[selinux-policy/f18] * Thu Sep 13 2012 Miroslav Grepl <mgreplh at redhat.com> 3.11.1-19 - Man page fixes by Dan Walsh
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Sep 13 21:24:25 UTC 2012
commit 4df889e6455837b729292b87b45e94da1b11a4ec
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Thu Sep 13 23:24:06 2012 +0200
* Thu Sep 13 2012 Miroslav Grepl <mgreplh at redhat.com> 3.11.1-19
- Man page fixes by Dan Walsh
policy-rawhide.patch |90432 +++++++++++++++++++++++++++++-------------
policy_contrib-rawhide.patch | 67 +-
selinux-policy.spec | 5 +-
3 files changed, 63743 insertions(+), 26761 deletions(-)
---
diff --git a/policy-rawhide.patch b/policy-rawhide.patch
index 106cc20..249a06b 100644
--- a/policy-rawhide.patch
+++ b/policy-rawhide.patch
@@ -60,10 +60,10 @@ index 313d837..ef3c532 100644
########################################
diff --git a/man/man8/NetworkManager_selinux.8 b/man/man8/NetworkManager_selinux.8
new file mode 100644
-index 0000000..51564ee
+index 0000000..e51741e
--- /dev/null
+++ b/man/man8/NetworkManager_selinux.8
-@@ -0,0 +1,175 @@
+@@ -0,0 +1,303 @@
+.TH "NetworkManager_selinux" "8" "NetworkManager" "dwalsh at redhat.com" "NetworkManager SELinux Policy documentation"
+.SH "NAME"
+NetworkManager_selinux \- Security Enhanced Linux Policy for the NetworkManager processes
@@ -78,14 +78,14 @@ index 0000000..51564ee
+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the NetworkManager_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
+If you want to allow confined applications to run with kerberos for the NetworkManager_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -220,6 +220,134 @@ index 0000000..51564ee
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type NetworkManager_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B NetworkManager_etc_rw_t
++
++ /etc/NetworkManager/system-connections(/.*)?
++.br
++ /etc/NetworkManager/NetworkManager\.conf
++.br
++
++.br
++.B NetworkManager_log_t
++
++ /var/log/wicd.*
++.br
++ /var/log/wpa_supplicant.*
++.br
++
++.br
++.B NetworkManager_tmp_t
++
++
++.br
++.B NetworkManager_var_lib_t
++
++ /var/lib/wicd(/.*)?
++.br
++ /var/lib/NetworkManager(/.*)?
++.br
++ /etc/dhcp/wired-settings.conf
++.br
++ /etc/wicd/wired-settings.conf
++.br
++ /etc/dhcp/manager-settings.conf
++.br
++ /etc/wicd/manager-settings.conf
++.br
++ /etc/dhcp/wireless-settings.conf
++.br
++ /etc/wicd/wireless-settings.conf
++.br
++
++.br
++.B NetworkManager_var_run_t
++
++ /var/run/nm-dhclient.*
++.br
++ /var/run/NetworkManager(/.*)?
++.br
++ /var/run/wpa_supplicant(/.*)?
++.br
++ /var/run/NetworkManager\.pid
++.br
++ /var/run/nm-dns-dnsmasq\.conf
++.br
++ /var/run/wpa_supplicant-global
++.br
++
++.br
++.B named_cache_t
++
++ /var/named/data(/.*)?
++.br
++ /var/named/slaves(/.*)?
++.br
++ /var/named/dynamic(/.*)?
++.br
++ /var/named/chroot/var/tmp(/.*)?
++.br
++ /var/named/chroot/var/named/data(/.*)?
++.br
++ /var/named/chroot/var/named/slaves(/.*)?
++.br
++ /var/named/chroot/var/named/dynamic(/.*)?
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B pppd_var_run_t
++
++ /var/run/(i)?ppp.*pid[^/]*
++.br
++ /var/run/ppp(/.*)?
++.br
++ /var/run/pppd[0-9]*\.tdb
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -235,86 +363,35 @@ index 0000000..51564ee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
+selinux(8), NetworkManager(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/abrt_selinux.8 b/man/man8/abrt_selinux.8
+diff --git a/man/man8/abrt_dump_oops_selinux.8 b/man/man8/abrt_dump_oops_selinux.8
new file mode 100644
-index 0000000..867cd65
+index 0000000..d2f55bd
--- /dev/null
-+++ b/man/man8/abrt_selinux.8
-@@ -0,0 +1,272 @@
-+.TH "abrt_selinux" "8" "abrt" "dwalsh at redhat.com" "abrt SELinux Policy documentation"
++++ b/man/man8/abrt_dump_oops_selinux.8
+@@ -0,0 +1,88 @@
++.TH "abrt_dump_oops_selinux" "8" "abrt_dump_oops" "dwalsh at redhat.com" "abrt_dump_oops SELinux Policy documentation"
+.SH "NAME"
-+abrt_selinux \- Security Enhanced Linux Policy for the abrt processes
++abrt_dump_oops_selinux \- Security Enhanced Linux Policy for the abrt_dump_oops processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the abrt processes via flexible mandatory access
++Security-Enhanced Linux secures the abrt_dump_oops processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. abrt policy is extremely flexible and has several booleans that allow you to manipulate the policy and run abrt with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts, you must turn on the abrt_handle_event boolean.
-+
-+.EX
-+.B setsebool -P abrt_handle_event 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the abrt_helper_t, abrt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the abrt_helper_t, abrt_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow abrt servers to read the /var/abrt directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/abrt(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/abrt
-+.pp
-+.TP
-+Allow abrt servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_abrtd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/abrt/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/abrt/incoming
-+
-+
-+.PP
-+If you want to allow ABRT to modify public files used for public file transfer services., you must turn on the abrt_anon_write boolean.
-+
-+.EX
-+.B setsebool -P abrt_anon_write 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux abrt policy is very flexible allowing users to setup their abrt processes in as secure a method as possible.
++SELinux abrt_dump_oops policy is very flexible allowing users to setup their abrt_dump_oops processes in as secure a method as possible.
+.PP
-+The following file types are defined for abrt:
++The following file types are defined for abrt_dump_oops:
+
+
+.EX
@@ -325,148 +402,110 @@ index 0000000..867cd65
+- Set files with the abrt_dump_oops_exec_t type, if you want to transition an executable to the abrt_dump_oops_t domain.
+
+
-+.EX
+.PP
-+.B abrt_etc_t
-+.EE
-+
-+- Set files with the abrt_etc_t type, if you want to store abrt files in the /etc directories.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B abrt_exec_t
-+.EE
-+
-+- Set files with the abrt_exec_t type, if you want to transition an executable to the abrt_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/abrtd, /usr/sbin/abrt-dbus
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B abrt_handle_event_exec_t
-+.EE
-+
-+- Set files with the abrt_handle_event_exec_t type, if you want to transition an executable to the abrt_handle_event_t domain.
-+
++Policy governs the access confined processes have to files.
++SELinux abrt_dump_oops policy is very flexible allowing users to setup their abrt_dump_oops processes in as secure a method as possible.
++.PP
++The following process types are defined for abrt_dump_oops:
+
+.EX
-+.PP
-+.B abrt_helper_exec_t
++.B abrt_dump_oops_t
+.EE
-+
-+- Set files with the abrt_helper_exec_t type, if you want to transition an executable to the abrt_helper_t domain.
-+
-+
-+.EX
+.PP
-+.B abrt_initrc_exec_t
-+.EE
-+
-+- Set files with the abrt_initrc_exec_t type, if you want to transition an executable to the abrt_initrc_t domain.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B abrt_retrace_cache_t
-+.EE
++The SELinux user type abrt_dump_oops_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the abrt_retrace_cache_t type, if you want to store the files under the /var/cache directory.
++.br
++.B abrt_var_cache_t
+
++ /var/cache/abrt(/.*)?
++.br
++ /var/spool/abrt(/.*)?
++.br
++ /var/cache/abrt-di(/.*)?
+.br
-+.TP 5
-+Paths:
-+/var/cache/retrace-server(/.*)?, /var/cache/abrt-retrace(/.*)?
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B abrt_retrace_coredump_exec_t
-+.EE
-+
-+- Set files with the abrt_retrace_coredump_exec_t type, if you want to transition an executable to the abrt_retrace_coredump_t domain.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B abrt_retrace_spool_t
-+.EE
-+
-+- Set files with the abrt_retrace_spool_t type, if you want to store the abrt retrace files under the /var/spool directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/retrace-server(/.*)?, /var/spool/abrt-retrace(/.*)?
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B abrt_retrace_worker_exec_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
++.SH "SEE ALSO"
++selinux(8), abrt_dump_oops(8), semanage(8), restorecon(8), chcon(1)
++, abrt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/abrt_handle_event_selinux.8 b/man/man8/abrt_handle_event_selinux.8
+new file mode 100644
+index 0000000..c2e2d63
+--- /dev/null
++++ b/man/man8/abrt_handle_event_selinux.8
+@@ -0,0 +1,92 @@
++.TH "abrt_handle_event_selinux" "8" "abrt_handle_event" "dwalsh at redhat.com" "abrt_handle_event SELinux Policy documentation"
++.SH "NAME"
++abrt_handle_event_selinux \- Security Enhanced Linux Policy for the abrt_handle_event processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B abrt_tmp_t
-+.EE
++Security-Enhanced Linux secures the abrt_handle_event processes via flexible mandatory access
++control.
+
-+- Set files with the abrt_tmp_t type, if you want to store abrt temporary files in the /tmp directories.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. abrt_handle_event policy is extremely flexible and has several booleans that allow you to manipulate the policy and run abrt_handle_event with the tightest access possible.
+
+
-+.EX
+.PP
-+.B abrt_unit_file_t
-+.EE
-+
-+- Set files with the abrt_unit_file_t type, if you want to treat the files as abrt unit content.
-+
++If you want to allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts, you must turn on the abrt_handle_event boolean.
+
+.EX
-+.PP
-+.B abrt_var_cache_t
++.B setsebool -P abrt_handle_event 1
+.EE
+
-+- Set files with the abrt_var_cache_t type, if you want to store the files under the /var/cache directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/abrt(/.*)?, /var/spool/abrt(/.*)?, /var/cache/abrt-di(/.*)?
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B abrt_var_log_t
-+.EE
-+
-+- Set files with the abrt_var_log_t type, if you want to treat the data as abrt var log data, usually stored under the /var/log directory.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B abrt_var_run_t
-+.EE
-+
-+- Set files with the abrt_var_run_t type, if you want to store the abrt files under the /run directory.
++Policy governs the access confined processes have to these files.
++SELinux abrt_handle_event policy is very flexible allowing users to setup their abrt_handle_event processes in as secure a method as possible.
++.PP
++The following file types are defined for abrt_handle_event:
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/abrtd?\.socket, /var/run/abrtd?\.lock, /var/run/abrt(/.*)?, /var/run/abrt\.pid
+
+.EX
+.PP
-+.B abrt_watch_log_exec_t
++.B abrt_handle_event_exec_t
+.EE
+
-+- Set files with the abrt_watch_log_exec_t type, if you want to transition an executable to the abrt_watch_log_t domain.
++- Set files with the abrt_handle_event_exec_t type, if you want to transition an executable to the abrt_handle_event_t domain.
+
+
+.PP
@@ -482,18 +521,22 @@ index 0000000..867cd65
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux abrt policy is very flexible allowing users to setup their abrt processes in as secure a method as possible.
++SELinux abrt_handle_event policy is very flexible allowing users to setup their abrt_handle_event processes in as secure a method as possible.
+.PP
-+The following process types are defined for abrt:
++The following process types are defined for abrt_handle_event:
+
+.EX
-+.B abrt_handle_event_t, abrt_helper_t, abrt_retrace_coredump_t, abrt_t, abrt_retrace_worker_t, abrt_dump_oops_t, abrt_watch_log_t
++.B abrt_handle_event_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_handle_event_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -512,40 +555,40 @@ index 0000000..867cd65
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), abrt(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), abrt_handle_event(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), abrt_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/accountsd_selinux.8 b/man/man8/accountsd_selinux.8
+diff --git a/man/man8/abrt_helper_selinux.8 b/man/man8/abrt_helper_selinux.8
new file mode 100644
-index 0000000..55527ac
+index 0000000..56365e4
--- /dev/null
-+++ b/man/man8/accountsd_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "accountsd_selinux" "8" "accountsd" "dwalsh at redhat.com" "accountsd SELinux Policy documentation"
++++ b/man/man8/abrt_helper_selinux.8
+@@ -0,0 +1,102 @@
++.TH "abrt_helper_selinux" "8" "abrt_helper" "dwalsh at redhat.com" "abrt_helper SELinux Policy documentation"
+.SH "NAME"
-+accountsd_selinux \- Security Enhanced Linux Policy for the accountsd processes
++abrt_helper_selinux \- Security Enhanced Linux Policy for the abrt_helper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the accountsd processes via flexible mandatory access
++Security-Enhanced Linux secures the abrt_helper processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the accountsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the abrt_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the accountsd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the abrt_helper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -554,33 +597,17 @@ index 0000000..55527ac
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux accountsd policy is very flexible allowing users to setup their accountsd processes in as secure a method as possible.
++SELinux abrt_helper policy is very flexible allowing users to setup their abrt_helper processes in as secure a method as possible.
+.PP
-+The following file types are defined for accountsd:
-+
-+
-+.EX
-+.PP
-+.B accountsd_exec_t
-+.EE
-+
-+- Set files with the accountsd_exec_t type, if you want to transition an executable to the accountsd_t domain.
-+
-+
-+.EX
-+.PP
-+.B accountsd_unit_file_t
-+.EE
-+
-+- Set files with the accountsd_unit_file_t type, if you want to treat the files as accountsd unit content.
++The following file types are defined for abrt_helper:
+
+
+.EX
+.PP
-+.B accountsd_var_lib_t
++.B abrt_helper_exec_t
+.EE
+
-+- Set files with the accountsd_var_lib_t type, if you want to store the accountsd files under the /var/lib directory.
++- Set files with the abrt_helper_exec_t type, if you want to transition an executable to the abrt_helper_t domain.
+
+
+.PP
@@ -596,18 +623,32 @@ index 0000000..55527ac
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux accountsd policy is very flexible allowing users to setup their accountsd processes in as secure a method as possible.
++SELinux abrt_helper policy is very flexible allowing users to setup their abrt_helper processes in as secure a method as possible.
+.PP
-+The following process types are defined for accountsd:
++The following process types are defined for abrt_helper:
+
+.EX
-+.B accountsd_t
++.B abrt_helper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B abrt_var_cache_t
++
++ /var/cache/abrt(/.*)?
++.br
++ /var/spool/abrt(/.*)?
++.br
++ /var/cache/abrt-di(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -623,74 +664,46 @@ index 0000000..55527ac
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/acct_selinux.8 b/man/man8/acct_selinux.8
++selinux(8), abrt_helper(8), semanage(8), restorecon(8), chcon(1)
++, abrt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/abrt_retrace_coredump_selinux.8 b/man/man8/abrt_retrace_coredump_selinux.8
new file mode 100644
-index 0000000..c9969dc
+index 0000000..1d9fb22
--- /dev/null
-+++ b/man/man8/acct_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "acct_selinux" "8" "acct" "dwalsh at redhat.com" "acct SELinux Policy documentation"
++++ b/man/man8/abrt_retrace_coredump_selinux.8
+@@ -0,0 +1,102 @@
++.TH "abrt_retrace_coredump_selinux" "8" "abrt_retrace_coredump" "dwalsh at redhat.com" "abrt_retrace_coredump SELinux Policy documentation"
+.SH "NAME"
-+acct_selinux \- Security Enhanced Linux Policy for the acct processes
++abrt_retrace_coredump_selinux \- Security Enhanced Linux Policy for the abrt_retrace_coredump processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the acct processes via flexible mandatory access
++Security-Enhanced Linux secures the abrt_retrace_coredump processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the acct_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the acct_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux acct policy is very flexible allowing users to setup their acct processes in as secure a method as possible.
++SELinux abrt_retrace_coredump policy is very flexible allowing users to setup their abrt_retrace_coredump processes in as secure a method as possible.
+.PP
-+The following file types are defined for acct:
-+
++The following file types are defined for abrt_retrace_coredump:
+
-+.EX
-+.PP
-+.B acct_data_t
-+.EE
-+
-+- Set files with the acct_data_t type, if you want to treat the files as acct content.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/account(/.*)?, /var/account(/.*)?
+
+.EX
+.PP
-+.B acct_exec_t
++.B abrt_retrace_coredump_exec_t
+.EE
+
-+- Set files with the acct_exec_t type, if you want to transition an executable to the acct_t domain.
++- Set files with the abrt_retrace_coredump_exec_t type, if you want to transition an executable to the abrt_retrace_coredump_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -705,18 +718,46 @@ index 0000000..c9969dc
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux acct policy is very flexible allowing users to setup their acct processes in as secure a method as possible.
++SELinux abrt_retrace_coredump policy is very flexible allowing users to setup their abrt_retrace_coredump processes in as secure a method as possible.
+.PP
-+The following process types are defined for acct:
++The following process types are defined for abrt_retrace_coredump:
+
+.EX
-+.B acct_t
++.B abrt_retrace_coredump_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_retrace_coredump_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rpm_log_t
++
++ /var/log/yum\.log.*
++.br
++
++.br
++.B rpm_var_cache_t
++
++ /var/cache/yum(/.*)?
++.br
++ /var/spool/up2date(/.*)?
++.br
++ /var/cache/PackageKit(/.*)?
++.br
++
++.br
++.B rpm_var_run_t
++
++ /var/run/yum.*
++.br
++ /var/run/PackageKit(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -732,22 +773,24 @@ index 0000000..c9969dc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), acct(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/afs_selinux.8 b/man/man8/afs_selinux.8
++selinux(8), abrt_retrace_coredump(8), semanage(8), restorecon(8), chcon(1)
++, abrt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/abrt_retrace_worker_selinux.8 b/man/man8/abrt_retrace_worker_selinux.8
new file mode 100644
-index 0000000..8532575
+index 0000000..17c61c7
--- /dev/null
-+++ b/man/man8/afs_selinux.8
-@@ -0,0 +1,292 @@
-+.TH "afs_selinux" "8" "afs" "dwalsh at redhat.com" "afs SELinux Policy documentation"
++++ b/man/man8/abrt_retrace_worker_selinux.8
+@@ -0,0 +1,90 @@
++.TH "abrt_retrace_worker_selinux" "8" "abrt_retrace_worker" "dwalsh at redhat.com" "abrt_retrace_worker SELinux Policy documentation"
+.SH "NAME"
-+afs_selinux \- Security Enhanced Linux Policy for the afs processes
++abrt_retrace_worker_selinux \- Security Enhanced Linux Policy for the abrt_retrace_worker processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the afs processes via flexible mandatory access
++Security-Enhanced Linux secures the abrt_retrace_worker processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -758,260 +801,408 @@ index 0000000..8532575
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
++SELinux abrt_retrace_worker policy is very flexible allowing users to setup their abrt_retrace_worker processes in as secure a method as possible.
+.PP
-+The following file types are defined for afs:
++The following file types are defined for abrt_retrace_worker:
+
+
+.EX
+.PP
-+.B afs_bosserver_exec_t
-+.EE
-+
-+- Set files with the afs_bosserver_exec_t type, if you want to transition an executable to the afs_bosserver_t domain.
-+
-+
-+.EX
-+.PP
-+.B afs_cache_t
++.B abrt_retrace_worker_exec_t
+.EE
+
-+- Set files with the afs_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/cache/afs(/.*)?, /usr/vice/cache(/.*)?
++/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
+
-+.EX
+.PP
-+.B afs_config_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux abrt_retrace_worker policy is very flexible allowing users to setup their abrt_retrace_worker processes in as secure a method as possible.
++.PP
++The following process types are defined for abrt_retrace_worker:
++
++.EX
++.B abrt_retrace_worker_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the afs_config_t type, if you want to treat the files as afs configuration data, usually stored under the /etc directory.
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_retrace_worker_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/afs/local(/.*)?, /usr/afs/etc(/.*)?
++.B abrt_retrace_spool_t
+
-+.EX
++ /var/spool/abrt-retrace(/.*)?
