +63123,14 @@ index 28b88de..73fd082 100644
auth_relabel_all_files_except_shadow($1)
auth_relabel_shadow($1)
-@@ -1237,6 +1514,7 @@ template(`userdom_security_admin_template',`
+@@ -1234,9 +1511,14 @@ template(`userdom_security_admin_template',`
+ logging_read_audit_config($1)
+
+ seutil_manage_bin_policy($1)
++ seutil_manage_default_contexts($1)
++ seutil_manage_file_contexts($1)
++ seutil_manage_module_store($1)
++ seutil_manage_config($1)
seutil_run_checkpolicy($1,$2)
seutil_run_loadpolicy($1,$2)
seutil_run_semanage($1,$2)
@@ -62342,7 +63138,7 @@ index 28b88de..73fd082 100644
seutil_run_setfiles($1, $2)
optional_policy(`
-@@ -1279,11 +1557,37 @@ template(`userdom_security_admin_template',`
+@@ -1279,11 +1561,37 @@ template(`userdom_security_admin_template',`
interface(`userdom_user_home_content',`
gen_require(`
type user_home_t;
@@ -62380,7 +63176,7 @@ index 28b88de..73fd082 100644
ubac_constrained($1)
')
-@@ -1395,6 +1699,7 @@ interface(`userdom_search_user_home_dirs',`
+@@ -1395,6 +1703,7 @@ interface(`userdom_search_user_home_dirs',`
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -62388,7 +63184,7 @@ index 28b88de..73fd082 100644
files_search_home($1)
')
-@@ -1441,6 +1746,14 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1441,6 +1750,14 @@ interface(`userdom_list_user_home_dirs',`
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
@@ -62403,7 +63199,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1456,9 +1769,11 @@ interface(`userdom_list_user_home_dirs',`
+@@ -1456,9 +1773,11 @@ interface(`userdom_list_user_home_dirs',`
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -62415,7 +63211,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1515,10 +1830,10 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1515,10 +1834,10 @@ interface(`userdom_relabelto_user_home_dirs',`
allow $1 user_home_dir_t:dir relabelto;
')
@@ -62428,7 +63224,7 @@ index 28b88de..73fd082 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -1526,19 +1841,55 @@ interface(`userdom_relabelto_user_home_dirs',`
+@@ -1526,19 +1845,55 @@ interface(`userdom_relabelto_user_home_dirs',`
## </summary>
## </param>
#
@@ -62491,7 +63287,7 @@ index 28b88de..73fd082 100644
## </summary>
## <desc>
## <p>
-@@ -1589,6 +1940,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1589,6 +1944,8 @@ interface(`userdom_dontaudit_search_user_home_content',`
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -62500,7 +63296,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1603,10 +1956,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
+@@ -1603,10 +1960,12 @@ interface(`userdom_dontaudit_search_user_home_content',`
#
interface(`userdom_list_user_home_content',`
gen_require(`
@@ -62515,7 +63311,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1649,6 +2004,25 @@ interface(`userdom_delete_user_home_content_dirs',`
+@@ -1649,6 +2008,25 @@ interface(`userdom_delete_user_home_content_dirs',`
########################################
## <summary>
@@ -62541,7 +63337,7 @@ index 28b88de..73fd082 100644
## Do not audit attempts to set the
## attributes of user home files.
## </summary>
-@@ -1700,12 +2074,32 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1700,12 +2078,32 @@ interface(`userdom_read_user_home_content_files',`
type user_home_dir_t, user_home_t;
')
@@ -62574,7 +63370,7 @@ index 28b88de..73fd082 100644
## Do not audit attempts to read user home files.
## </summary>
## <param name="domain">
-@@ -1716,11 +2110,14 @@ interface(`userdom_read_user_home_content_files',`
+@@ -1716,11 +2114,14 @@ interface(`userdom_read_user_home_content_files',`
#
interface(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -62592,7 +63388,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1779,6 +2176,24 @@ interface(`userdom_delete_user_home_content_files',`