++.br
++ /var/spool/retrace-server(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B afs_dbdir_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the afs_dbdir_t type, if you want to treat the files as afs dbdir data.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B afs_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), abrt_retrace_worker(8), semanage(8), restorecon(8), chcon(1)
++, abrt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/abrt_selinux.8 b/man/man8/abrt_selinux.8
+new file mode 100644
+index 0000000..33e1057
+--- /dev/null
++++ b/man/man8/abrt_selinux.8
+@@ -0,0 +1,344 @@
++.TH "abrt_selinux" "8" "abrt" "dwalsh at redhat.com" "abrt SELinux Policy documentation"
++.SH "NAME"
++abrt_selinux \- Security Enhanced Linux Policy for the abrt processes
++.SH "DESCRIPTION"
+
-+- Set files with the afs_exec_t type, if you want to transition an executable to the afs_t domain.
++Security-Enhanced Linux secures the abrt processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. abrt policy is extremely flexible and has several booleans that allow you to manipulate the policy and run abrt with the tightest access possible.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/vice/etc/afsd, /usr/sbin/afsd
+
-+.EX
+.PP
-+.B afs_files_t
++If you want to allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts, you must turn on the abrt_handle_event boolean.
++
++.EX
++.B setsebool -P abrt_handle_event 1
+.EE
+
-+- Set files with the afs_files_t type, if you want to treat the files as afs content.
++.SH NSSWITCH DOMAIN
+
-+.br
-+.TP 5
-+Paths:
-+/vicepc, /vicepb, /vicepa
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the abrt_helper_t, abrt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B afs_fsserver_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
++.PP
++If you want to allow confined applications to run with kerberos for the abrt_helper_t, abrt_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B afs_initrc_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the afs_initrc_exec_t type, if you want to transition an executable to the afs_initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow abrt servers to read the /var/abrt directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/abrt(/.*)?"
++.br
++.B restorecon -F -R -v /var/abrt
++.pp
++.TP
++Allow abrt servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_abrtd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/abrt/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/abrt/incoming
++
+
-+.EX
+.PP
-+.B afs_ka_db_t
++If you want to allow ABRT to modify public files used for public file transfer services., you must turn on the abrt_anon_write boolean.
++
++.EX
++.B setsebool -P abrt_anon_write 1
+.EE
+
-+- Set files with the afs_ka_db_t type, if you want to treat the files as afs ka database content.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux abrt policy is very flexible allowing users to setup their abrt processes in as secure a method as possible.
++.PP
++The following file types are defined for abrt:
+
+
+.EX
+.PP
-+.B afs_kaserver_exec_t
++.B abrt_dump_oops_exec_t
+.EE
+
-+- Set files with the afs_kaserver_exec_t type, if you want to transition an executable to the afs_kaserver_t domain.
++- Set files with the abrt_dump_oops_exec_t type, if you want to transition an executable to the abrt_dump_oops_t domain.
+
+
+.EX
+.PP
-+.B afs_logfile_t
++.B abrt_etc_t
+.EE
+
-+- Set files with the afs_logfile_t type, if you want to treat the files as afs logfile data.
++- Set files with the abrt_etc_t type, if you want to store abrt files in the /etc directories.
+
+
+.EX
+.PP
-+.B afs_pt_db_t
++.B abrt_exec_t
+.EE
+
-+- Set files with the afs_pt_db_t type, if you want to treat the files as afs pt database content.
++- Set files with the abrt_exec_t type, if you want to transition an executable to the abrt_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/abrtd, /usr/sbin/abrt-dbus
+
+.EX
+.PP
-+.B afs_ptserver_exec_t
++.B abrt_handle_event_exec_t
+.EE
+
-+- Set files with the afs_ptserver_exec_t type, if you want to transition an executable to the afs_ptserver_t domain.
++- Set files with the abrt_handle_event_exec_t type, if you want to transition an executable to the abrt_handle_event_t domain.
+
+
+.EX
+.PP
-+.B afs_vl_db_t
++.B abrt_helper_exec_t
+.EE
+
-+- Set files with the afs_vl_db_t type, if you want to treat the files as afs vl database content.
++- Set files with the abrt_helper_exec_t type, if you want to transition an executable to the abrt_helper_t domain.
+
+
+.EX
+.PP
-+.B afs_vlserver_exec_t
++.B abrt_initrc_exec_t
+.EE
+
-+- Set files with the afs_vlserver_exec_t type, if you want to transition an executable to the afs_vlserver_t domain.
++- Set files with the abrt_initrc_exec_t type, if you want to transition an executable to the abrt_initrc_t domain.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B abrt_retrace_cache_t
++.EE
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++- Set files with the abrt_retrace_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.B semanage port -l
++.br
++.TP 5
++Paths:
++/var/cache/retrace-server(/.*)?, /var/cache/abrt-retrace(/.*)?
+
++.EX
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
-+.PP
-+The following port types are defined for afs:
++.B abrt_retrace_coredump_exec_t
++.EE
++
++- Set files with the abrt_retrace_coredump_exec_t type, if you want to transition an executable to the abrt_retrace_coredump_t domain.
++
+
+.EX
-+.TP 5
-+.B afs_bos_port_t
-+.TP 10
++.PP
++.B abrt_retrace_spool_t
+.EE
+
++- Set files with the abrt_retrace_spool_t type, if you want to store the abrt retrace files under the /var/spool directory.
+
-+Default Defined Ports:
-+udp 7007
-+.EE
++.br
++.TP 5
++Paths:
++/var/spool/retrace-server(/.*)?, /var/spool/abrt-retrace(/.*)?
+
+.EX
-+.TP 5
-+.B afs_client_port_t
-+.TP 10
++.PP
++.B abrt_retrace_worker_exec_t
+.EE
+
++- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain.
+
-+Default Defined Ports:
-+udp 7001
-+.EE
++.br
++.TP 5
++Paths:
++/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
+
+.EX
-+.TP 5
-+.B afs_fs_port_t
-+.TP 10
++.PP
++.B abrt_tmp_t
+.EE
+
++- Set files with the abrt_tmp_t type, if you want to store abrt temporary files in the /tmp directories.
+
-+Default Defined Ports:
-+tcp 2040
-+.EE
-+udp 7000,7005
-+.EE
+
+.EX
-+.TP 5
-+.B afs_ka_port_t
-+.TP 10
++.PP
++.B abrt_unit_file_t
+.EE
+
++- Set files with the abrt_unit_file_t type, if you want to treat the files as abrt unit content.
+
-+Default Defined Ports:
-+udp 7004
-+.EE
+
+.EX
-+.TP 5
-+.B afs_pt_port_t
-+.TP 10
++.PP
++.B abrt_var_cache_t
+.EE
+
++- Set files with the abrt_var_cache_t type, if you want to store the files under the /var/cache directory.
+
-+Default Defined Ports:
-+udp 7002
++.br
++.TP 5
++Paths:
++/var/cache/abrt(/.*)?, /var/spool/abrt(/.*)?, /var/cache/abrt-di(/.*)?
++
++.EX
++.PP
++.B abrt_var_log_t
+.EE
+
++- Set files with the abrt_var_log_t type, if you want to treat the data as abrt var log data, usually stored under the /var/log directory.
++
++
+.EX
-+.TP 5
-+.B afs_vl_port_t
-+.TP 10
++.PP
++.B abrt_var_run_t
+.EE
+
++- Set files with the abrt_var_run_t type, if you want to store the abrt files under the /run directory.
+
-+Default Defined Ports:
-+udp 7003
++.br
++.TP 5
++Paths:
++/var/run/abrtd?\.socket, /var/run/abrtd?\.lock, /var/run/abrt(/.*)?, /var/run/abrt\.pid
++
++.EX
++.PP
++.B abrt_watch_log_exec_t
+.EE
++
++- Set files with the abrt_watch_log_exec_t type, if you want to transition an executable to the abrt_watch_log_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
++SELinux abrt policy is very flexible allowing users to setup their abrt processes in as secure a method as possible.
+.PP
-+The following process types are defined for afs:
++The following process types are defined for abrt:
+
+.EX
-+.B afs_kaserver_t, afs_t, afs_fsserver_t, afs_bosserver_t, afs_vlserver_t, afs_ptserver_t
++.B abrt_handle_event_t, abrt_helper_t, abrt_retrace_coredump_t, abrt_t, abrt_retrace_worker_t, abrt_dump_oops_t, abrt_watch_log_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B abrt_etc_t
++
++ /etc/abrt(/.*)?
++.br
++
++.br
++.B abrt_tmp_t
++
++
++.br
++.B abrt_var_cache_t
++
++ /var/cache/abrt(/.*)?
++.br
++ /var/spool/abrt(/.*)?
++.br
++ /var/cache/abrt-di(/.*)?
++.br
++
++.br
++.B abrt_var_log_t
++
++ /var/log/abrt-logger
++.br
++
++.br
++.B abrt_var_run_t
++
++ /var/run/abrt(/.*)?
++.br
++ /var/run/abrtd?\.lock
++.br
++ /var/run/abrtd?\.socket
++.br
++ /var/run/abrt\.pid
++.br
++
++.br
++.B rpm_log_t
++
++ /var/log/yum\.log.*
++.br
++
++.br
++.B rpm_var_cache_t
++
++ /var/cache/yum(/.*)?
++.br
++ /var/spool/up2date(/.*)?
++.br
++ /var/cache/PackageKit(/.*)?
++.br
++
++.br
++.B rpm_var_run_t
++
++ /var/run/yum.*
++.br
++ /var/run/PackageKit(/.*)?
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1022,30 +1213,32 @@ index 0000000..8532575
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), afs(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/aiccu_selinux.8 b/man/man8/aiccu_selinux.8
++selinux(8), abrt(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/abrt_watch_log_selinux.8 b/man/man8/abrt_watch_log_selinux.8
new file mode 100644
-index 0000000..22de53e
+index 0000000..a45e2d0
--- /dev/null
-+++ b/man/man8/aiccu_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "aiccu_selinux" "8" "aiccu" "dwalsh at redhat.com" "aiccu SELinux Policy documentation"
++++ b/man/man8/abrt_watch_log_selinux.8
+@@ -0,0 +1,78 @@
++.TH "abrt_watch_log_selinux" "8" "abrt_watch_log" "dwalsh at redhat.com" "abrt_watch_log SELinux Policy documentation"
+.SH "NAME"
-+aiccu_selinux \- Security Enhanced Linux Policy for the aiccu processes
++abrt_watch_log_selinux \- Security Enhanced Linux Policy for the abrt_watch_log processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aiccu processes via flexible mandatory access
++Security-Enhanced Linux secures the abrt_watch_log processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -1056,41 +1249,17 @@ index 0000000..22de53e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux aiccu policy is very flexible allowing users to setup their aiccu processes in as secure a method as possible.
++SELinux abrt_watch_log policy is very flexible allowing users to setup their abrt_watch_log processes in as secure a method as possible.
+.PP
-+The following file types are defined for aiccu:
-+
-+
-+.EX
-+.PP
-+.B aiccu_etc_t
-+.EE
-+
-+- Set files with the aiccu_etc_t type, if you want to store aiccu files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B aiccu_exec_t
-+.EE
-+
-+- Set files with the aiccu_exec_t type, if you want to transition an executable to the aiccu_t domain.
-+
-+
-+.EX
-+.PP
-+.B aiccu_initrc_exec_t
-+.EE
-+
-+- Set files with the aiccu_initrc_exec_t type, if you want to transition an executable to the aiccu_initrc_t domain.
++The following file types are defined for abrt_watch_log:
+
+
+.EX
+.PP
-+.B aiccu_var_run_t
++.B abrt_watch_log_exec_t
+.EE
+
-+- Set files with the aiccu_var_run_t type, if you want to store the aiccu files under the /run directory.
++- Set files with the abrt_watch_log_exec_t type, if you want to transition an executable to the abrt_watch_log_t domain.
+
+
+.PP
@@ -1106,18 +1275,22 @@ index 0000000..22de53e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux aiccu policy is very flexible allowing users to setup their aiccu processes in as secure a method as possible.
++SELinux abrt_watch_log policy is very flexible allowing users to setup their abrt_watch_log processes in as secure a method as possible.
+.PP
-+The following process types are defined for aiccu:
++The following process types are defined for abrt_watch_log:
+
+.EX
-+.B aiccu_t
++.B abrt_watch_log_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type abrt_watch_log_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1133,64 +1306,76 @@ index 0000000..22de53e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/aide_selinux.8 b/man/man8/aide_selinux.8
++selinux(8), abrt_watch_log(8), semanage(8), restorecon(8), chcon(1)
++, abrt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/accountsd_selinux.8 b/man/man8/accountsd_selinux.8
new file mode 100644
-index 0000000..a19000b
+index 0000000..a7f9019
--- /dev/null
-+++ b/man/man8/aide_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "aide_selinux" "8" "aide" "dwalsh at redhat.com" "aide SELinux Policy documentation"
++++ b/man/man8/accountsd_selinux.8
+@@ -0,0 +1,119 @@
++.TH "accountsd_selinux" "8" "accountsd" "dwalsh at redhat.com" "accountsd SELinux Policy documentation"
+.SH "NAME"
-+aide_selinux \- Security Enhanced Linux Policy for the aide processes
++accountsd_selinux \- Security Enhanced Linux Policy for the accountsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aide processes via flexible mandatory access
++Security-Enhanced Linux secures the accountsd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the accountsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the accountsd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible.
++SELinux accountsd policy is very flexible allowing users to setup their accountsd processes in as secure a method as possible.
+.PP
-+The following file types are defined for aide:
++The following file types are defined for accountsd:
+
+
+.EX
+.PP
-+.B aide_db_t
++.B accountsd_exec_t
+.EE
+
-+- Set files with the aide_db_t type, if you want to treat the files as aide database content.
++- Set files with the accountsd_exec_t type, if you want to transition an executable to the accountsd_t domain.
+
+
+.EX
+.PP
-+.B aide_exec_t
++.B accountsd_unit_file_t
+.EE
+
-+- Set files with the aide_exec_t type, if you want to transition an executable to the aide_t domain.
++- Set files with the accountsd_unit_file_t type, if you want to treat the files as accountsd unit content.
+
+
+.EX
+.PP
-+.B aide_log_t
++.B accountsd_var_lib_t
+.EE
+
-+- Set files with the aide_log_t type, if you want to treat the data as aide log data, usually stored under the /var/log directory.
++- Set files with the accountsd_var_lib_t type, if you want to store the accountsd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/aide\.log.*, /var/log/aide(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -1205,18 +1390,34 @@ index 0000000..a19000b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible.
++SELinux accountsd policy is very flexible allowing users to setup their accountsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for aide:
++The following process types are defined for accountsd:
+
+.EX
-+.B aide_t
++.B accountsd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type accountsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B accountsd_var_lib_t
++
++ /var/lib/AccountsService(/.*)?
++.br
++
++.br
++.B xdm_etc_t
++
++ /etc/[mg]dm(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1232,38 +1433,38 @@ index 0000000..a19000b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), aide(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/aisexec_selinux.8 b/man/man8/aisexec_selinux.8
++selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/acct_selinux.8 b/man/man8/acct_selinux.8
new file mode 100644
-index 0000000..486bfb7
+index 0000000..97627b3
--- /dev/null
-+++ b/man/man8/aisexec_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "aisexec_selinux" "8" "aisexec" "dwalsh at redhat.com" "aisexec SELinux Policy documentation"
++++ b/man/man8/acct_selinux.8
+@@ -0,0 +1,121 @@
++.TH "acct_selinux" "8" "acct" "dwalsh at redhat.com" "acct SELinux Policy documentation"
+.SH "NAME"
-+aisexec_selinux \- Security Enhanced Linux Policy for the aisexec processes
++acct_selinux \- Security Enhanced Linux Policy for the acct processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aisexec processes via flexible mandatory access
++Security-Enhanced Linux secures the acct processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the aisexec_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the acct_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the aisexec_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the acct_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -1272,66 +1473,34 @@ index 0000000..486bfb7
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux aisexec policy is very flexible allowing users to setup their aisexec processes in as secure a method as possible.
++SELinux acct policy is very flexible allowing users to setup their acct processes in as secure a method as possible.
+.PP
-+The following file types are defined for aisexec:
-+
-+
-+.EX
-+.PP
-+.B aisexec_exec_t
-+.EE
-+
-+- Set files with the aisexec_exec_t type, if you want to transition an executable to the aisexec_t domain.
-+
-+
-+.EX
-+.PP
-+.B aisexec_initrc_exec_t
-+.EE
-+
-+- Set files with the aisexec_initrc_exec_t type, if you want to transition an executable to the aisexec_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B aisexec_tmp_t
-+.EE
-+
-+- Set files with the aisexec_tmp_t type, if you want to store aisexec temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B aisexec_tmpfs_t
-+.EE
-+
-+- Set files with the aisexec_tmpfs_t type, if you want to store aisexec files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B aisexec_var_lib_t
-+.EE
-+
-+- Set files with the aisexec_var_lib_t type, if you want to store the aisexec files under the /var/lib directory.
++The following file types are defined for acct:
+
+
+.EX
+.PP
-+.B aisexec_var_log_t
++.B acct_data_t
+.EE
+
-+- Set files with the aisexec_var_log_t type, if you want to treat the data as aisexec var log data, usually stored under the /var/log directory.
++- Set files with the acct_data_t type, if you want to treat the files as acct content.
+
++.br
++.TP 5
++Paths:
++/var/log/account(/.*)?, /var/account(/.*)?
+
+.EX
+.PP
-+.B aisexec_var_run_t
++.B acct_exec_t
+.EE
+
-+- Set files with the aisexec_var_run_t type, if you want to store the aisexec files under the /run directory.
++- Set files with the acct_exec_t type, if you want to transition an executable to the acct_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -1346,18 +1515,36 @@ index 0000000..486bfb7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux aisexec policy is very flexible allowing users to setup their aisexec processes in as secure a method as possible.
++SELinux acct policy is very flexible allowing users to setup their acct processes in as secure a method as possible.
+.PP
-+The following process types are defined for aisexec:
++The following process types are defined for acct:
+
+.EX
-+.B aisexec_t
++.B acct_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type acct_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B acct_data_t
++
++ /var/account(/.*)?
++.br
++ /var/log/account(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1373,73 +1560,43 @@ index 0000000..486bfb7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ajaxterm_selinux.8 b/man/man8/ajaxterm_selinux.8
++selinux(8), acct(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/afs_bosserver_selinux.8 b/man/man8/afs_bosserver_selinux.8
new file mode 100644
-index 0000000..3cc4a68
+index 0000000..90e61be
--- /dev/null
-+++ b/man/man8/ajaxterm_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "ajaxterm_selinux" "8" "ajaxterm" "dwalsh at redhat.com" "ajaxterm SELinux Policy documentation"
++++ b/man/man8/afs_bosserver_selinux.8
+@@ -0,0 +1,92 @@
++.TH "afs_bosserver_selinux" "8" "afs_bosserver" "dwalsh at redhat.com" "afs_bosserver SELinux Policy documentation"
+.SH "NAME"
-+ajaxterm_selinux \- Security Enhanced Linux Policy for the ajaxterm processes
++afs_bosserver_selinux \- Security Enhanced Linux Policy for the afs_bosserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ajaxterm processes via flexible mandatory access
++Security-Enhanced Linux secures the afs_bosserver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ajaxterm_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the ajaxterm_ssh_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
++SELinux afs_bosserver policy is very flexible allowing users to setup their afs_bosserver processes in as secure a method as possible.
+.PP
-+The following file types are defined for ajaxterm:
-+
-+
-+.EX
-+.PP
-+.B ajaxterm_exec_t
-+.EE
-+
-+- Set files with the ajaxterm_exec_t type, if you want to transition an executable to the ajaxterm_t domain.
-+
-+
-+.EX
-+.PP
-+.B ajaxterm_initrc_exec_t
-+.EE
-+
-+- Set files with the ajaxterm_initrc_exec_t type, if you want to transition an executable to the ajaxterm_initrc_t domain.
++The following file types are defined for afs_bosserver:
+
+
+.EX
+.PP
-+.B ajaxterm_var_run_t
++.B afs_bosserver_exec_t
+.EE
+
-+- Set files with the ajaxterm_var_run_t type, if you want to store the ajaxterm files under the /run directory.
++- Set files with the afs_bosserver_exec_t type, if you want to transition an executable to the afs_bosserver_t domain.
+
+
+.PP
@@ -1449,49 +1606,44 @@ index 0000000..3cc4a68
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ajaxterm:
-+
-+.EX
-+.TP 5
-+.B ajaxterm_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 8022
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
++SELinux afs_bosserver policy is very flexible allowing users to setup their afs_bosserver processes in as secure a method as possible.
+.PP
-+The following process types are defined for ajaxterm:
++The following process types are defined for afs_bosserver:
+
+.EX
-+.B ajaxterm_ssh_t, ajaxterm_t
++.B afs_bosserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
++.SH "MANAGED FILES"
++
++The SELinux user type afs_bosserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B afs_config_t
++
++ /usr/afs/etc(/.*)?
++.br
++ /usr/afs/local(/.*)?
++.br
++
++.br
++.B afs_logfile_t
++
++ /usr/afs/logs(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
+can also be used to manipulate default file context mappings.
+.PP
+.B semanage permissive
@@ -1500,113 +1652,163 @@ index 0000000..3cc4a68
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/alsa_selinux.8 b/man/man8/alsa_selinux.8
++selinux(8), afs_bosserver(8), semanage(8), restorecon(8), chcon(1)
++, afs_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/afs_fsserver_selinux.8 b/man/man8/afs_fsserver_selinux.8
new file mode 100644
-index 0000000..f44b609
+index 0000000..f5dc397
--- /dev/null
-+++ b/man/man8/alsa_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "alsa_selinux" "8" "alsa" "dwalsh at redhat.com" "alsa SELinux Policy documentation"
++++ b/man/man8/afs_fsserver_selinux.8
+@@ -0,0 +1,106 @@
++.TH "afs_fsserver_selinux" "8" "afs_fsserver" "dwalsh at redhat.com" "afs_fsserver SELinux Policy documentation"
+.SH "NAME"
-+alsa_selinux \- Security Enhanced Linux Policy for the alsa processes
++afs_fsserver_selinux \- Security Enhanced Linux Policy for the afs_fsserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the alsa processes via flexible mandatory access
++Security-Enhanced Linux secures the afs_fsserver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the alsa_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the alsa_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux alsa policy is very flexible allowing users to setup their alsa processes in as secure a method as possible.
++SELinux afs_fsserver policy is very flexible allowing users to setup their afs_fsserver processes in as secure a method as possible.
+.PP
-+The following file types are defined for alsa:
++The following file types are defined for afs_fsserver:
+
+
+.EX
+.PP
-+.B alsa_etc_rw_t
++.B afs_fsserver_exec_t
+.EE
+
-+- Set files with the alsa_etc_rw_t type, if you want to treat the files as alsa etc read/write content.
++- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/alsa/pcm(/.*)?, /etc/alsa/asound\.state, /usr/share/alsa/pcm(/.*)?, /etc/asound\.state, /etc/asound(/.*)?, /usr/share/alsa/alsa\.conf
++/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
+
-+.EX
+.PP
-+.B alsa_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux afs_fsserver policy is very flexible allowing users to setup their afs_fsserver processes in as secure a method as possible.
++.PP
++The following process types are defined for afs_fsserver:
++
++.EX
++.B afs_fsserver_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the alsa_exec_t type, if you want to transition an executable to the alsa_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type afs_fsserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/salsa, /sbin/alsactl, /usr/bin/ainit, /usr/bin/alsaunmute, /sbin/salsa, /usr/sbin/alsactl, /bin/alsaunmute
++.B afs_config_t
+
-+.EX
-+.PP
-+.B alsa_home_t
-+.EE
++ /usr/afs/etc(/.*)?
++.br
++ /usr/afs/local(/.*)?
++.br
+
-+- Set files with the alsa_home_t type, if you want to store alsa files in the users home directory.
++.br
++.B afs_files_t
+
++ /vicepa
++.br
++ /vicepb
++.br
++ /vicepc
++.br
+
-+.EX
-+.PP
-+.B alsa_tmp_t
-+.EE
++.br
++.B afs_logfile_t
+
-+- Set files with the alsa_tmp_t type, if you want to store alsa temporary files in the /tmp directories.
++ /usr/afs/logs(/.*)?
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B alsa_unit_file_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the alsa_unit_file_t type, if you want to treat the files as alsa unit content.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), afs_fsserver(8), semanage(8), restorecon(8), chcon(1)
++, afs_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/afs_kaserver_selinux.8 b/man/man8/afs_kaserver_selinux.8
+new file mode 100644
+index 0000000..90dff0f
+--- /dev/null
++++ b/man/man8/afs_kaserver_selinux.8
+@@ -0,0 +1,98 @@
++.TH "afs_kaserver_selinux" "8" "afs_kaserver" "dwalsh at redhat.com" "afs_kaserver SELinux Policy documentation"
++.SH "NAME"
++afs_kaserver_selinux \- Security Enhanced Linux Policy for the afs_kaserver processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the afs_kaserver processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux afs_kaserver policy is very flexible allowing users to setup their afs_kaserver processes in as secure a method as possible.
++.PP
++The following file types are defined for afs_kaserver:
+
+
+.EX
+.PP
-+.B alsa_var_lib_t
++.B afs_kaserver_exec_t
+.EE
+
-+- Set files with the alsa_var_lib_t type, if you want to store the alsa files under the /var/lib directory.
++- Set files with the afs_kaserver_exec_t type, if you want to transition an executable to the afs_kaserver_t domain.
+
+
+.PP
@@ -1622,18 +1824,42 @@ index 0000000..f44b609
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux alsa policy is very flexible allowing users to setup their alsa processes in as secure a method as possible.
++SELinux afs_kaserver policy is very flexible allowing users to setup their afs_kaserver processes in as secure a method as possible.
+.PP
-+The following process types are defined for alsa:
++The following process types are defined for afs_kaserver:
+
+.EX
-+.B alsa_t
++.B afs_kaserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type afs_kaserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B afs_config_t
++
++ /usr/afs/etc(/.*)?
++.br
++ /usr/afs/local(/.*)?
++.br
++
++.br
++.B afs_ka_db_t
++
++ /usr/afs/db/ka.*
++.br
++
++.br
++.B afs_logfile_t
++
++ /usr/afs/logs(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1649,39 +1875,124 @@ index 0000000..f44b609
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/amanda_selinux.8 b/man/man8/amanda_selinux.8
++selinux(8), afs_kaserver(8), semanage(8), restorecon(8), chcon(1)
++, afs_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/afs_ptserver_selinux.8 b/man/man8/afs_ptserver_selinux.8
new file mode 100644
-index 0000000..8a4105d
+index 0000000..bea0cdc
--- /dev/null
-+++ b/man/man8/amanda_selinux.8
-@@ -0,0 +1,231 @@
-+.TH "amanda_selinux" "8" "amanda" "dwalsh at redhat.com" "amanda SELinux Policy documentation"
++++ b/man/man8/afs_ptserver_selinux.8
+@@ -0,0 +1,90 @@
++.TH "afs_ptserver_selinux" "8" "afs_ptserver" "dwalsh at redhat.com" "afs_ptserver SELinux Policy documentation"
+.SH "NAME"
-+amanda_selinux \- Security Enhanced Linux Policy for the amanda processes
++afs_ptserver_selinux \- Security Enhanced Linux Policy for the afs_ptserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amanda processes via flexible mandatory access
++Security-Enhanced Linux secures the afs_ptserver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the amanda_recover_t, amanda_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux afs_ptserver policy is very flexible allowing users to setup their afs_ptserver processes in as secure a method as possible.
++.PP
++The following file types are defined for afs_ptserver:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B afs_ptserver_exec_t
+.EE
+
++- Set files with the afs_ptserver_exec_t type, if you want to transition an executable to the afs_ptserver_t domain.
++
++
+.PP
-+If you want to allow confined applications to run with kerberos for the amanda_recover_t, amanda_t, you must turn on the kerberos_enabled boolean.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux afs_ptserver policy is very flexible allowing users to setup their afs_ptserver processes in as secure a method as possible.
++.PP
++The following process types are defined for afs_ptserver:
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B afs_ptserver_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type afs_ptserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B afs_logfile_t
++
++ /usr/afs/logs(/.*)?
++.br
++
++.br
++.B afs_pt_db_t
++
++ /usr/afs/db/pr.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), afs_ptserver(8), semanage(8), restorecon(8), chcon(1)
++, afs_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/afs_selinux.8 b/man/man8/afs_selinux.8
+new file mode 100644
+index 0000000..0d835e4
+--- /dev/null
++++ b/man/man8/afs_selinux.8
+@@ -0,0 +1,363 @@
++.TH "afs_selinux" "8" "afs" "dwalsh at redhat.com" "afs SELinux Policy documentation"
++.SH "NAME"
++afs_selinux \- Security Enhanced Linux Policy for the afs processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the afs processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -1689,134 +2000,154 @@ index 0000000..8a4105d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
++SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
+.PP
-+The following file types are defined for amanda:
++The following file types are defined for afs:
+
+
+.EX
+.PP
-+.B amanda_amandates_t
++.B afs_bosserver_exec_t
+.EE
+
-+- Set files with the amanda_amandates_t type, if you want to treat the files as amanda amandates data.
++- Set files with the afs_bosserver_exec_t type, if you want to transition an executable to the afs_bosserver_t domain.
+
+
+.EX
+.PP
-+.B amanda_config_t
++.B afs_cache_t
+.EE
+
-+- Set files with the amanda_config_t type, if you want to treat the files as amanda configuration data, usually stored under the /etc directory.
++- Set files with the afs_cache_t type, if you want to store the files under the /var/cache directory.
+
+.br
+.TP 5
+Paths:
-+/etc/amanda(/.*)?, /var/lib/amanda/\.amandahosts
++/var/cache/afs(/.*)?, /usr/vice/cache(/.*)?
+
+.EX
+.PP
-+.B amanda_data_t
++.B afs_config_t
+.EE
+
-+- Set files with the amanda_data_t type, if you want to treat the files as amanda content.
++- Set files with the afs_config_t type, if you want to treat the files as afs configuration data, usually stored under the /etc directory.
+
+.br
+.TP 5
+Paths:
-+/var/lib/amanda/[^/]+(/.*)?, /etc/amanda/.*/tapelist(/.*)?, /etc/amanda/.*/index(/.*)?
++/usr/afs/local(/.*)?, /usr/afs/etc(/.*)?
+
+.EX
+.PP
-+.B amanda_dumpdates_t
++.B afs_dbdir_t
+.EE
+
-+- Set files with the amanda_dumpdates_t type, if you want to treat the files as amanda dumpdates data.
++- Set files with the afs_dbdir_t type, if you want to treat the files as afs dbdir data.
+
+
+.EX
+.PP
-+.B amanda_exec_t
++.B afs_exec_t
+.EE
+
-+- Set files with the amanda_exec_t type, if you want to transition an executable to the amanda_t domain.
++- Set files with the afs_exec_t type, if you want to transition an executable to the afs_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/vice/etc/afsd, /usr/sbin/afsd
+
+.EX
+.PP
-+.B amanda_gnutarlists_t
++.B afs_files_t
+.EE
+
-+- Set files with the amanda_gnutarlists_t type, if you want to treat the files as amanda gnutarlists data.
++- Set files with the afs_files_t type, if you want to treat the files as afs content.
+
++.br
++.TP 5
++Paths:
++/vicepc, /vicepb, /vicepa
+
+.EX
+.PP
-+.B amanda_inetd_exec_t
++.B afs_fsserver_exec_t
+.EE
+
-+- Set files with the amanda_inetd_exec_t type, if you want to transition an executable to the amanda_inetd_t domain.
++- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped, /usr/lib/amanda/amandad
++/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
+
+.EX
+.PP
-+.B amanda_log_t
++.B afs_initrc_exec_t
+.EE
+
-+- Set files with the amanda_log_t type, if you want to treat the data as amanda log data, usually stored under the /var/log directory.
++- Set files with the afs_initrc_exec_t type, if you want to transition an executable to the afs_initrc_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/log/amanda(/.*)?, /var/lib/amanda/[^/]*/log(/.*)?
++/etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client
+
+.EX
+.PP
-+.B amanda_recover_dir_t
++.B afs_ka_db_t
+.EE
+
-+- Set files with the amanda_recover_dir_t type, if you want to treat the files as amanda recover dir data.
++- Set files with the afs_ka_db_t type, if you want to treat the files as afs ka database content.
+
+
+.EX
+.PP
-+.B amanda_recover_exec_t
++.B afs_kaserver_exec_t
+.EE
+
-+- Set files with the amanda_recover_exec_t type, if you want to transition an executable to the amanda_recover_t domain.
++- Set files with the afs_kaserver_exec_t type, if you want to transition an executable to the afs_kaserver_t domain.
+
+
+.EX
+.PP
-+.B amanda_tmp_t
++.B afs_logfile_t
+.EE
+
-+- Set files with the amanda_tmp_t type, if you want to store amanda temporary files in the /tmp directories.
++- Set files with the afs_logfile_t type, if you want to treat the files as afs logfile data.
+
+
+.EX
+.PP
-+.B amanda_usr_lib_t
++.B afs_pt_db_t
+.EE
+
-+- Set files with the amanda_usr_lib_t type, if you want to treat the files as amanda usr lib data.
++- Set files with the afs_pt_db_t type, if you want to treat the files as afs pt database content.
+
+
+.EX
+.PP
-+.B amanda_var_lib_t
++.B afs_ptserver_exec_t
+.EE
+
-+- Set files with the amanda_var_lib_t type, if you want to store the amanda files under the /var/lib directory.
++- Set files with the afs_ptserver_exec_t type, if you want to transition an executable to the afs_ptserver_t domain.
++
++
++.EX
++.PP
++.B afs_vl_db_t
++.EE
++
++- Set files with the afs_vl_db_t type, if you want to treat the files as afs vl database content.
++
++
++.EX
++.PP
++.B afs_vlserver_exec_t
++.EE
++
++- Set files with the afs_vlserver_exec_t type, if you want to transition an executable to the afs_vlserver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/amanda/[^/]+/index(/.*)?, /var/lib/amanda
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -1834,21 +2165,76 @@ index 0000000..8a4105d
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
++SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
+.PP
-+The following port types are defined for amanda:
++The following port types are defined for afs:
+
+.EX
+.TP 5
-+.B amanda_port_t
++.B afs_bos_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 10080-10083
++udp 7007
+.EE
-+udp 10080-10082
++
++.EX
++.TP 5
++.B afs_client_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 7001
++.EE
++
++.EX
++.TP 5
++.B afs_fs_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 2040
++.EE
++udp 7000,7005
++.EE
++
++.EX
++.TP 5
++.B afs_ka_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 7004
++.EE
++
++.EX
++.TP 5
++.B afs_pt_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 7002
++.EE
++
++.EX
++.TP 5
++.B afs_vl_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 7003
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -1856,18 +2242,88 @@ index 0000000..8a4105d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
++SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible.
+.PP
-+The following process types are defined for amanda:
++The following process types are defined for afs:
+
+.EX
-+.B amanda_t, amanda_recover_t
++.B afs_kaserver_t, afs_t, afs_fsserver_t, afs_bosserver_t, afs_vlserver_t, afs_ptserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type afs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B afs_cache_t
++
++ /var/cache/afs(/.*)?
++.br
++ /usr/vice/cache(/.*)?
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B unlabeled_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -1886,137 +2342,166 @@ index 0000000..8a4105d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/amavis_selinux.8 b/man/man8/amavis_selinux.8
++selinux(8), afs(8), semanage(8), restorecon(8), chcon(1)
++, afs_bosserver_selinux(8), afs_fsserver_selinux(8), afs_kaserver_selinux(8), afs_ptserver_selinux(8), afs_vlserver_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/afs_vlserver_selinux.8 b/man/man8/afs_vlserver_selinux.8
new file mode 100644
-index 0000000..a860e6a
+index 0000000..6670bfa
--- /dev/null
-+++ b/man/man8/amavis_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "amavis_selinux" "8" "amavis" "dwalsh at redhat.com" "amavis SELinux Policy documentation"
++++ b/man/man8/afs_vlserver_selinux.8
+@@ -0,0 +1,90 @@
++.TH "afs_vlserver_selinux" "8" "afs_vlserver" "dwalsh at redhat.com" "afs_vlserver SELinux Policy documentation"
+.SH "NAME"
-+amavis_selinux \- Security Enhanced Linux Policy for the amavis processes
++afs_vlserver_selinux \- Security Enhanced Linux Policy for the afs_vlserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amavis processes via flexible mandatory access
++Security-Enhanced Linux secures the afs_vlserver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the amavis_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the amavis_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
++SELinux afs_vlserver policy is very flexible allowing users to setup their afs_vlserver processes in as secure a method as possible.
+.PP
-+The following file types are defined for amavis:
++The following file types are defined for afs_vlserver:
+
+
+.EX
+.PP
-+.B amavis_etc_t
++.B afs_vlserver_exec_t
+.EE
+
-+- Set files with the amavis_etc_t type, if you want to store amavis files in the /etc directories.
++- Set files with the afs_vlserver_exec_t type, if you want to transition an executable to the afs_vlserver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/amavisd(/.*)?, /etc/amavis(d)?\.conf
+
-+.EX
+.PP
-+.B amavis_exec_t
-+.EE
-+
-+- Set files with the amavis_exec_t type, if you want to transition an executable to the amavis_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/amavisd.*, /usr/lib/AntiVir/antivir
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux afs_vlserver policy is very flexible allowing users to setup their afs_vlserver processes in as secure a method as possible.
++.PP
++The following process types are defined for afs_vlserver:
+
+.EX
-+.PP
-+.B amavis_initrc_exec_t
++.B afs_vlserver_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the amavis_initrc_exec_t type, if you want to transition an executable to the amavis_initrc_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type afs_vlserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/amavis, /etc/rc\.d/init\.d/amavisd-snmp
++.B afs_logfile_t
+
-+.EX
-+.PP
-+.B amavis_quarantine_t
-+.EE
++ /usr/afs/logs(/.*)?
++.br
+
-+- Set files with the amavis_quarantine_t type, if you want to treat the files as amavis quarantine data.
++.br
++.B afs_vl_db_t
+
++ /usr/afs/db/vl.*
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B amavis_spool_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the amavis_spool_t type, if you want to store the amavis files under the /var/spool directory.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
++.SH "SEE ALSO"
++selinux(8), afs_vlserver(8), semanage(8), restorecon(8), chcon(1)
++, afs_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/aiccu_selinux.8 b/man/man8/aiccu_selinux.8
+new file mode 100644
+index 0000000..01e8b01
+--- /dev/null
++++ b/man/man8/aiccu_selinux.8
+@@ -0,0 +1,107 @@
++.TH "aiccu_selinux" "8" "aiccu" "dwalsh at redhat.com" "aiccu SELinux Policy documentation"
++.SH "NAME"
++aiccu_selinux \- Security Enhanced Linux Policy for the aiccu processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the aiccu processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B amavis_tmp_t
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux aiccu policy is very flexible allowing users to setup their aiccu processes in as secure a method as possible.
++.PP
++The following file types are defined for aiccu:
++
++
++.EX
++.PP
++.B aiccu_etc_t
+.EE
+
-+- Set files with the amavis_tmp_t type, if you want to store amavis temporary files in the /tmp directories.
++- Set files with the aiccu_etc_t type, if you want to store aiccu files in the /etc directories.
+
+
+.EX
+.PP
-+.B amavis_var_lib_t
++.B aiccu_exec_t
+.EE
+
-+- Set files with the amavis_var_lib_t type, if you want to store the amavis files under the /var/lib directory.
++- Set files with the aiccu_exec_t type, if you want to transition an executable to the aiccu_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/amavis(/.*)?, /var/opt/f-secure(/.*)?, /var/amavis(/.*)?
+
+.EX
+.PP
-+.B amavis_var_log_t
++.B aiccu_initrc_exec_t
+.EE
+
-+- Set files with the amavis_var_log_t type, if you want to treat the data as amavis var log data, usually stored under the /var/log directory.
++- Set files with the aiccu_initrc_exec_t type, if you want to transition an executable to the aiccu_initrc_t domain.
+
+
+.EX
+.PP
-+.B amavis_var_run_t
++.B aiccu_var_run_t
+.EE
+
-+- Set files with the amavis_var_run_t type, if you want to store the amavis files under the /run directory.