+@@ -1779,6 +2180,24 @@ interface(`userdom_delete_user_home_content_files',`
########################################
## <summary>
@@ -62617,7 +63413,7 @@ index 28b88de..73fd082 100644
## Do not audit attempts to write user home files.
## </summary>
## <param name="domain">
-@@ -1810,8 +2225,7 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1810,8 +2229,7 @@ interface(`userdom_read_user_home_content_symlinks',`
type user_home_dir_t, user_home_t;
')
@@ -62627,7 +63423,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -1827,20 +2241,14 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -1827,20 +2245,14 @@ interface(`userdom_read_user_home_content_symlinks',`
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -62652,7 +63448,7 @@ index 28b88de..73fd082 100644
########################################
## <summary>
-@@ -2008,7 +2416,7 @@ interface(`userdom_user_home_dir_filetrans',`
+@@ -2008,7 +2420,7 @@ interface(`userdom_user_home_dir_filetrans',`
type user_home_dir_t;
')
@@ -62661,7 +63457,7 @@ index 28b88de..73fd082 100644
files_search_home($1)
')
-@@ -2182,7 +2590,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
+@@ -2182,7 +2594,7 @@ interface(`userdom_dontaudit_read_user_tmp_files',`
type user_tmp_t;
')
@@ -62670,7 +63466,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -2435,13 +2843,14 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -2435,13 +2847,14 @@ interface(`userdom_read_user_tmpfs_files',`
')
read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -62686,7 +63482,7 @@ index 28b88de..73fd082 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -2462,26 +2871,6 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -2462,26 +2875,6 @@ interface(`userdom_rw_user_tmpfs_files',`
########################################
## <summary>
@@ -62713,7 +63509,7 @@ index 28b88de..73fd082 100644
## Get the attributes of a user domain tty.
## </summary>
## <param name="domain">
-@@ -2572,6 +2961,24 @@ interface(`userdom_use_user_ttys',`
+@@ -2572,6 +2965,24 @@ interface(`userdom_use_user_ttys',`
########################################
## <summary>
@@ -62738,7 +63534,7 @@ index 28b88de..73fd082 100644
## Read and write a user domain pty.
## </summary>
## <param name="domain">
-@@ -2590,22 +2997,34 @@ interface(`userdom_use_user_ptys',`
+@@ -2590,22 +3001,34 @@ interface(`userdom_use_user_ptys',`
########################################
## <summary>
@@ -62781,7 +63577,7 @@ index 28b88de..73fd082 100644
## </desc>
## <param name="domain">
## <summary>
-@@ -2614,14 +3033,33 @@ interface(`userdom_use_user_ptys',`
+@@ -2614,14 +3037,33 @@ interface(`userdom_use_user_ptys',`
## </param>
## <infoflow type="both" weight="10"/>
#
@@ -62819,7 +63615,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -2815,7 +3253,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2815,7 +3257,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -62828,7 +63624,7 @@ index 28b88de..73fd082 100644
allow unpriv_userdomain $1:process sigchld;
')
-@@ -2831,11 +3269,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
+@@ -2831,11 +3273,13 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -62844,7 +63640,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -2917,7 +3357,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
+@@ -2917,7 +3361,7 @@ interface(`userdom_dontaudit_use_user_ptys',`
type user_devpts_t;
')
@@ -62853,7 +63649,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -2972,7 +3412,45 @@ interface(`userdom_write_user_tmp_files',`
+@@ -2972,7 +3416,45 @@ interface(`userdom_write_user_tmp_files',`
type user_tmp_t;
')
@@ -62900,7 +63696,7 @@ index 28b88de..73fd082 100644
')
########################################
-@@ -3009,6 +3487,7 @@ interface(`userdom_read_all_users_state',`
+@@ -3009,6 +3491,7 @@ interface(`userdom_read_all_users_state',`
')
read_files_pattern($1, userdomain, userdomain)
@@ -62908,7 +63704,7 @@ index 28b88de..73fd082 100644
kernel_search_proc($1)
')
-@@ -3087,6 +3566,24 @@ interface(`userdom_signal_all_users',`
+@@ -3087,6 +3570,24 @@ interface(`userdom_signal_all_users',`
########################################
## <summary>
@@ -62933,7 +63729,7 @@ index 28b88de..73fd082 100644
## Send a SIGCHLD signal to all user domains.
## </summary>
## <param name="domain">
-@@ -3139,3 +3636,1058 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3139,3 +3640,1058 @@ interface(`userdom_dbus_send_all_users',`
allow $1 userdomain:dbus send_msg;
')
@@ -64193,7 +64989,7 @@ index 77d41b6..4aa96c6 100644
files_search_pids($1)
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
-index 4350ba0..c8b1d3b 100644
+index 4350ba0..e50a784 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -4,6 +4,7 @@ policy_module(xen, 1.10.1)
@@ -64224,6 +65020,15 @@ index 4350ba0..c8b1d3b 100644
########################################
#
# blktap local policy
+@@ -208,7 +205,7 @@ tunable_policy(`xend_run_qemu',`
+ # xend local policy
+ #
+
+-allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice sys_tty_config net_raw };
++allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_tty_config net_raw };
+ dontaudit xend_t self:capability { sys_ptrace };
+ allow xend_t self:process { signal sigkill };
+ dontaudit xend_t self:process ptrace;
@@ -320,12 +317,9 @@ locallogin_dontaudit_use_fds(xend_t)
logging_send_syslog_msg(xend_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 842c69e..5843030 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.16
-Release: 22%{?dist}
+Release: 23%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -472,6 +472,10 @@ exit 0
%endif
%changelog
+* Tue May 24 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-23
+- Lot of fixes
+ * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log
+
* Thu May 17 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-22
- Allow logrotate to execute systemctl
- Allow nsplugin_t to getattr on gpmctl
More information about the scm-commits
mailing list