++- Set files with the aiccu_var_run_t type, if you want to store the aiccu files under the /run directory.
+
+
+.PP
@@ -2026,58 +2511,34 @@ index 0000000..a860e6a
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
-+.PP
-+The following port types are defined for amavis:
-+
-+.EX
-+.TP 5
-+.B amavisd_recv_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 10024
-+.EE
-+
-+.EX
-+.TP 5
-+.B amavisd_send_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 10025
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
++SELinux aiccu policy is very flexible allowing users to setup their aiccu processes in as secure a method as possible.
+.PP
-+The following process types are defined for amavis:
++The following process types are defined for aiccu:
+
+.EX
-+.B amavis_t
++.B aiccu_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type aiccu_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B aiccu_var_run_t
++
++ /var/run/aiccu\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2088,30 +2549,27 @@ index 0000000..a860e6a
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/amtu_selinux.8 b/man/man8/amtu_selinux.8
++selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/aide_selinux.8 b/man/man8/aide_selinux.8
new file mode 100644
-index 0000000..2f99a72
+index 0000000..2cac17d
--- /dev/null
-+++ b/man/man8/amtu_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "amtu_selinux" "8" "amtu" "dwalsh at redhat.com" "amtu SELinux Policy documentation"
++++ b/man/man8/aide_selinux.8
+@@ -0,0 +1,111 @@
++.TH "aide_selinux" "8" "aide" "dwalsh at redhat.com" "aide SELinux Policy documentation"
+.SH "NAME"
-+amtu_selinux \- Security Enhanced Linux Policy for the amtu processes
++aide_selinux \- Security Enhanced Linux Policy for the aide processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amtu processes via flexible mandatory access
++Security-Enhanced Linux secures the aide processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -2122,18 +2580,38 @@ index 0000000..2f99a72
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux amtu policy is very flexible allowing users to setup their amtu processes in as secure a method as possible.
++SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible.
+.PP
-+The following file types are defined for amtu:
++The following file types are defined for aide:
+
+
+.EX
+.PP
-+.B amtu_exec_t
++.B aide_db_t
+.EE
+
-+- Set files with the amtu_exec_t type, if you want to transition an executable to the amtu_t domain.
++- Set files with the aide_db_t type, if you want to treat the files as aide database content.
++
++
++.EX
++.PP
++.B aide_exec_t
++.EE
++
++- Set files with the aide_exec_t type, if you want to transition an executable to the aide_t domain.
++
+
++.EX
++.PP
++.B aide_log_t
++.EE
++
++- Set files with the aide_log_t type, if you want to treat the data as aide log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/aide\.log.*, /var/log/aide(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -2148,18 +2626,36 @@ index 0000000..2f99a72
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux amtu policy is very flexible allowing users to setup their amtu processes in as secure a method as possible.
++SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible.
+.PP
-+The following process types are defined for amtu:
++The following process types are defined for aide:
+
+.EX
-+.B amtu_t
++.B aide_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type aide_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B aide_db_t
++
++ /var/lib/aide(/.*)
++.br
++
++.br
++.B aide_log_t
++
++ /var/log/aide(/.*)?
++.br
++ /var/log/aide\.log.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2175,99 +2671,105 @@ index 0000000..2f99a72
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/apcupsd_selinux.8 b/man/man8/apcupsd_selinux.8
++selinux(8), aide(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/aisexec_selinux.8 b/man/man8/aisexec_selinux.8
new file mode 100644
-index 0000000..6c86648
+index 0000000..56ce33e
--- /dev/null
-+++ b/man/man8/apcupsd_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "apcupsd_selinux" "8" "apcupsd" "dwalsh at redhat.com" "apcupsd SELinux Policy documentation"
++++ b/man/man8/aisexec_selinux.8
+@@ -0,0 +1,193 @@
++.TH "aisexec_selinux" "8" "aisexec" "dwalsh at redhat.com" "aisexec SELinux Policy documentation"
+.SH "NAME"
-+apcupsd_selinux \- Security Enhanced Linux Policy for the apcupsd processes
++aisexec_selinux \- Security Enhanced Linux Policy for the aisexec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apcupsd processes via flexible mandatory access
++Security-Enhanced Linux secures the aisexec processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the aisexec_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the aisexec_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
++SELinux aisexec policy is very flexible allowing users to setup their aisexec processes in as secure a method as possible.
+.PP
-+The following file types are defined for apcupsd:
++The following file types are defined for aisexec:
+
+
+.EX
+.PP
-+.B apcupsd_exec_t
++.B aisexec_exec_t
+.EE
+
-+- Set files with the apcupsd_exec_t type, if you want to transition an executable to the apcupsd_t domain.
++- Set files with the aisexec_exec_t type, if you want to transition an executable to the aisexec_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/apcupsd, /usr/sbin/apcupsd
+
+.EX
+.PP
-+.B apcupsd_initrc_exec_t
++.B aisexec_initrc_exec_t
+.EE
+
-+- Set files with the apcupsd_initrc_exec_t type, if you want to transition an executable to the apcupsd_initrc_t domain.
++- Set files with the aisexec_initrc_exec_t type, if you want to transition an executable to the aisexec_initrc_t domain.
+
+
+.EX
+.PP
-+.B apcupsd_lock_t
++.B aisexec_tmp_t
+.EE
+
-+- Set files with the apcupsd_lock_t type, if you want to treat the files as apcupsd lock data, stored under the /var/lock directory
++- Set files with the aisexec_tmp_t type, if you want to store aisexec temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B apcupsd_log_t
++.B aisexec_tmpfs_t
+.EE
+
-+- Set files with the apcupsd_log_t type, if you want to treat the data as apcupsd log data, usually stored under the /var/log directory.
++- Set files with the aisexec_tmpfs_t type, if you want to store aisexec files on a tmpfs file system.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/apcupsd\.status.*, /var/log/apcupsd\.events.*
+
+.EX
+.PP
-+.B apcupsd_tmp_t
++.B aisexec_var_lib_t
+.EE
+
-+- Set files with the apcupsd_tmp_t type, if you want to store apcupsd temporary files in the /tmp directories.
++- Set files with the aisexec_var_lib_t type, if you want to store the aisexec files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B apcupsd_unit_file_t
++.B aisexec_var_log_t
+.EE
+
-+- Set files with the apcupsd_unit_file_t type, if you want to treat the files as apcupsd unit content.
++- Set files with the aisexec_var_log_t type, if you want to treat the data as aisexec var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B apcupsd_var_run_t
++.B aisexec_var_run_t
+.EE
+
-+- Set files with the apcupsd_var_run_t type, if you want to store the apcupsd files under the /run directory.
++- Set files with the aisexec_var_run_t type, if you want to store the aisexec files under the /run directory.
+
+
+.PP
@@ -2277,49 +2779,82 @@ index 0000000..6c86648
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for apcupsd:
-+
-+.EX
-+.TP 5
-+.B apcupsd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 3551
-+.EE
-+udp 3551
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
++SELinux aisexec policy is very flexible allowing users to setup their aisexec processes in as secure a method as possible.
+.PP
-+The following process types are defined for apcupsd:
++The following process types are defined for aisexec:
+
+.EX
-+.B apcupsd_t
++.B aisexec_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type aisexec_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B aisexec_tmp_t
++
++
++.br
++.B aisexec_tmpfs_t
++
++
++.br
++.B aisexec_var_lib_t
++
++ /var/lib/openais(/.*)?
++.br
++
++.br
++.B aisexec_var_log_t
++
++ /var/log/cluster/aisexec\.log.*
++.br
++
++.br
++.B aisexec_var_run_t
++
++ /var/run/aisexec\.pid
++.br
++
++.br
++.B dlm_controld_tmpfs_t
++
++
++.br
++.B fenced_tmpfs_t
++
++
++.br
++.B gfs_controld_tmpfs_t
++
++
++.br
++.B groupd_tmpfs_t
++
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2330,46 +2865,43 @@ index 0000000..6c86648
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/apm_selinux.8 b/man/man8/apm_selinux.8
++selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ajaxterm_selinux.8 b/man/man8/ajaxterm_selinux.8
new file mode 100644
-index 0000000..d6b5395
+index 0000000..308cf15
--- /dev/null
-+++ b/man/man8/apm_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "apm_selinux" "8" "apm" "dwalsh at redhat.com" "apm SELinux Policy documentation"
++++ b/man/man8/ajaxterm_selinux.8
+@@ -0,0 +1,161 @@
++.TH "ajaxterm_selinux" "8" "ajaxterm" "dwalsh at redhat.com" "ajaxterm SELinux Policy documentation"
+.SH "NAME"
-+apm_selinux \- Security Enhanced Linux Policy for the apm processes
++ajaxterm_selinux \- Security Enhanced Linux Policy for the ajaxterm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apm processes via flexible mandatory access
++Security-Enhanced Linux secures the ajaxterm processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the apmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ajaxterm_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the apmd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the ajaxterm_ssh_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -2378,100 +2910,115 @@ index 0000000..d6b5395
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux apm policy is very flexible allowing users to setup their apm processes in as secure a method as possible.
++SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
+.PP
-+The following file types are defined for apm:
++The following file types are defined for ajaxterm:
+
+
+.EX
+.PP
-+.B apm_exec_t
++.B ajaxterm_exec_t
+.EE
+
-+- Set files with the apm_exec_t type, if you want to transition an executable to the apm_t domain.
++- Set files with the ajaxterm_exec_t type, if you want to transition an executable to the ajaxterm_t domain.
+
+
+.EX
+.PP
-+.B apmd_exec_t
++.B ajaxterm_initrc_exec_t
+.EE
+
-+- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
++- Set files with the ajaxterm_initrc_exec_t type, if you want to transition an executable to the ajaxterm_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
+
+.EX
+.PP
-+.B apmd_lock_t
++.B ajaxterm_var_run_t
+.EE
+
-+- Set files with the apmd_lock_t type, if you want to treat the files as apmd lock data, stored under the /var/lock directory
++- Set files with the ajaxterm_var_run_t type, if you want to store the ajaxterm files under the /run directory.
+
+
-+.EX
+.PP
-+.B apmd_log_t
-+.EE
-+
-+- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B apmd_tmp_t
-+.EE
-+
-+- Set files with the apmd_tmp_t type, if you want to store apmd temporary files in the /tmp directories.
++You can see the types associated with a port by using the following command:
+
++.B semanage port -l
+
-+.EX
+.PP
-+.B apmd_unit_file_t
-+.EE
-+
-+- Set files with the apmd_unit_file_t type, if you want to treat the files as apmd unit content.
-+
++Policy governs the access confined processes have to these ports.
++SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
++.PP
++The following port types are defined for ajaxterm:
+
+.EX
-+.PP
-+.B apmd_var_run_t
-+.EE
-+
-+- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
-+
-+.br
+.TP 5
-+Paths:
-+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
++.B ajaxterm_port_t
++.TP 10
++.EE
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
++Default Defined Ports:
++tcp 8022
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux apm policy is very flexible allowing users to setup their apm processes in as secure a method as possible.
++SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible.
+.PP
-+The following process types are defined for apm:
++The following process types are defined for ajaxterm:
+
+.EX
-+.B apm_t, apmd_t
++.B ajaxterm_ssh_t, ajaxterm_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ajaxterm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ajaxterm_var_run_t
++
++ /var/run/ajaxterm\.pid
++.br
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2482,43 +3029,46 @@ index 0000000..d6b5395
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), apm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/apmd_selinux.8 b/man/man8/apmd_selinux.8
++selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/alsa_selinux.8 b/man/man8/alsa_selinux.8
new file mode 100644
-index 0000000..ce243b5
+index 0000000..608b2e9
--- /dev/null
-+++ b/man/man8/apmd_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "apmd_selinux" "8" "apmd" "dwalsh at redhat.com" "apmd SELinux Policy documentation"
++++ b/man/man8/alsa_selinux.8
+@@ -0,0 +1,165 @@
++.TH "alsa_selinux" "8" "alsa" "dwalsh at redhat.com" "alsa SELinux Policy documentation"
+.SH "NAME"
-+apmd_selinux \- Security Enhanced Linux Policy for the apmd processes
++alsa_selinux \- Security Enhanced Linux Policy for the alsa processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apmd processes via flexible mandatory access
++Security-Enhanced Linux secures the alsa processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the apmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the alsa_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the apmd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the alsa_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -2527,66 +3077,66 @@ index 0000000..ce243b5
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux apmd policy is very flexible allowing users to setup their apmd processes in as secure a method as possible.
++SELinux alsa policy is very flexible allowing users to setup their alsa processes in as secure a method as possible.
+.PP
-+The following file types are defined for apmd:
++The following file types are defined for alsa:
+
+
+.EX
+.PP
-+.B apmd_exec_t
++.B alsa_etc_rw_t
+.EE
+
-+- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
++- Set files with the alsa_etc_rw_t type, if you want to treat the files as alsa etc read/write content.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
++/etc/alsa/pcm(/.*)?, /etc/alsa/asound\.state, /usr/share/alsa/pcm(/.*)?, /etc/asound\.state, /etc/asound(/.*)?, /usr/share/alsa/alsa\.conf
+
+.EX
+.PP
-+.B apmd_lock_t
++.B alsa_exec_t
+.EE
+
-+- Set files with the apmd_lock_t type, if you want to treat the files as apmd lock data, stored under the /var/lock directory
++- Set files with the alsa_exec_t type, if you want to transition an executable to the alsa_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/salsa, /usr/bin/ainit, /usr/bin/alsaunmute, /sbin/salsa, /usr/sbin/alsactl, /sbin/alsactl, /bin/alsaunmute
+
+.EX
+.PP
-+.B apmd_log_t
++.B alsa_home_t
+.EE
+
-+- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory.
++- Set files with the alsa_home_t type, if you want to store alsa files in the users home directory.
+
+
+.EX
+.PP
-+.B apmd_tmp_t
++.B alsa_tmp_t
+.EE
+
-+- Set files with the apmd_tmp_t type, if you want to store apmd temporary files in the /tmp directories.
++- Set files with the alsa_tmp_t type, if you want to store alsa temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B apmd_unit_file_t
++.B alsa_unit_file_t
+.EE
+
-+- Set files with the apmd_unit_file_t type, if you want to treat the files as apmd unit content.
++- Set files with the alsa_unit_file_t type, if you want to treat the files as alsa unit content.
+
+
+.EX
+.PP
-+.B apmd_var_run_t
++.B alsa_var_lib_t
+.EE
+
-+- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
++- Set files with the alsa_var_lib_t type, if you want to store the alsa files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -2601,18 +3151,48 @@ index 0000000..ce243b5
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux apmd policy is very flexible allowing users to setup their apmd processes in as secure a method as possible.
++SELinux alsa policy is very flexible allowing users to setup their alsa processes in as secure a method as possible.
+.PP
-+The following process types are defined for apmd:
++The following process types are defined for alsa:
+
+.EX
-+.B apm_t, apmd_t
++.B alsa_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type alsa_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B alsa_etc_rw_t
++
++ /etc/asound(/.*)?
++.br
++ /etc/alsa/pcm(/.*)?
++.br
++ /usr/share/alsa/pcm(/.*)?
++.br
++ /etc/asound\.state
++.br
++ /etc/alsa/asound\.state
++.br
++ /usr/share/alsa/alsa\.conf
++.br
++
++.br
++.B alsa_tmp_t
++
++
++.br
++.B alsa_var_lib_t
++
++ /var/lib/alsa(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2628,38 +3208,38 @@ index 0000000..ce243b5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/arpwatch_selinux.8 b/man/man8/arpwatch_selinux.8
++selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/amanda_recover_selinux.8 b/man/man8/amanda_recover_selinux.8
new file mode 100644
-index 0000000..7a26123
+index 0000000..3f5e34c
--- /dev/null
-+++ b/man/man8/arpwatch_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "arpwatch_selinux" "8" "arpwatch" "dwalsh at redhat.com" "arpwatch SELinux Policy documentation"
++++ b/man/man8/amanda_recover_selinux.8
+@@ -0,0 +1,118 @@
++.TH "amanda_recover_selinux" "8" "amanda_recover" "dwalsh at redhat.com" "amanda_recover SELinux Policy documentation"
+.SH "NAME"
-+arpwatch_selinux \- Security Enhanced Linux Policy for the arpwatch processes
++amanda_recover_selinux \- Security Enhanced Linux Policy for the amanda_recover processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the arpwatch processes via flexible mandatory access
++Security-Enhanced Linux secures the amanda_recover processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the arpwatch_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the amanda_recover_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the arpwatch_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the amanda_recover_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -2668,61 +3248,25 @@ index 0000000..7a26123
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux arpwatch policy is very flexible allowing users to setup their arpwatch processes in as secure a method as possible.
++SELinux amanda_recover policy is very flexible allowing users to setup their amanda_recover processes in as secure a method as possible.
+.PP
-+The following file types are defined for arpwatch:
++The following file types are defined for amanda_recover:
+
+
+.EX
+.PP
-+.B arpwatch_data_t
++.B amanda_recover_dir_t
+.EE
+
-+- Set files with the arpwatch_data_t type, if you want to treat the files as arpwatch content.
++- Set files with the amanda_recover_dir_t type, if you want to treat the files as amanda recover dir data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/arpwatch(/.*)?, /var/lib/arpwatch(/.*)?
+
+.EX
+.PP
-+.B arpwatch_exec_t
-+.EE
-+
-+- Set files with the arpwatch_exec_t type, if you want to transition an executable to the arpwatch_t domain.
-+
-+
-+.EX
-+.PP
-+.B arpwatch_initrc_exec_t
-+.EE
-+
-+- Set files with the arpwatch_initrc_exec_t type, if you want to transition an executable to the arpwatch_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B arpwatch_tmp_t
-+.EE
-+
-+- Set files with the arpwatch_tmp_t type, if you want to store arpwatch temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B arpwatch_unit_file_t
-+.EE
-+
-+- Set files with the arpwatch_unit_file_t type, if you want to treat the files as arpwatch unit content.
-+
-+
-+.EX
-+.PP
-+.B arpwatch_var_run_t
++.B amanda_recover_exec_t
+.EE
+
-+- Set files with the arpwatch_var_run_t type, if you want to store the arpwatch files under the /run directory.
++- Set files with the amanda_recover_exec_t type, if you want to transition an executable to the amanda_recover_t domain.
+
+
+.PP
@@ -2738,18 +3282,40 @@ index 0000000..7a26123
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux arpwatch policy is very flexible allowing users to setup their arpwatch processes in as secure a method as possible.
++SELinux amanda_recover policy is very flexible allowing users to setup their amanda_recover processes in as secure a method as possible.
+.PP
-+The following process types are defined for arpwatch:
++The following process types are defined for amanda_recover:
+
+.EX
-+.B arpwatch_t
++.B amanda_recover_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type amanda_recover_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B amanda_log_t
++
++ /var/log/amanda(/.*)?
++.br
++ /var/lib/amanda/[^/]*/log(/.*)?
++.br
++
++.br
++.B amanda_recover_dir_t
++
++ /root/restore
++.br
++
++.br
++.B amanda_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2765,38 +3331,40 @@ index 0000000..7a26123
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/asterisk_selinux.8 b/man/man8/asterisk_selinux.8
++selinux(8), amanda_recover(8), semanage(8), restorecon(8), chcon(1)
++, amanda_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/amanda_selinux.8 b/man/man8/amanda_selinux.8
new file mode 100644
-index 0000000..7cf9e0a
+index 0000000..9c85d93
--- /dev/null
-+++ b/man/man8/asterisk_selinux.8
-@@ -0,0 +1,179 @@
-+.TH "asterisk_selinux" "8" "asterisk" "dwalsh at redhat.com" "asterisk SELinux Policy documentation"
++++ b/man/man8/amanda_selinux.8
+@@ -0,0 +1,284 @@
++.TH "amanda_selinux" "8" "amanda" "dwalsh at redhat.com" "amanda SELinux Policy documentation"
+.SH "NAME"
-+asterisk_selinux \- Security Enhanced Linux Policy for the asterisk processes
++amanda_selinux \- Security Enhanced Linux Policy for the amanda processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the asterisk processes via flexible mandatory access
++Security-Enhanced Linux secures the amanda processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the asterisk_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the amanda_recover_t, amanda_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the asterisk_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the amanda_recover_t, amanda_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -2805,82 +3373,134 @@ index 0000000..7cf9e0a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
++SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
+.PP
-+The following file types are defined for asterisk:
++The following file types are defined for amanda:
+
+
+.EX
+.PP
-+.B asterisk_etc_t
++.B amanda_amandates_t
+.EE
+
-+- Set files with the asterisk_etc_t type, if you want to store asterisk files in the /etc directories.
++- Set files with the amanda_amandates_t type, if you want to treat the files as amanda amandates data.
+
+
+.EX
+.PP
-+.B asterisk_exec_t
++.B amanda_config_t
+.EE
+
-+- Set files with the asterisk_exec_t type, if you want to transition an executable to the asterisk_t domain.
++- Set files with the amanda_config_t type, if you want to treat the files as amanda configuration data, usually stored under the /etc directory.
+
++.br
++.TP 5
++Paths:
++/etc/amanda(/.*)?, /var/lib/amanda/\.amandahosts
+
+.EX
+.PP
-+.B asterisk_initrc_exec_t
++.B amanda_data_t
+.EE
+
-+- Set files with the asterisk_initrc_exec_t type, if you want to transition an executable to the asterisk_initrc_t domain.
++- Set files with the amanda_data_t type, if you want to treat the files as amanda content.
+
++.br
++.TP 5
++Paths:
++/var/lib/amanda/[^/]+(/.*)?, /etc/amanda/.*/tapelist(/.*)?, /etc/amanda/.*/index(/.*)?
+
+.EX
+.PP
-+.B asterisk_log_t
++.B amanda_dumpdates_t
+.EE
+
-+- Set files with the asterisk_log_t type, if you want to treat the data as asterisk log data, usually stored under the /var/log directory.
++- Set files with the amanda_dumpdates_t type, if you want to treat the files as amanda dumpdates data.
+
+
+.EX
+.PP
-+.B asterisk_spool_t
++.B amanda_exec_t
+.EE
+
-+- Set files with the asterisk_spool_t type, if you want to store the asterisk files under the /var/spool directory.
++- Set files with the amanda_exec_t type, if you want to transition an executable to the amanda_t domain.
+
+
+.EX
+.PP
-+.B asterisk_tmp_t
++.B amanda_gnutarlists_t
+.EE
+
-+- Set files with the asterisk_tmp_t type, if you want to store asterisk temporary files in the /tmp directories.
++- Set files with the amanda_gnutarlists_t type, if you want to treat the files as amanda gnutarlists data.
+
+
+.EX
+.PP
-+.B asterisk_tmpfs_t
++.B amanda_inetd_exec_t
+.EE
+
-+- Set files with the asterisk_tmpfs_t type, if you want to store asterisk files on a tmpfs file system.
++- Set files with the amanda_inetd_exec_t type, if you want to transition an executable to the amanda_inetd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped, /usr/lib/amanda/amandad
+
+.EX
+.PP
-+.B asterisk_var_lib_t
++.B amanda_log_t
+.EE
+
-+- Set files with the asterisk_var_lib_t type, if you want to store the asterisk files under the /var/lib directory.
++- Set files with the amanda_log_t type, if you want to treat the data as amanda log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/amanda(/.*)?, /var/lib/amanda/[^/]*/log(/.*)?
+
+.EX
+.PP
-+.B asterisk_var_run_t
++.B amanda_recover_dir_t
+.EE
+
-+- Set files with the asterisk_var_run_t type, if you want to store the asterisk files under the /run directory.
++- Set files with the amanda_recover_dir_t type, if you want to treat the files as amanda recover dir data.
++
++
++.EX
++.PP
++.B amanda_recover_exec_t
++.EE
++
++- Set files with the amanda_recover_exec_t type, if you want to transition an executable to the amanda_recover_t domain.
++
++
++.EX
++.PP
++.B amanda_tmp_t
++.EE
++
++- Set files with the amanda_tmp_t type, if you want to store amanda temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B amanda_usr_lib_t
++.EE
++
++- Set files with the amanda_usr_lib_t type, if you want to treat the files as amanda usr lib data.
++
++
++.EX
++.PP
++.B amanda_var_lib_t
++.EE
+
++- Set files with the amanda_var_lib_t type, if you want to store the amanda files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/amanda/[^/]+/index(/.*)?, /var/lib/amanda
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -2898,21 +3518,21 @@ index 0000000..7cf9e0a
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
++SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
+.PP
-+The following port types are defined for asterisk:
++The following port types are defined for amanda:
+
+.EX
+.TP 5
-+.B asterisk_port_t
++.B amanda_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 1720
++tcp 10080-10083
+.EE
-+udp 2427,2727,4569
++udp 10080-10082
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -2920,18 +3540,70 @@ index 0000000..7cf9e0a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
++SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible.
+.PP
-+The following process types are defined for asterisk:
++The following process types are defined for amanda:
+
+.EX
-+.B asterisk_t
++.B amanda_t, amanda_recover_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type amanda_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B amanda_amandates_t
++
++ /etc/amandates
++.br
++
++.br
++.B amanda_data_t
++
++ /etc/amanda/.*/index(/.*)?
++.br
++ /etc/amanda/.*/tapelist(/.*)?
++.br
++ /var/lib/amanda/[^/]+(/.*)?
++.br
++
++.br
++.B amanda_dumpdates_t
++
++ /etc/dumpdates
++.br
++
++.br
++.B amanda_gnutarlists_t
++
++ /var/lib/amanda/gnutar-lists(/.*)?
++.br
++
++.br
++.B amanda_log_t
++
++ /var/log/amanda(/.*)?
++.br
++ /var/lib/amanda/[^/]*/log(/.*)?
++.br
++
++.br
++.B amanda_tmp_t
++
++
++.br
++.B amanda_var_lib_t
++
++ /var/lib/amanda/[^/]+/index(/.*)?
++.br
++ /var/lib/amanda
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -2950,38 +3622,51 @@ index 0000000..7cf9e0a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/audisp_selinux.8 b/man/man8/audisp_selinux.8
++selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1)
++, amanda_recover_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/amavis_selinux.8 b/man/man8/amavis_selinux.8
new file mode 100644
-index 0000000..3ad89dc
+index 0000000..8f7997c
--- /dev/null
-+++ b/man/man8/audisp_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "audisp_selinux" "8" "audisp" "dwalsh at redhat.com" "audisp SELinux Policy documentation"
++++ b/man/man8/amavis_selinux.8
+@@ -0,0 +1,275 @@
++.TH "amavis_selinux" "8" "amavis" "dwalsh at redhat.com" "amavis SELinux Policy documentation"
+.SH "NAME"
-+audisp_selinux \- Security Enhanced Linux Policy for the audisp processes
++amavis_selinux \- Security Enhanced Linux Policy for the amavis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the audisp processes via flexible mandatory access
++Security-Enhanced Linux secures the amavis processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. amavis policy is extremely flexible and has several booleans that allow you to manipulate the policy and run amavis with the tightest access possible.
++
++
++.PP
++If you want to allow amavis to use JIT compiler, you must turn on the amavis_use_jit boolean.
++
++.EX
++.B setsebool -P amavis_use_jit 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the audisp_t, audisp_remote_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the amavis_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the audisp_t, audisp_remote_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the amavis_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -2990,41 +3675,97 @@ index 0000000..3ad89dc
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux audisp policy is very flexible allowing users to setup their audisp processes in as secure a method as possible.
++SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
+.PP
-+The following file types are defined for audisp:
++The following file types are defined for amavis:
+
+
+.EX
+.PP
-+.B audisp_exec_t
++.B amavis_etc_t
+.EE
+
-+- Set files with the audisp_exec_t type, if you want to transition an executable to the audisp_t domain.
++- Set files with the amavis_etc_t type, if you want to store amavis files in the /etc directories.
+
+.br
+.TP 5
+Paths:
-+/sbin/audispd, /usr/sbin/audispd
++/etc/amavisd(/.*)?, /etc/amavis(d)?\.conf
+
+.EX
+.PP
-+.B audisp_remote_exec_t
++.B amavis_exec_t
+.EE
+
-+- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain.
++- Set files with the amavis_exec_t type, if you want to transition an executable to the amavis_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/audisp-remote, /sbin/audisp-remote
++/usr/sbin/amavisd.*, /usr/lib/AntiVir/antivir
+
+.EX
+.PP
-+.B audisp_var_run_t
++.B amavis_initrc_exec_t
+.EE
+
-+- Set files with the audisp_var_run_t type, if you want to store the audisp files under the /run directory.
++- Set files with the amavis_initrc_exec_t type, if you want to transition an executable to the amavis_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/amavis, /etc/rc\.d/init\.d/amavisd-snmp
++
++.EX
++.PP
++.B amavis_quarantine_t
++.EE
++
++- Set files with the amavis_quarantine_t type, if you want to treat the files as amavis quarantine data.
++
++
++.EX
++.PP
++.B amavis_spool_t
++.EE
++
++- Set files with the amavis_spool_t type, if you want to store the amavis files under the /var/spool directory.
++
++
++.EX
++.PP
++.B amavis_tmp_t
++.EE
++
++- Set files with the amavis_tmp_t type, if you want to store amavis temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B amavis_var_lib_t
++.EE
++
++- Set files with the amavis_var_lib_t type, if you want to store the amavis files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/amavis(/.*)?, /var/opt/f-secure(/.*)?, /var/amavis(/.*)?
++
++.EX
++.PP
++.B amavis_var_log_t
++.EE
++
++- Set files with the amavis_var_log_t type, if you want to treat the data as amavis var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B amavis_var_run_t
++.EE
++
++- Set files with the amavis_var_run_t type, if you want to store the amavis files under the /run directory.
+
+
+.PP
@@ -3034,126 +3775,153 @@ index 0000000..3ad89dc
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
++.PP
++The following port types are defined for amavis:
++
++.EX
++.TP 5
++.B amavisd_recv_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 10024
++.EE
++
++.EX
++.TP 5
++.B amavisd_send_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 10025
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux audisp policy is very flexible allowing users to setup their audisp processes in as secure a method as possible.
++SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible.
+.PP
-+The following process types are defined for audisp:
++The following process types are defined for amavis:
+
+.EX
-+.B audisp_remote_t, audisp_t
++.B amavis_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/auditadm_selinux.8 b/man/man8/auditadm_selinux.8
-new file mode 100644
-index 0000000..cba947e
---- /dev/null
-+++ b/man/man8/auditadm_selinux.8
-@@ -0,0 +1,65 @@
-+.TH "auditadm_selinux" "8" "auditadm" "mgrepl at redhat.com" "auditadm SELinux Policy documentation"
-+.SH "NAME"
-+auditadm_r \- \fBAudit administrator role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
-+
-+Note: The examples in the man page will user the staff_u user.
-+
-+Non login roles are usually used for administrative tasks.
-+
-+Roles usually have default types assigned to them.
++.SH "MANAGED FILES"
+
-+The default type for the auditadm_r role is auditadm_t.
-+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
++The SELinux user type amavis_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B newrole -r auditadm_r -t auditadm_t
++.br
++.B amavis_quarantine_t
+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
++ /var/virusmails(/.*)?
++.br
+
-+USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
+.br
-+sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
++.B amavis_spool_t
+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++ /var/spool/amavisd(/.*)?
++.br
+
-+You can see all of the assigned SELinux roles using the following
++.br
++.B amavis_tmp_t
+
-+.B semanage user -l
+
-+If you wanted to add auditadm_r to the staff_u user, you would execute:
++.br
++.B amavis_var_lib_t
+
-+.B $ semanage user -m -R 'staff_r auditadm_r' staff_u
++ /var/amavis(/.*)?
++.br
++ /var/lib/amavis(/.*)?
++.br
++ /var/opt/f-secure(/.*)?
++.br
+
++.br
++.B amavis_var_log_t
+
++ /var/log/amavisd\.log.*
++.br
+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
++.br
++.B amavis_var_run_t
+
-+.B sesearch --role_allow
++ /var/run/amavis(d)?(/.*)?
++.br
+
-+SELinux policy allows the sysadm_r, secadm_r, staff_r roles can transition to the auditadm_r role.
++.br
++.B snmpd_var_lib_t
+
++ /var/agentx(/.*)?
++.br
++ /var/lib/snmp(/.*)?
++.br
++ /var/net-snmp(/.*)?
++.br
++ /var/lib/net-snmp(/.*)?
++.br
++ /usr/share/snmp/mibs/\.index
++.br
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
++.B semanage port
++can also be used to manipulate the port definitions
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.B semanage boolean
++can also be used to manipulate the booleans
+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/auditctl_selinux.8 b/man/man8/auditctl_selinux.8
++selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/amtu_selinux.8 b/man/man8/amtu_selinux.8
new file mode 100644
-index 0000000..3b2ace8
+index 0000000..5f568ce
--- /dev/null
-+++ b/man/man8/auditctl_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "auditctl_selinux" "8" "auditctl" "dwalsh at redhat.com" "auditctl SELinux Policy documentation"
++++ b/man/man8/amtu_selinux.8
+@@ -0,0 +1,89 @@
++.TH "amtu_selinux" "8" "amtu" "dwalsh at redhat.com" "amtu SELinux Policy documentation"
+.SH "NAME"
-+auditctl_selinux \- Security Enhanced Linux Policy for the auditctl processes
++amtu_selinux \- Security Enhanced Linux Policy for the amtu processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the auditctl processes via flexible mandatory access
++Security-Enhanced Linux secures the amtu processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -3164,22 +3932,18 @@ index 0000000..3b2ace8
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux auditctl policy is very flexible allowing users to setup their auditctl processes in as secure a method as possible.
++SELinux amtu policy is very flexible allowing users to setup their amtu processes in as secure a method as possible.
+.PP
-+The following file types are defined for auditctl:
++The following file types are defined for amtu:
+
+
+.EX
+.PP
-+.B auditctl_exec_t
++.B amtu_exec_t
+.EE
+
-+- Set files with the auditctl_exec_t type, if you want to transition an executable to the auditctl_t domain.
++- Set files with the amtu_exec_t type, if you want to transition an executable to the amtu_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/auditctl, /usr/sbin/auditctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -3194,18 +3958,34 @@ index 0000000..3b2ace8
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux auditctl policy is very flexible allowing users to setup their auditctl processes in as secure a method as possible.
++SELinux amtu policy is very flexible allowing users to setup their amtu processes in as secure a method as possible.
+.PP
-+The following process types are defined for auditctl:
++The following process types are defined for amtu:
+
+.EX
-+.B auditctl_t
++.B amtu_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type amtu_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boot_t
++
++ /boot/.*
++.br
++ /vmlinuz.*
++.br
++ /initrd\.img.*
++.br
++ /boot
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -3221,110 +4001,100 @@ index 0000000..3b2ace8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/auditd_selinux.8 b/man/man8/auditd_selinux.8
++selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/apcupsd_selinux.8 b/man/man8/apcupsd_selinux.8
new file mode 100644
-index 0000000..d3f0e92
+index 0000000..6ef7cfc
--- /dev/null
-+++ b/man/man8/auditd_selinux.8
-@@ -0,0 +1,165 @@
-+.TH "auditd_selinux" "8" "auditd" "dwalsh at redhat.com" "auditd SELinux Policy documentation"
++++ b/man/man8/apcupsd_selinux.8
+@@ -0,0 +1,259 @@
++.TH "apcupsd_selinux" "8" "apcupsd" "dwalsh at redhat.com" "apcupsd SELinux Policy documentation"
+.SH "NAME"
-+auditd_selinux \- Security Enhanced Linux Policy for the auditd processes
++apcupsd_selinux \- Security Enhanced Linux Policy for the apcupsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the auditd processes via flexible mandatory access
++Security-Enhanced Linux secures the apcupsd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the auditadm_t, auditadm_gkeyringd_t, auditadm_su_t, auditd_t, auditadm_sudo_t, auditadm_screen_t, auditadm_wine_t, auditadm_seunshare_t, auditadm_dbusd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the auditadm_t, auditadm_gkeyringd_t, auditadm_su_t, auditd_t, auditadm_sudo_t, auditadm_screen_t, auditadm_wine_t, auditadm_seunshare_t, auditadm_dbusd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
++SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
+.PP
-+The following file types are defined for auditd:
++The following file types are defined for apcupsd:
+
+
+.EX
+.PP
-+.B auditd_etc_t
++.B apcupsd_exec_t
+.EE
+
-+- Set files with the auditd_etc_t type, if you want to store auditd files in the /etc directories.
++- Set files with the apcupsd_exec_t type, if you want to transition an executable to the apcupsd_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/apcupsd, /usr/sbin/apcupsd
+
+.EX
+.PP
-+.B auditd_exec_t
++.B apcupsd_initrc_exec_t
+.EE
+
-+- Set files with the auditd_exec_t type, if you want to transition an executable to the auditd_t domain.
++- Set files with the apcupsd_initrc_exec_t type, if you want to transition an executable to the apcupsd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/auditd, /usr/sbin/auditd
+
+.EX
+.PP
-+.B auditd_initrc_exec_t
++.B apcupsd_lock_t
+.EE
+
-+- Set files with the auditd_initrc_exec_t type, if you want to transition an executable to the auditd_initrc_t domain.
++- Set files with the apcupsd_lock_t type, if you want to treat the files as apcupsd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B auditd_log_t
++.B apcupsd_log_t
+.EE
+
-+- Set files with the auditd_log_t type, if you want to treat the data as auditd log data, usually stored under the /var/log directory.
++- Set files with the apcupsd_log_t type, if you want to treat the data as apcupsd log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/var/log/audit(/.*)?, /var/log/audit\.log
++/var/log/apcupsd\.status.*, /var/log/apcupsd\.events.*
+
+.EX
+.PP
-+.B auditd_unit_file_t
++.B apcupsd_tmp_t
+.EE
+
-+- Set files with the auditd_unit_file_t type, if you want to treat the files as auditd unit content.
++- Set files with the apcupsd_tmp_t type, if you want to store apcupsd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B auditd_var_run_t
++.B apcupsd_unit_file_t
+.EE
+
-+- Set files with the auditd_var_run_t type, if you want to store the auditd files under the /run directory.
++- Set files with the apcupsd_unit_file_t type, if you want to treat the files as apcupsd unit content.
++
++
++.EX
++.PP
++.B apcupsd_var_run_t
++.EE
++
++- Set files with the apcupsd_var_run_t type, if you want to store the apcupsd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/audit_events, /var/run/auditd_sock, /var/run/auditd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -3342,19 +4112,21 @@ index 0000000..d3f0e92
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
++SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
+.PP
-+The following port types are defined for auditd:
++The following port types are defined for apcupsd:
+
+.EX
+.TP 5
-+.B audit_port_t
++.B apcupsd_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 60
++tcp 3551
++.EE
++udp 3551
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -3362,18 +4134,120 @@ index 0000000..d3f0e92
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
++SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for auditd:
++The following process types are defined for apcupsd:
+
+.EX
-+.B auditadm_su_t, auditadm_seunshare_t, auditadm_dbusd_t, auditadm_t, auditadm_sudo_t, auditadm_wine_t, auditadm_screen_t, auditadm_gkeyringd_t, auditd_t, auditctl_t
++.B apcupsd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type apcupsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B apcupsd_lock_t
++
++ /var/lock/subsys/apcupsd
++.br
++
++.br
++.B apcupsd_log_t
++
++ /var/log/apcupsd\.events.*
++.br
++ /var/log/apcupsd\.status.*
++.br
++
++.br
++.B apcupsd_tmp_t
++
++
++.br
++.B apcupsd_var_run_t
++
++ /var/run/apcupsd\.pid
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -3392,38 +4266,38 @@ index 0000000..d3f0e92
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/automount_selinux.8 b/man/man8/automount_selinux.8
++selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/apm_selinux.8 b/man/man8/apm_selinux.8
new file mode 100644
-index 0000000..df152ca
+index 0000000..3079423
--- /dev/null
-+++ b/man/man8/automount_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "automount_selinux" "8" "automount" "dwalsh at redhat.com" "automount SELinux Policy documentation"
++++ b/man/man8/apm_selinux.8
+@@ -0,0 +1,148 @@
++.TH "apm_selinux" "8" "apm" "dwalsh at redhat.com" "apm SELinux Policy documentation"
+.SH "NAME"
-+automount_selinux \- Security Enhanced Linux Policy for the automount processes
++apm_selinux \- Security Enhanced Linux Policy for the apm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the automount processes via flexible mandatory access
++Security-Enhanced Linux secures the apm processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the automount_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the apmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the automount_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the apmd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -3432,70 +4306,74 @@ index 0000000..df152ca
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux automount policy is very flexible allowing users to setup their automount processes in as secure a method as possible.
++SELinux apm policy is very flexible allowing users to setup their apm processes in as secure a method as possible.
+.PP
-+The following file types are defined for automount:
++The following file types are defined for apm:
+
+
+.EX
+.PP
-+.B automount_exec_t
++.B apm_exec_t
+.EE
+
-+- Set files with the automount_exec_t type, if you want to transition an executable to the automount_t domain.
++- Set files with the apm_exec_t type, if you want to transition an executable to the apm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/automount, /etc/apm/event\.d/autofs
+
+.EX
+.PP
-+.B automount_initrc_exec_t
++.B apmd_exec_t
+.EE
+
-+- Set files with the automount_initrc_exec_t type, if you want to transition an executable to the automount_initrc_t domain.
++- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
+
+.EX
+.PP
-+.B automount_keytab_t
++.B apmd_lock_t
+.EE
+
-+- Set files with the automount_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the apmd_lock_t type, if you want to treat the files as apmd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B automount_lock_t
++.B apmd_log_t
+.EE
+
-+- Set files with the automount_lock_t type, if you want to treat the files as automount lock data, stored under the /var/lock directory
++- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B automount_tmp_t
++.B apmd_tmp_t
+.EE
+
-+- Set files with the automount_tmp_t type, if you want to store automount temporary files in the /tmp directories.
++- Set files with the apmd_tmp_t type, if you want to store apmd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B automount_unit_file_t
++.B apmd_unit_file_t
+.EE
+
-+- Set files with the automount_unit_file_t type, if you want to treat the files as automount unit content.
++- Set files with the apmd_unit_file_t type, if you want to treat the files as apmd unit content.
+
+
+.EX
+.PP
-+.B automount_var_run_t
++.B apmd_var_run_t
+.EE
+
-+- Set files with the automount_var_run_t type, if you want to store the automount files under the /run directory.
++- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -3510,18 +4388,22 @@ index 0000000..df152ca
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux automount policy is very flexible allowing users to setup their automount processes in as secure a method as possible.
++SELinux apm policy is very flexible allowing users to setup their apm processes in as secure a method as possible.
+.PP
-+The following process types are defined for automount:
++The following process types are defined for apm:
+
+.EX
-+.B automount_t
++.B apm_t, apmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type apm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -3537,49 +4419,40 @@ index 0000000..df152ca
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), automount(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/avahi_selinux.8 b/man/man8/avahi_selinux.8
++selinux(8), apm(8), semanage(8), restorecon(8), chcon(1)
++, apmd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/apmd_selinux.8 b/man/man8/apmd_selinux.8
new file mode 100644
-index 0000000..ea58fab
+index 0000000..1897e70
--- /dev/null
-+++ b/man/man8/avahi_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "avahi_selinux" "8" "avahi" "dwalsh at redhat.com" "avahi SELinux Policy documentation"
++++ b/man/man8/apmd_selinux.8
+@@ -0,0 +1,224 @@
++.TH "apmd_selinux" "8" "apmd" "dwalsh at redhat.com" "apmd SELinux Policy documentation"
+.SH "NAME"
-+avahi_selinux \- Security Enhanced Linux Policy for the avahi processes
++apmd_selinux \- Security Enhanced Linux Policy for the apmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the avahi processes via flexible mandatory access
++Security-Enhanced Linux secures the apmd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. avahi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run avahi with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
-+
-+.EX
-+.B setsebool -P httpd_dbus_avahi 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the avahi_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the apmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the avahi_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the apmd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -3588,54 +4461,66 @@ index 0000000..ea58fab
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux avahi policy is very flexible allowing users to setup their avahi processes in as secure a method as possible.
++SELinux apmd policy is very flexible allowing users to setup their apmd processes in as secure a method as possible.
+.PP
-+The following file types are defined for avahi:
++The following file types are defined for apmd:
+
+
+.EX
+.PP
-+.B avahi_exec_t
++.B apmd_exec_t
+.EE
+
-+- Set files with the avahi_exec_t type, if you want to transition an executable to the avahi_t domain.
++- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/avahi-dnsconfd, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-daemon
++/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
+
+.EX
+.PP
-+.B avahi_initrc_exec_t
++.B apmd_lock_t
+.EE
+
-+- Set files with the avahi_initrc_exec_t type, if you want to transition an executable to the avahi_initrc_t domain.
++- Set files with the apmd_lock_t type, if you want to treat the files as apmd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B avahi_unit_file_t
++.B apmd_log_t
+.EE
+
-+- Set files with the avahi_unit_file_t type, if you want to treat the files as avahi unit content.
++- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B avahi_var_lib_t
++.B apmd_tmp_t
+.EE
+
-+- Set files with the avahi_var_lib_t type, if you want to store the avahi files under the /var/lib directory.
++- Set files with the apmd_tmp_t type, if you want to store apmd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B avahi_var_run_t
++.B apmd_unit_file_t
+.EE
+
-+- Set files with the avahi_var_run_t type, if you want to store the avahi files under the /run directory.
++- Set files with the apmd_unit_file_t type, if you want to treat the files as apmd unit content.
++
+
++.EX
++.PP
++.B apmd_var_run_t
++.EE
++
++- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -3650,117 +4535,105 @@ index 0000000..ea58fab
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux avahi policy is very flexible allowing users to setup their avahi processes in as secure a method as possible.
++SELinux apmd policy is very flexible allowing users to setup their apmd processes in as secure a method as possible.
+.PP
-+The following process types are defined for avahi:
++The following process types are defined for apmd:
+
+.EX
-+.B avahi_t
++.B apm_t, apmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++The SELinux user type apmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B adjtime_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++ /etc/adjtime
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), avahi(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/awstats_selinux.8 b/man/man8/awstats_selinux.8
-new file mode 100644
-index 0000000..a8d07a7
---- /dev/null
-+++ b/man/man8/awstats_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "awstats_selinux" "8" "awstats" "dwalsh at redhat.com" "awstats SELinux Policy documentation"
-+.SH "NAME"
-+awstats_selinux \- Security Enhanced Linux Policy for the awstats processes
-+.SH "DESCRIPTION"
++.br
++.B apmd_lock_t
+
-+Security-Enhanced Linux secures the awstats processes via flexible mandatory access
-+control.
+
-+.SH NSSWITCH DOMAIN
++.br
++.B apmd_log_t
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux awstats policy is very flexible allowing users to setup their awstats processes in as secure a method as possible.
-+.PP
-+The following file types are defined for awstats:
++ /var/log/acpid.*
++.br
+
++.br
++.B apmd_tmp_t
+
-+.EX
-+.PP
-+.B awstats_exec_t
-+.EE
+
-+- Set files with the awstats_exec_t type, if you want to transition an executable to the awstats_t domain.
++.br
++.B apmd_var_run_t
+
++ /var/run/\.?acpid\.socket
++.br
++ /var/run/apmd\.pid
++.br
++ /var/run/powersaved\.pid
++.br
++ /var/run/powersave_socket
++.br
+
-+.EX
-+.PP
-+.B awstats_tmp_t
-+.EE
++.br
++.B devicekit_var_log_t
+
-+- Set files with the awstats_tmp_t type, if you want to store awstats temporary files in the /tmp directories.
++ /var/log/pm-suspend\.log.*
++.br
++ /var/log/pm-powersave\.log.*
++.br
+
++.br
++.B devicekit_var_run_t
+
-+.EX
-+.PP
-+.B awstats_var_lib_t
-+.EE
++ /var/run/udisks.*
++.br
++ /var/run/devkit(/.*)?
++.br
++ /var/run/upower(/.*)?
++.br
++ /var/run/pm-utils(/.*)?
++.br
++ /var/run/DeviceKit-disks(/.*)?
++.br
+
-+- Set files with the awstats_var_lib_t type, if you want to store the awstats files under the /var/lib directory.
++.br
++.B initrc_var_run_t
+
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B sysctl_type
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux awstats policy is very flexible allowing users to setup their awstats processes in as secure a method as possible.
-+.PP
-+The following process types are defined for awstats:
+
-+.EX
-+.B awstats_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -3777,38 +4650,40 @@ index 0000000..a8d07a7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/bcfg2_selinux.8 b/man/man8/bcfg2_selinux.8
++selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1)
++, apm_selinux(8), apm_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/arpwatch_selinux.8 b/man/man8/arpwatch_selinux.8
new file mode 100644
-index 0000000..d1b1086
+index 0000000..37c1a20
--- /dev/null
-+++ b/man/man8/bcfg2_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "bcfg2_selinux" "8" "bcfg2" "dwalsh at redhat.com" "bcfg2 SELinux Policy documentation"
++++ b/man/man8/arpwatch_selinux.8
+@@ -0,0 +1,151 @@
++.TH "arpwatch_selinux" "8" "arpwatch" "dwalsh at redhat.com" "arpwatch SELinux Policy documentation"
+.SH "NAME"
-+bcfg2_selinux \- Security Enhanced Linux Policy for the bcfg2 processes
++arpwatch_selinux \- Security Enhanced Linux Policy for the arpwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bcfg2 processes via flexible mandatory access
++Security-Enhanced Linux secures the arpwatch processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bcfg2_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the arpwatch_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the bcfg2_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the arpwatch_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -3817,49 +4692,61 @@ index 0000000..d1b1086
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux bcfg2 policy is very flexible allowing users to setup their bcfg2 processes in as secure a method as possible.
++SELinux arpwatch policy is very flexible allowing users to setup their arpwatch processes in as secure a method as possible.
+.PP
-+The following file types are defined for bcfg2:
++The following file types are defined for arpwatch:
+
+
+.EX
+.PP
-+.B bcfg2_exec_t
++.B arpwatch_data_t
+.EE
+
-+- Set files with the bcfg2_exec_t type, if you want to transition an executable to the bcfg2_t domain.
++- Set files with the arpwatch_data_t type, if you want to treat the files as arpwatch content.
+
++.br
++.TP 5
++Paths:
++/var/arpwatch(/.*)?, /var/lib/arpwatch(/.*)?
+
+.EX
+.PP
-+.B bcfg2_initrc_exec_t
++.B arpwatch_exec_t
+.EE
+
-+- Set files with the bcfg2_initrc_exec_t type, if you want to transition an executable to the bcfg2_initrc_t domain.
++- Set files with the arpwatch_exec_t type, if you want to transition an executable to the arpwatch_t domain.
+
+
+.EX
+.PP
-+.B bcfg2_unit_file_t
++.B arpwatch_initrc_exec_t
+.EE
+
-+- Set files with the bcfg2_unit_file_t type, if you want to treat the files as bcfg2 unit content.
++- Set files with the arpwatch_initrc_exec_t type, if you want to transition an executable to the arpwatch_initrc_t domain.
+
+
+.EX
+.PP
-+.B bcfg2_var_lib_t
++.B arpwatch_tmp_t
+.EE
+
-+- Set files with the bcfg2_var_lib_t type, if you want to store the bcfg2 files under the /var/lib directory.
++- Set files with the arpwatch_tmp_t type, if you want to store arpwatch temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B bcfg2_var_run_t
++.B arpwatch_unit_file_t
+.EE
+
-+- Set files with the bcfg2_var_run_t type, if you want to store the bcfg2 files under the /run directory.
++- Set files with the arpwatch_unit_file_t type, if you want to treat the files as arpwatch unit content.
++
++
++.EX
++.PP
++.B arpwatch_var_run_t
++.EE
++
++- Set files with the arpwatch_var_run_t type, if you want to store the arpwatch files under the /run directory.
+
+
+.PP
@@ -3875,18 +4762,38 @@ index 0000000..d1b1086
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux bcfg2 policy is very flexible allowing users to setup their bcfg2 processes in as secure a method as possible.
++SELinux arpwatch policy is very flexible allowing users to setup their arpwatch processes in as secure a method as possible.
+.PP
-+The following process types are defined for bcfg2:
++The following process types are defined for arpwatch:
+
+.EX
-+.B bcfg2_t
++.B arpwatch_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type arpwatch_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B arpwatch_data_t
++
++ /var/arpwatch(/.*)?
++.br
++ /var/lib/arpwatch(/.*)?
++.br
++
++.br
++.B arpwatch_tmp_t
++
++
++.br
++.B arpwatch_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -3902,38 +4809,38 @@ index 0000000..d1b1086
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), bcfg2(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/bitlbee_selinux.8 b/man/man8/bitlbee_selinux.8
++selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/asterisk_selinux.8 b/man/man8/asterisk_selinux.8
new file mode 100644
-index 0000000..48184bf
+index 0000000..f22ac28
--- /dev/null
-+++ b/man/man8/bitlbee_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "bitlbee_selinux" "8" "bitlbee" "dwalsh at redhat.com" "bitlbee SELinux Policy documentation"
++++ b/man/man8/asterisk_selinux.8
+@@ -0,0 +1,215 @@
++.TH "asterisk_selinux" "8" "asterisk" "dwalsh at redhat.com" "asterisk SELinux Policy documentation"
+.SH "NAME"
-+bitlbee_selinux \- Security Enhanced Linux Policy for the bitlbee processes
++asterisk_selinux \- Security Enhanced Linux Policy for the asterisk processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bitlbee processes via flexible mandatory access
++Security-Enhanced Linux secures the asterisk processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bitlbee_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the asterisk_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the bitlbee_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the asterisk_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -3942,73 +4849,81 @@ index 0000000..48184bf
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux bitlbee policy is very flexible allowing users to setup their bitlbee processes in as secure a method as possible.
++SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
+.PP
-+The following file types are defined for bitlbee:
++The following file types are defined for asterisk:
+
+
+.EX
+.PP
-+.B bitlbee_conf_t
++.B asterisk_etc_t
+.EE
+
-+- Set files with the bitlbee_conf_t type, if you want to treat the files as bitlbee configuration data, usually stored under the /etc directory.
++- Set files with the asterisk_etc_t type, if you want to store asterisk files in the /etc directories.
+
+
+.EX
+.PP
-+.B bitlbee_exec_t
++.B asterisk_exec_t
+.EE
+
-+- Set files with the bitlbee_exec_t type, if you want to transition an executable to the bitlbee_t domain.
++- Set files with the asterisk_exec_t type, if you want to transition an executable to the asterisk_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/bitlbee, /usr/bin/bip
+
+.EX
+.PP
-+.B bitlbee_initrc_exec_t
++.B asterisk_initrc_exec_t
+.EE
+
-+- Set files with the bitlbee_initrc_exec_t type, if you want to transition an executable to the bitlbee_initrc_t domain.
++- Set files with the asterisk_initrc_exec_t type, if you want to transition an executable to the asterisk_initrc_t domain.
+
+
+.EX
+.PP
-+.B bitlbee_log_t
++.B asterisk_log_t
+.EE
+
-+- Set files with the bitlbee_log_t type, if you want to treat the data as bitlbee log data, usually stored under the /var/log directory.
++- Set files with the asterisk_log_t type, if you want to treat the data as asterisk log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B bitlbee_tmp_t
++.B asterisk_spool_t
+.EE
+
-+- Set files with the bitlbee_tmp_t type, if you want to store bitlbee temporary files in the /tmp directories.
++- Set files with the asterisk_spool_t type, if you want to store the asterisk files under the /var/spool directory.
+
+
+.EX
+.PP
-+.B bitlbee_var_run_t
++.B asterisk_tmp_t
+.EE
+
-+- Set files with the bitlbee_var_run_t type, if you want to store the bitlbee files under the /run directory.
++- Set files with the asterisk_tmp_t type, if you want to store asterisk temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/bitlbee\.pid, /var/run/bip(/.*)?, /var/run/bitlbee\.sock
+
+.EX
+.PP
-+.B bitlbee_var_t
++.B asterisk_tmpfs_t
+.EE
+
-+- Set files with the bitlbee_var_t type, if you want to store the bit files under the /var directory.
++- Set files with the asterisk_tmpfs_t type, if you want to store asterisk files on a tmpfs file system.
++
++
++.EX
++.PP
++.B asterisk_var_lib_t
++.EE
++
++- Set files with the asterisk_var_lib_t type, if you want to store the asterisk files under the /var/lib directory.
++
++
++.EX
++.PP
++.B asterisk_var_run_t
++.EE
++
++- Set files with the asterisk_var_run_t type, if you want to store the asterisk files under the /run directory.
+
+
+.PP
@@ -4018,24 +4933,85 @@ index 0000000..48184bf
+.B restorecon
+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
++.PP
++The following port types are defined for asterisk:
++
++.EX
++.TP 5
++.B asterisk_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 1720
++.EE
++udp 2427,2727,4569
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux bitlbee policy is very flexible allowing users to setup their bitlbee processes in as secure a method as possible.
++SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible.
+.PP
-+The following process types are defined for bitlbee:
++The following process types are defined for asterisk:
+
+.EX
-+.B bitlbee_t
++.B asterisk_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type asterisk_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B asterisk_log_t
++
++ /var/log/asterisk(/.*)?
++.br
++
++.br
++.B asterisk_spool_t
++
++ /var/spool/asterisk(/.*)?
++.br
++
++.br
++.B asterisk_tmp_t
++
++
++.br
++.B asterisk_tmpfs_t
++
++
++.br
++.B asterisk_var_lib_t
++
++ /var/lib/asterisk(/.*)?
++.br
++
++.br
++.B asterisk_var_run_t
++
++ /var/run/asterisk(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4046,41 +5022,47 @@ index 0000000..48184bf
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/blktap_selinux.8 b/man/man8/blktap_selinux.8
++selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/audisp_remote_selinux.8 b/man/man8/audisp_remote_selinux.8
new file mode 100644
-index 0000000..e108b84
+index 0000000..5e77d53
--- /dev/null
-+++ b/man/man8/blktap_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "blktap_selinux" "8" "blktap" "dwalsh at redhat.com" "blktap SELinux Policy documentation"
++++ b/man/man8/audisp_remote_selinux.8
+@@ -0,0 +1,110 @@
++.TH "audisp_remote_selinux" "8" "audisp_remote" "dwalsh at redhat.com" "audisp_remote SELinux Policy documentation"
+.SH "NAME"
-+blktap_selinux \- Security Enhanced Linux Policy for the blktap processes
++audisp_remote_selinux \- Security Enhanced Linux Policy for the audisp_remote processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the blktap processes via flexible mandatory access
++Security-Enhanced Linux secures the audisp_remote processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. blktap policy is extremely flexible and has several booleans that allow you to manipulate the policy and run blktap with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the audisp_remote_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P xend_run_blktap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH NSSWITCH DOMAIN
++.PP
++If you want to allow confined applications to run with kerberos for the audisp_remote_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -4088,30 +5070,22 @@ index 0000000..e108b84
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux blktap policy is very flexible allowing users to setup their blktap processes in as secure a method as possible.
++SELinux audisp_remote policy is very flexible allowing users to setup their audisp_remote processes in as secure a method as possible.
+.PP
-+The following file types are defined for blktap:
++The following file types are defined for audisp_remote:
+
+
+.EX
+.PP
-+.B blktap_exec_t
++.B audisp_remote_exec_t
+.EE
+
-+- Set files with the blktap_exec_t type, if you want to transition an executable to the blktap_t domain.
++- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/blktapctrl, /usr/sbin/tapdisk
-+
-+.EX
-+.PP
-+.B blktap_var_run_t
-+.EE
-+
-+- Set files with the blktap_var_run_t type, if you want to store the blktap files under the /run directory.
-+
++/usr/sbin/audisp-remote, /sbin/audisp-remote
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -4126,18 +5100,36 @@ index 0000000..e108b84
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux blktap policy is very flexible allowing users to setup their blktap processes in as secure a method as possible.
++SELinux audisp_remote policy is very flexible allowing users to setup their audisp_remote processes in as secure a method as possible.
+.PP
-+The following process types are defined for blktap:
++The following process types are defined for audisp_remote:
+
+.EX
-+.B blktap_t
++.B audisp_remote_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type audisp_remote_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B audit_spool_t
++
++ /var/spool/audit(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4148,48 +5140,45 @@ index 0000000..e108b84
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), blktap(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), audisp_remote(8), semanage(8), restorecon(8), chcon(1)
++, audisp_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/blueman_selinux.8 b/man/man8/blueman_selinux.8
+diff --git a/man/man8/audisp_selinux.8 b/man/man8/audisp_selinux.8
new file mode 100644
-index 0000000..959caf2
+index 0000000..9bc2244
--- /dev/null
-+++ b/man/man8/blueman_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "blueman_selinux" "8" "blueman" "dwalsh at redhat.com" "blueman SELinux Policy documentation"
++++ b/man/man8/audisp_selinux.8
+@@ -0,0 +1,116 @@
++.TH "audisp_selinux" "8" "audisp" "dwalsh at redhat.com" "audisp SELinux Policy documentation"
+.SH "NAME"
-+blueman_selinux \- Security Enhanced Linux Policy for the blueman processes
++audisp_selinux \- Security Enhanced Linux Policy for the audisp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the blueman processes via flexible mandatory access
++Security-Enhanced Linux secures the audisp processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the blueman_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the audisp_t, audisp_remote_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the blueman_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the audisp_t, audisp_remote_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -4198,25 +5187,41 @@ index 0000000..959caf2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux blueman policy is very flexible allowing users to setup their blueman processes in as secure a method as possible.
++SELinux audisp policy is very flexible allowing users to setup their audisp processes in as secure a method as possible.
+.PP
-+The following file types are defined for blueman:
++The following file types are defined for audisp:
+
+
+.EX
+.PP
-+.B blueman_exec_t
++.B audisp_exec_t
+.EE
+
-+- Set files with the blueman_exec_t type, if you want to transition an executable to the blueman_t domain.
++- Set files with the audisp_exec_t type, if you want to transition an executable to the audisp_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/audispd, /usr/sbin/audispd
+
+.EX
+.PP
-+.B blueman_var_lib_t
++.B audisp_remote_exec_t
+.EE
+
-+- Set files with the blueman_var_lib_t type, if you want to store the blueman files under the /var/lib directory.
++- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/audisp-remote, /sbin/audisp-remote
++
++.EX
++.PP
++.B audisp_var_run_t
++.EE
++
++- Set files with the audisp_var_run_t type, if you want to store the audisp files under the /run directory.
+
+
+.PP
@@ -4232,18 +5237,22 @@ index 0000000..959caf2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux blueman policy is very flexible allowing users to setup their blueman processes in as secure a method as possible.
++SELinux audisp policy is very flexible allowing users to setup their audisp processes in as secure a method as possible.
+.PP
-+The following process types are defined for blueman:
++The following process types are defined for audisp:
+
+.EX
-+.B blueman_t
++.B audisp_remote_t, audisp_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type audisp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4259,169 +5268,272 @@ index 0000000..959caf2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/bluetooth_selinux.8 b/man/man8/bluetooth_selinux.8
++selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1)
++, audisp_remote_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/auditadm_selinux.8 b/man/man8/auditadm_selinux.8
new file mode 100644
-index 0000000..bf19998
+index 0000000..806bb9d
--- /dev/null
-+++ b/man/man8/bluetooth_selinux.8
-@@ -0,0 +1,202 @@
-+.TH "bluetooth_selinux" "8" "bluetooth" "dwalsh at redhat.com" "bluetooth SELinux Policy documentation"
++++ b/man/man8/auditadm_selinux.8
+@@ -0,0 +1,216 @@
++.TH "auditadm_selinux" "8" "auditadm" "mgrepl at redhat.com" "auditadm SELinux Policy documentation"
+.SH "NAME"
-+bluetooth_selinux \- Security Enhanced Linux Policy for the bluetooth processes
-+.SH "DESCRIPTION"
++auditadm_r \- \fBAudit administrator role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the bluetooth processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. bluetooth policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bluetooth with the tightest access possible.
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
+
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
+
-+.PP
-+If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
+
-+.EX
-+.B setsebool -P xguest_use_bluetooth 1
-+.EE
++The default type for the auditadm_r role is auditadm_t.
+
-+.SH NSSWITCH DOMAIN
++The
++.B newrole
++program to transition directly to this role.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bluetooth_t, bluetooth_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.B newrole -r auditadm_r -t auditadm_t
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to auditadm_r by adding a similar line to the /etc/sudoers file.
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the bluetooth_t, bluetooth_helper_t, you must turn on the kerberos_enabled boolean.
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.br
++sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux bluetooth policy is very flexible allowing users to setup their bluetooth processes in as secure a method as possible.
-+.PP
-+The following file types are defined for bluetooth:
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach auditadm_r role.
+
++Execute the following to see all of the assigned SELinux roles:
+
-+.EX
-+.PP
-+.B bluetooth_conf_rw_t
-+.EE
++.B semanage user -l
+
-+- Set files with the bluetooth_conf_rw_t type, if you want to treat the files as bluetooth conf read/write content.
++You need to add auditadm_r to the staff_u user. You could setup the staff_u user to be able to use the auditadm_r role with a command like:
+
++.B $ semanage user -m -R 'staff_r system_r auditadm_r' staff_u
+
-+.EX
-+.PP
-+.B bluetooth_conf_t
-+.EE
+
-+- Set files with the bluetooth_conf_t type, if you want to treat the files as bluetooth configuration data, usually stored under the /etc directory.
+
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
+
-+.EX
-+.PP
-+.B bluetooth_exec_t
-+.EE
++.B sesearch --role_allow
+
-+- Set files with the bluetooth_exec_t type, if you want to transition an executable to the bluetooth_t domain.
++SELinux policy allows the sysadm_r, secadm_r, staff_r roles can transition to the auditadm_r role.
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type auditadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/hcid, /usr/bin/rfcomm, /usr/sbin/sdpd, /usr/bin/hidd, /usr/sbin/bluetoothd, /usr/sbin/hid2hci, /usr/bin/dund, /usr/sbin/hciattach
++.B anon_inodefs_t
+
-+.EX
-+.PP
-+.B bluetooth_helper_exec_t
-+.EE
+
-+- Set files with the bluetooth_helper_exec_t type, if you want to transition an executable to the bluetooth_helper_t domain.
++.br
++.B auditd_etc_t
+
++ /etc/audit(/.*)?
++.br
+
-+.EX
-+.PP
-+.B bluetooth_helper_tmp_t
-+.EE
++.br
++.B auditd_log_t
+
-+- Set files with the bluetooth_helper_tmp_t type, if you want to store bluetooth helper temporary files in the /tmp directories.
++ /var/log/audit(/.*)?
++.br
++ /var/log/audit\.log
++.br
++
++.br
++.B auth_cache_t
+
++ /var/cache/coolkey(/.*)?
++.br
+
-+.EX
-+.PP
-+.B bluetooth_helper_tmpfs_t
-+.EE
++.br
++.B cgroup_t
+
-+- Set files with the bluetooth_helper_tmpfs_t type, if you want to store bluetooth helper files on a tmpfs file system.
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
+
++.br
++.B chrome_sandbox_tmpfs_t
+
-+.EX
-+.PP
-+.B bluetooth_initrc_exec_t
-+.EE
+
-+- Set files with the bluetooth_initrc_exec_t type, if you want to transition an executable to the bluetooth_initrc_t domain.
++.br
++.B games_data_t
+
++ /var/games(/.*)?
++.br
++ /var/lib/games(/.*)?
+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/pand
+
-+.EX
-+.PP
-+.B bluetooth_lock_t
-+.EE
++.br
++.B gpg_agent_tmp_t
+
-+- Set files with the bluetooth_lock_t type, if you want to treat the files as bluetooth lock data, stored under the /var/lock directory
++ /home/[^/]*/\.gnupg/log-socket
++.br
+
++.br
++.B mail_spool_t
+
-+.EX
-+.PP
-+.B bluetooth_tmp_t
-+.EE
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
+
-+- Set files with the bluetooth_tmp_t type, if you want to store bluetooth temporary files in the /tmp directories.
++.br
++.B mqueue_spool_t
+
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
+
-+.EX
-+.PP
-+.B bluetooth_unit_file_t
-+.EE
++.br
++.B nfsd_rw_t
+
-+- Set files with the bluetooth_unit_file_t type, if you want to treat the files as bluetooth unit content.
+
++.br
++.B noxattrfs
+
-+.EX
++ all files on file systems which do not support extended attributes
++.br
++
++.br
++.B screen_home_t
++
++ /root/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screenrc
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B usbfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B bluetooth_var_lib_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the bluetooth_var_lib_t type, if you want to store the bluetooth files under the /var/lib directory.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), auditadm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/auditctl_selinux.8 b/man/man8/auditctl_selinux.8
+new file mode 100644
+index 0000000..d116600
+--- /dev/null
++++ b/man/man8/auditctl_selinux.8
+@@ -0,0 +1,81 @@
++.TH "auditctl_selinux" "8" "auditctl" "dwalsh at redhat.com" "auditctl SELinux Policy documentation"
++.SH "NAME"
++auditctl_selinux \- Security Enhanced Linux Policy for the auditctl processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the auditctl processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux auditctl policy is very flexible allowing users to setup their auditctl processes in as secure a method as possible.
++.PP
++The following file types are defined for auditctl:
+
+
+.EX
+.PP
-+.B bluetooth_var_run_t
++.B auditctl_exec_t
+.EE
+
-+- Set files with the bluetooth_var_run_t type, if you want to store the bluetooth files under the /run directory.
++- Set files with the auditctl_exec_t type, if you want to transition an executable to the auditctl_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/bluetoothd_address, /var/run/sdp
++/sbin/auditctl, /usr/sbin/auditctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -4436,18 +5548,22 @@ index 0000000..bf19998
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux bluetooth policy is very flexible allowing users to setup their bluetooth processes in as secure a method as possible.
++SELinux auditctl policy is very flexible allowing users to setup their auditctl processes in as secure a method as possible.
+.PP
-+The following process types are defined for bluetooth:
++The following process types are defined for auditctl:
+
+.EX
-+.B bluetooth_helper_t, bluetooth_t
++.B auditctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type auditctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4458,122 +5574,115 @@ index 0000000..bf19998
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), bluetooth(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/boinc_selinux.8 b/man/man8/boinc_selinux.8
++selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/auditd_selinux.8 b/man/man8/auditd_selinux.8
new file mode 100644
-index 0000000..a5fad86
+index 0000000..4de1732
--- /dev/null
-+++ b/man/man8/boinc_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "boinc_selinux" "8" "boinc" "dwalsh at redhat.com" "boinc SELinux Policy documentation"
++++ b/man/man8/auditd_selinux.8
+@@ -0,0 +1,200 @@
++.TH "auditd_selinux" "8" "auditd" "dwalsh at redhat.com" "auditd SELinux Policy documentation"
+.SH "NAME"
-+boinc_selinux \- Security Enhanced Linux Policy for the boinc processes
++auditd_selinux \- Security Enhanced Linux Policy for the auditd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the boinc processes via flexible mandatory access
++Security-Enhanced Linux secures the auditd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
-+.PP
-+The following file types are defined for boinc:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the auditadm_t, auditadm_gkeyringd_t, auditadm_su_t, auditd_t, auditadm_sudo_t, auditadm_screen_t, auditadm_wine_t, auditadm_seunshare_t, auditadm_dbusd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B boinc_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the boinc_exec_t type, if you want to transition an executable to the boinc_t domain.
-+
-+
-+.EX
+.PP
-+.B boinc_initrc_exec_t
-+.EE
-+
-+- Set files with the boinc_initrc_exec_t type, if you want to transition an executable to the boinc_initrc_t domain.
-+
++If you want to allow confined applications to run with kerberos for the auditadm_t, auditadm_gkeyringd_t, auditadm_su_t, auditd_t, auditadm_sudo_t, auditadm_screen_t, auditadm_wine_t, auditadm_seunshare_t, auditadm_dbusd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B boinc_log_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the boinc_log_t type, if you want to treat the data as boinc log data, usually stored under the /var/log directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
++.PP
++The following file types are defined for auditd:
+
+
+.EX
+.PP
-+.B boinc_project_tmp_t
++.B auditd_etc_t
+.EE
+
-+- Set files with the boinc_project_tmp_t type, if you want to store boinc project temporary files in the /tmp directories.
++- Set files with the auditd_etc_t type, if you want to store auditd files in the /etc directories.
+
+
+.EX
+.PP
-+.B boinc_project_var_lib_t
++.B auditd_exec_t
+.EE
+
-+- Set files with the boinc_project_var_lib_t type, if you want to store the boinc project files under the /var/lib directory.
++- Set files with the auditd_exec_t type, if you want to transition an executable to the auditd_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/boinc/projects(/.*)?, /var/lib/boinc/slots(/.*)?
++/sbin/auditd, /usr/sbin/auditd
+
+.EX
+.PP
-+.B boinc_tmp_t
++.B auditd_initrc_exec_t
+.EE
+
-+- Set files with the boinc_tmp_t type, if you want to store boinc temporary files in the /tmp directories.
++- Set files with the auditd_initrc_exec_t type, if you want to transition an executable to the auditd_initrc_t domain.
+
+
+.EX
+.PP
-+.B boinc_tmpfs_t
++.B auditd_log_t
+.EE
+
-+- Set files with the boinc_tmpfs_t type, if you want to store boinc files on a tmpfs file system.
++- Set files with the auditd_log_t type, if you want to treat the data as auditd log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/audit(/.*)?, /var/log/audit\.log
+
+.EX
+.PP
-+.B boinc_unit_file_t
++.B auditd_unit_file_t
+.EE
+
-+- Set files with the boinc_unit_file_t type, if you want to treat the files as boinc unit content.
++- Set files with the auditd_unit_file_t type, if you want to treat the files as auditd unit content.
+
+
+.EX
+.PP
-+.B boinc_var_lib_t
++.B auditd_var_run_t
+.EE
+
-+- Set files with the boinc_var_lib_t type, if you want to store the boinc files under the /var/lib directory.
++- Set files with the auditd_var_run_t type, if you want to store the auditd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/audit_events, /var/run/auditd_sock, /var/run/auditd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -4591,30 +5700,19 @@ index 0000000..a5fad86
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
++SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
+.PP
-+The following port types are defined for boinc:
-+
-+.EX
-+.TP 5
-+.B boinc_client_ctrl_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1043
-+.EE
++The following port types are defined for auditd:
+
+.EX
+.TP 5
-+.B boinc_port_t
++.B audit_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 31416
++tcp 60
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -4622,18 +5720,52 @@ index 0000000..a5fad86
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
++SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible.
+.PP
-+The following process types are defined for boinc:
++The following process types are defined for auditd:
+
+.EX
-+.B boinc_t, boinc_project_t
++.B auditadm_su_t, auditadm_seunshare_t, auditadm_dbusd_t, auditadm_t, auditadm_sudo_t, auditadm_wine_t, auditadm_screen_t, auditadm_gkeyringd_t, auditd_t, auditctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type auditd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auditd_log_t
++
++ /var/log/audit(/.*)?
++.br
++ /var/log/audit\.log
++.br
++
++.br
++.B auditd_var_run_t
++
++ /var/run/auditd\.pid
++.br
++ /var/run/auditd_sock
++.br
++ /var/run/audit_events
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4652,49 +5784,40 @@ index 0000000..a5fad86
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/bootloader_selinux.8 b/man/man8/bootloader_selinux.8
++selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1)
++, auditadm_selinux(8), auditctl_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/automount_selinux.8 b/man/man8/automount_selinux.8
new file mode 100644
-index 0000000..6a3deb4
+index 0000000..93421fc
--- /dev/null
-+++ b/man/man8/bootloader_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "bootloader_selinux" "8" "bootloader" "dwalsh at redhat.com" "bootloader SELinux Policy documentation"
++++ b/man/man8/automount_selinux.8
+@@ -0,0 +1,167 @@
++.TH "automount_selinux" "8" "automount" "dwalsh at redhat.com" "automount SELinux Policy documentation"
+.SH "NAME"
-+bootloader_selinux \- Security Enhanced Linux Policy for the bootloader processes
++automount_selinux \- Security Enhanced Linux Policy for the automount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bootloader processes via flexible mandatory access
++Security-Enhanced Linux secures the automount processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. bootloader policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bootloader with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
-+
-+.EX
-+.B setsebool -P xdm_exec_bootloader 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bootloader_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the automount_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the bootloader_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the automount_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -4703,49 +5826,69 @@ index 0000000..6a3deb4
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux bootloader policy is very flexible allowing users to setup their bootloader processes in as secure a method as possible.
++SELinux automount policy is very flexible allowing users to setup their automount processes in as secure a method as possible.
+.PP
-+The following file types are defined for bootloader:
++The following file types are defined for automount:
+
+
+.EX
+.PP
-+.B bootloader_etc_t
++.B automount_exec_t
+.EE
+
-+- Set files with the bootloader_etc_t type, if you want to store bootloader files in the /etc directories.
++- Set files with the automount_exec_t type, if you want to transition an executable to the automount_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/zipl\.conf.*, /etc/yaboot\.conf.*, /etc/default/grub, /etc/lilo\.conf.*
++/usr/sbin/automount, /etc/apm/event\.d/autofs
+
+.EX
+.PP
-+.B bootloader_exec_t
++.B automount_initrc_exec_t
+.EE
+
-+- Set files with the bootloader_exec_t type, if you want to transition an executable to the bootloader_t domain.
++- Set files with the automount_initrc_exec_t type, if you want to transition an executable to the automount_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ybin.*, /usr/sbin/zipl, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/lilo.*, /sbin/grub.*, /sbin/zipl, /usr/sbin/grub.*
+
+.EX
+.PP
-+.B bootloader_tmp_t
++.B automount_keytab_t
+.EE
+
-+- Set files with the bootloader_tmp_t type, if you want to store bootloader temporary files in the /tmp directories.
++- Set files with the automount_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B bootloader_var_run_t
++.B automount_lock_t
+.EE
+
-+- Set files with the bootloader_var_run_t type, if you want to store the bootloader files under the /run directory.
++- Set files with the automount_lock_t type, if you want to treat the files as automount lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B automount_tmp_t
++.EE
++
++- Set files with the automount_tmp_t type, if you want to store automount temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B automount_unit_file_t
++.EE
++
++- Set files with the automount_unit_file_t type, if you want to treat the files as automount unit content.
++
++
++.EX
++.PP
++.B automount_var_run_t
++.EE
++
++- Set files with the automount_var_run_t type, if you want to store the automount files under the /run directory.
+
+
+.PP
@@ -4761,18 +5904,46 @@ index 0000000..6a3deb4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux bootloader policy is very flexible allowing users to setup their bootloader processes in as secure a method as possible.
++SELinux automount policy is very flexible allowing users to setup their automount processes in as secure a method as possible.
+.PP
-+The following process types are defined for bootloader:
++The following process types are defined for automount:
+
+.EX
-+.B bootloader_t
++.B automount_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type automount_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B automount_lock_t
++
++
++.br
++.B automount_tmp_t
++
++
++.br
++.B automount_var_run_t
++
++ /var/run/autofs.*
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4783,53 +5954,109 @@ index 0000000..6a3deb4
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), bootloader(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/brctl_selinux.8 b/man/man8/brctl_selinux.8
++selinux(8), automount(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/avahi_selinux.8 b/man/man8/avahi_selinux.8
new file mode 100644
-index 0000000..dbbebfb
+index 0000000..fef76fe
--- /dev/null
-+++ b/man/man8/brctl_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "brctl_selinux" "8" "brctl" "dwalsh at redhat.com" "brctl SELinux Policy documentation"
++++ b/man/man8/avahi_selinux.8
+@@ -0,0 +1,180 @@
++.TH "avahi_selinux" "8" "avahi" "dwalsh at redhat.com" "avahi SELinux Policy documentation"
+.SH "NAME"
-+brctl_selinux \- Security Enhanced Linux Policy for the brctl processes
++avahi_selinux \- Security Enhanced Linux Policy for the avahi processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the brctl processes via flexible mandatory access
++Security-Enhanced Linux secures the avahi processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. avahi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run avahi with the tightest access possible.
++
++
++.PP
++If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
++
++.EX
++.B setsebool -P httpd_dbus_avahi 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the avahi_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the avahi_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux brctl policy is very flexible allowing users to setup their brctl processes in as secure a method as possible.
++SELinux avahi policy is very flexible allowing users to setup their avahi processes in as secure a method as possible.
+.PP
-+The following file types are defined for brctl:
++The following file types are defined for avahi:
+
+
+.EX
+.PP
-+.B brctl_exec_t
++.B avahi_exec_t
+.EE
+
-+- Set files with the brctl_exec_t type, if you want to transition an executable to the brctl_t domain.
++- Set files with the avahi_exec_t type, if you want to transition an executable to the avahi_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/avahi-dnsconfd, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-daemon
++
++.EX
++.PP
++.B avahi_initrc_exec_t
++.EE
++
++- Set files with the avahi_initrc_exec_t type, if you want to transition an executable to the avahi_initrc_t domain.
++
++
++.EX
++.PP
++.B avahi_unit_file_t
++.EE
++
++- Set files with the avahi_unit_file_t type, if you want to treat the files as avahi unit content.
++
++
++.EX
++.PP
++.B avahi_var_lib_t
++.EE
++
++- Set files with the avahi_var_lib_t type, if you want to store the avahi files under the /var/lib directory.
++
++
++.EX
++.PP
++.B avahi_var_run_t
++.EE
++
++- Set files with the avahi_var_run_t type, if you want to store the avahi files under the /run directory.
+
+
+.PP
@@ -4845,18 +6072,60 @@ index 0000000..dbbebfb
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux brctl policy is very flexible allowing users to setup their brctl processes in as secure a method as possible.
++SELinux avahi policy is very flexible allowing users to setup their avahi processes in as secure a method as possible.
+.PP
-+The following process types are defined for brctl:
++The following process types are defined for avahi:
+
+.EX
-+.B brctl_t
++.B avahi_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type avahi_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B avahi_var_lib_t
++
++ /var/lib/avahi-autoipd(/.*)?
++.br
++
++.br
++.B avahi_var_run_t
++
++ /var/run/avahi-daemon(/.*)?
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4867,27 +6136,32 @@ index 0000000..dbbebfb
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cachefilesd_selinux.8 b/man/man8/cachefilesd_selinux.8
++selinux(8), avahi(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/awstats_selinux.8 b/man/man8/awstats_selinux.8
new file mode 100644
-index 0000000..9043116
+index 0000000..4b41b25
--- /dev/null
-+++ b/man/man8/cachefilesd_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "cachefilesd_selinux" "8" "cachefilesd" "dwalsh at redhat.com" "cachefilesd SELinux Policy documentation"
++++ b/man/man8/awstats_selinux.8
+@@ -0,0 +1,103 @@
++.TH "awstats_selinux" "8" "awstats" "dwalsh at redhat.com" "awstats SELinux Policy documentation"
+.SH "NAME"
-+cachefilesd_selinux \- Security Enhanced Linux Policy for the cachefilesd processes
++awstats_selinux \- Security Enhanced Linux Policy for the awstats processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cachefilesd processes via flexible mandatory access
++Security-Enhanced Linux secures the awstats processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -4898,29 +6172,33 @@ index 0000000..9043116
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cachefilesd policy is very flexible allowing users to setup their cachefilesd processes in as secure a method as possible.
++SELinux awstats policy is very flexible allowing users to setup their awstats processes in as secure a method as possible.
+.PP
-+The following file types are defined for cachefilesd:
++The following file types are defined for awstats:
+
+
+.EX
+.PP
-+.B cachefilesd_exec_t
++.B awstats_exec_t
+.EE
+
-+- Set files with the cachefilesd_exec_t type, if you want to transition an executable to the cachefilesd_t domain.
++- Set files with the awstats_exec_t type, if you want to transition an executable to the awstats_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cachefilesd, /usr/sbin/cachefilesd
+
+.EX
+.PP
-+.B cachefilesd_var_run_t
++.B awstats_tmp_t
+.EE
+
-+- Set files with the cachefilesd_var_run_t type, if you want to store the cachefilesd files under the /run directory.
++- Set files with the awstats_tmp_t type, if you want to store awstats temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B awstats_var_lib_t
++.EE
++
++- Set files with the awstats_var_lib_t type, if you want to store the awstats files under the /var/lib directory.
+
+
+.PP
@@ -4936,18 +6214,32 @@ index 0000000..9043116
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cachefilesd policy is very flexible allowing users to setup their cachefilesd processes in as secure a method as possible.
++SELinux awstats policy is very flexible allowing users to setup their awstats processes in as secure a method as possible.
+.PP
-+The following process types are defined for cachefilesd:
++The following process types are defined for awstats:
+
+.EX
-+.B cachefilesd_t, cachefiles_kernel_t
++.B awstats_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type awstats_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B awstats_tmp_t
++
++
++.br
++.B awstats_var_lib_t
++
++ /var/lib/awstats(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -4963,38 +6255,38 @@ index 0000000..9043116
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/calamaris_selinux.8 b/man/man8/calamaris_selinux.8
++selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/bcfg2_selinux.8 b/man/man8/bcfg2_selinux.8
new file mode 100644
-index 0000000..61353ef
+index 0000000..dc59fbe
--- /dev/null
-+++ b/man/man8/calamaris_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "calamaris_selinux" "8" "calamaris" "dwalsh at redhat.com" "calamaris SELinux Policy documentation"
++++ b/man/man8/bcfg2_selinux.8
+@@ -0,0 +1,135 @@
++.TH "bcfg2_selinux" "8" "bcfg2" "dwalsh at redhat.com" "bcfg2 SELinux Policy documentation"
+.SH "NAME"
-+calamaris_selinux \- Security Enhanced Linux Policy for the calamaris processes
++bcfg2_selinux \- Security Enhanced Linux Policy for the bcfg2 processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the calamaris processes via flexible mandatory access
++Security-Enhanced Linux secures the bcfg2 processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the calamaris_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bcfg2_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the calamaris_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the bcfg2_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -5003,33 +6295,49 @@ index 0000000..61353ef
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux calamaris policy is very flexible allowing users to setup their calamaris processes in as secure a method as possible.
++SELinux bcfg2 policy is very flexible allowing users to setup their bcfg2 processes in as secure a method as possible.
+.PP
-+The following file types are defined for calamaris:
++The following file types are defined for bcfg2:
+
+
+.EX
+.PP
-+.B calamaris_exec_t
++.B bcfg2_exec_t
+.EE
+
-+- Set files with the calamaris_exec_t type, if you want to transition an executable to the calamaris_t domain.
++- Set files with the bcfg2_exec_t type, if you want to transition an executable to the bcfg2_t domain.
+
+
+.EX
+.PP
-+.B calamaris_log_t
++.B bcfg2_initrc_exec_t
+.EE
+
-+- Set files with the calamaris_log_t type, if you want to treat the data as calamaris log data, usually stored under the /var/log directory.
++- Set files with the bcfg2_initrc_exec_t type, if you want to transition an executable to the bcfg2_initrc_t domain.
+
+
+.EX
+.PP
-+.B calamaris_www_t
++.B bcfg2_unit_file_t
+.EE
+
-+- Set files with the calamaris_www_t type, if you want to treat the files as calamaris www data.
++- Set files with the bcfg2_unit_file_t type, if you want to treat the files as bcfg2 unit content.
++
++
++.EX
++.PP
++.B bcfg2_var_lib_t
++.EE
++
++- Set files with the bcfg2_var_lib_t type, if you want to store the bcfg2 files under the /var/lib directory.
++
++
++.EX
++.PP
++.B bcfg2_var_run_t
++.EE
++
++- Set files with the bcfg2_var_run_t type, if you want to store the bcfg2 files under the /run directory.
+
+
+.PP
@@ -5045,18 +6353,34 @@ index 0000000..61353ef
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux calamaris policy is very flexible allowing users to setup their calamaris processes in as secure a method as possible.
++SELinux bcfg2 policy is very flexible allowing users to setup their bcfg2 processes in as secure a method as possible.
+.PP
-+The following process types are defined for calamaris:
++The following process types are defined for bcfg2:
+
+.EX
-+.B calamaris_t
++.B bcfg2_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type bcfg2_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B bcfg2_var_lib_t
++
++ /var/lib/bcfg2(/.*)?
++.br
++
++.br
++.B bcfg2_var_run_t
++
++ /var/run/bcfg2-server\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5072,38 +6396,38 @@ index 0000000..61353ef
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/callweaver_selinux.8 b/man/man8/callweaver_selinux.8
++selinux(8), bcfg2(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/bitlbee_selinux.8 b/man/man8/bitlbee_selinux.8
new file mode 100644
-index 0000000..5966166
+index 0000000..931cb6d
--- /dev/null
-+++ b/man/man8/callweaver_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "callweaver_selinux" "8" "callweaver" "dwalsh at redhat.com" "callweaver SELinux Policy documentation"
++++ b/man/man8/bitlbee_selinux.8
+@@ -0,0 +1,173 @@
++.TH "bitlbee_selinux" "8" "bitlbee" "dwalsh at redhat.com" "bitlbee SELinux Policy documentation"
+.SH "NAME"
-+callweaver_selinux \- Security Enhanced Linux Policy for the callweaver processes
++bitlbee_selinux \- Security Enhanced Linux Policy for the bitlbee processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the callweaver processes via flexible mandatory access
++Security-Enhanced Linux secures the bitlbee processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the callweaver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bitlbee_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the callweaver_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the bitlbee_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -5112,57 +6436,73 @@ index 0000000..5966166
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux callweaver policy is very flexible allowing users to setup their callweaver processes in as secure a method as possible.
++SELinux bitlbee policy is very flexible allowing users to setup their bitlbee processes in as secure a method as possible.
+.PP
-+The following file types are defined for callweaver:
++The following file types are defined for bitlbee:
+
+
+.EX
+.PP
-+.B callweaver_exec_t
++.B bitlbee_conf_t
+.EE
+
-+- Set files with the callweaver_exec_t type, if you want to transition an executable to the callweaver_t domain.
++- Set files with the bitlbee_conf_t type, if you want to treat the files as bitlbee configuration data, usually stored under the /etc directory.
+
+
+.EX
+.PP
-+.B callweaver_initrc_exec_t
++.B bitlbee_exec_t
+.EE
+
-+- Set files with the callweaver_initrc_exec_t type, if you want to transition an executable to the callweaver_initrc_t domain.
++- Set files with the bitlbee_exec_t type, if you want to transition an executable to the bitlbee_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/bitlbee, /usr/bin/bip
+
+.EX
+.PP
-+.B callweaver_log_t
++.B bitlbee_initrc_exec_t
+.EE
+
-+- Set files with the callweaver_log_t type, if you want to treat the data as callweaver log data, usually stored under the /var/log directory.
++- Set files with the bitlbee_initrc_exec_t type, if you want to transition an executable to the bitlbee_initrc_t domain.
+
+
+.EX
+.PP
-+.B callweaver_spool_t
++.B bitlbee_log_t
+.EE
+
-+- Set files with the callweaver_spool_t type, if you want to store the callweaver files under the /var/spool directory.
++- Set files with the bitlbee_log_t type, if you want to treat the data as bitlbee log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B callweaver_var_lib_t
++.B bitlbee_tmp_t
+.EE
+
-+- Set files with the callweaver_var_lib_t type, if you want to store the callweaver files under the /var/lib directory.
++- Set files with the bitlbee_tmp_t type, if you want to store bitlbee temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B callweaver_var_run_t
++.B bitlbee_var_run_t
+.EE
+
-+- Set files with the callweaver_var_run_t type, if you want to store the callweaver files under the /run directory.
++- Set files with the bitlbee_var_run_t type, if you want to store the bitlbee files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/bitlbee\.pid, /var/run/bip(/.*)?, /var/run/bitlbee\.sock
++
++.EX
++.PP
++.B bitlbee_var_t
++.EE
++
++- Set files with the bitlbee_var_t type, if you want to store the bit files under the /var directory.
+
+
+.PP
@@ -5178,18 +6518,48 @@ index 0000000..5966166
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux callweaver policy is very flexible allowing users to setup their callweaver processes in as secure a method as possible.
++SELinux bitlbee policy is very flexible allowing users to setup their bitlbee processes in as secure a method as possible.
+.PP
-+The following process types are defined for callweaver:
++The following process types are defined for bitlbee:
+
+.EX
-+.B callweaver_t
++.B bitlbee_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type bitlbee_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B bitlbee_log_t
++
++ /var/log/bip(/.*)?
++.br
++
++.br
++.B bitlbee_tmp_t
++
++
++.br
++.B bitlbee_var_run_t
++
++ /var/run/bip(/.*)?
++.br
++ /var/run/bitlbee\.pid
++.br
++ /var/run/bitlbee\.sock
++.br
++
++.br
++.B bitlbee_var_t
++
++ /var/lib/bitlbee(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5205,24 +6575,35 @@ index 0000000..5966166
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/canna_selinux.8 b/man/man8/canna_selinux.8
++selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/blktap_selinux.8 b/man/man8/blktap_selinux.8
new file mode 100644
-index 0000000..b6eda1f
+index 0000000..8035b64
--- /dev/null
-+++ b/man/man8/canna_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "canna_selinux" "8" "canna" "dwalsh at redhat.com" "canna SELinux Policy documentation"
++++ b/man/man8/blktap_selinux.8
+@@ -0,0 +1,104 @@
++.TH "blktap_selinux" "8" "blktap" "dwalsh at redhat.com" "blktap SELinux Policy documentation"
+.SH "NAME"
-+canna_selinux \- Security Enhanced Linux Policy for the canna processes
++blktap_selinux \- Security Enhanced Linux Policy for the blktap processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the canna processes via flexible mandatory access
++Security-Enhanced Linux secures the blktap processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. blktap policy is extremely flexible and has several booleans that allow you to manipulate the policy and run blktap with the tightest access possible.
++
++
++.PP
++If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
++
++.EX
++.B setsebool -P xend_run_blktap 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -5231,92 +6612,60 @@ index 0000000..b6eda1f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux canna policy is very flexible allowing users to setup their canna processes in as secure a method as possible.
++SELinux blktap policy is very flexible allowing users to setup their blktap processes in as secure a method as possible.
+.PP
-+The following file types are defined for canna:
++The following file types are defined for blktap:
+
+
+.EX
+.PP
-+.B canna_exec_t
++.B blktap_exec_t
+.EE
+
-+- Set files with the canna_exec_t type, if you want to transition an executable to the canna_t domain.
++- Set files with the blktap_exec_t type, if you want to transition an executable to the blktap_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/catdic, /usr/bin/cannaping, /usr/sbin/jserver, /usr/sbin/cannaserver
++/usr/sbin/blktapctrl, /usr/sbin/tapdisk
+
+.EX
+.PP
-+.B canna_initrc_exec_t
++.B blktap_var_run_t
+.EE
+
-+- Set files with the canna_initrc_exec_t type, if you want to transition an executable to the canna_initrc_t domain.
++- Set files with the blktap_var_run_t type, if you want to store the blktap files under the /run directory.
+
+
-+.EX
+.PP
-+.B canna_log_t
-+.EE
-+
-+- Set files with the canna_log_t type, if you want to treat the data as canna log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/wnn(/.*)?, /var/log/canna(/.*)?
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
-+.PP
-+.B canna_var_lib_t
-+.EE
-+
-+- Set files with the canna_var_lib_t type, if you want to store the canna files under the /var/lib directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/wnn/dic(/.*)?, /var/lib/canna/dic(/.*)?
-+
-+.EX
-+.PP
-+.B canna_var_run_t
-+.EE
-+
-+- Set files with the canna_var_run_t type, if you want to store the canna files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.iroha_unix/.*, /var/run/wnn-unix(/.*)?, /var/run/\.iroha_unix
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux canna policy is very flexible allowing users to setup their canna processes in as secure a method as possible.
++SELinux blktap policy is very flexible allowing users to setup their blktap processes in as secure a method as possible.
+.PP
-+The following process types are defined for canna:
++The following process types are defined for blktap:
+
+.EX
-+.B canna_t
++.B blktap_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type blktap_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5327,89 +6676,76 @@ index 0000000..b6eda1f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), canna(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cardmgr_selinux.8 b/man/man8/cardmgr_selinux.8
++selinux(8), blktap(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/blueman_selinux.8 b/man/man8/blueman_selinux.8
new file mode 100644
-index 0000000..d3e6992
+index 0000000..6d0a4e9
--- /dev/null
-+++ b/man/man8/cardmgr_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "cardmgr_selinux" "8" "cardmgr" "dwalsh at redhat.com" "cardmgr SELinux Policy documentation"
++++ b/man/man8/blueman_selinux.8
+@@ -0,0 +1,105 @@
++.TH "blueman_selinux" "8" "blueman" "dwalsh at redhat.com" "blueman SELinux Policy documentation"
+.SH "NAME"
-+cardmgr_selinux \- Security Enhanced Linux Policy for the cardmgr processes
++blueman_selinux \- Security Enhanced Linux Policy for the blueman processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cardmgr processes via flexible mandatory access
++Security-Enhanced Linux secures the blueman processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux cardmgr policy is very flexible allowing users to setup their cardmgr processes in as secure a method as possible.
-+.PP
-+The following file types are defined for cardmgr:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the blueman_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B cardmgr_dev_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the cardmgr_dev_t type, if you want to treat the files as cardmgr dev data.
-+
-+
-+.EX
+.PP
-+.B cardmgr_exec_t
-+.EE
-+
-+- Set files with the cardmgr_exec_t type, if you want to transition an executable to the cardmgr_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cardmgr, /etc/apm/event\.d/pcmcia, /usr/sbin/cardmgr
++If you want to allow confined applications to run with kerberos for the blueman_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B cardmgr_lnk_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the cardmgr_lnk_t type, if you want to treat the files as cardmgr lnk data.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux blueman policy is very flexible allowing users to setup their blueman processes in as secure a method as possible.
++.PP
++The following file types are defined for blueman:
+
+
+.EX
+.PP
-+.B cardmgr_var_lib_t
++.B blueman_exec_t
+.EE
+
-+- Set files with the cardmgr_var_lib_t type, if you want to store the cardmgr files under the /var/lib directory.
++- Set files with the blueman_exec_t type, if you want to transition an executable to the blueman_t domain.
+
+
+.EX
+.PP
-+.B cardmgr_var_run_t
++.B blueman_var_lib_t
+.EE
+
-+- Set files with the cardmgr_var_run_t type, if you want to store the cardmgr files under the /run directory.
++- Set files with the blueman_var_lib_t type, if you want to store the blueman files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cardmgr\.pid, /var/run/stab, /var/lib/pcmcia(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -5424,18 +6760,28 @@ index 0000000..d3e6992
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cardmgr policy is very flexible allowing users to setup their cardmgr processes in as secure a method as possible.
++SELinux blueman policy is very flexible allowing users to setup their blueman processes in as secure a method as possible.
+.PP
-+The following process types are defined for cardmgr:
++The following process types are defined for blueman:
+
+.EX
-+.B cardmgr_t
++.B blueman_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type blueman_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B blueman_var_lib_t
++
++ /var/lib/blueman(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5451,92 +6797,74 @@ index 0000000..d3e6992
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ccs_selinux.8 b/man/man8/ccs_selinux.8
++selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/bluetooth_helper_selinux.8 b/man/man8/bluetooth_helper_selinux.8
new file mode 100644
-index 0000000..3eb68f4
+index 0000000..0bbf146
--- /dev/null
-+++ b/man/man8/ccs_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "ccs_selinux" "8" "ccs" "dwalsh at redhat.com" "ccs SELinux Policy documentation"
++++ b/man/man8/bluetooth_helper_selinux.8
+@@ -0,0 +1,132 @@
++.TH "bluetooth_helper_selinux" "8" "bluetooth_helper" "dwalsh at redhat.com" "bluetooth_helper SELinux Policy documentation"
+.SH "NAME"
-+ccs_selinux \- Security Enhanced Linux Policy for the ccs processes
++bluetooth_helper_selinux \- Security Enhanced Linux Policy for the bluetooth_helper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ccs processes via flexible mandatory access
++Security-Enhanced Linux secures the bluetooth_helper processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux ccs policy is very flexible allowing users to setup their ccs processes in as secure a method as possible.
-+.PP
-+The following file types are defined for ccs:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bluetooth_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B ccs_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the ccs_exec_t type, if you want to transition an executable to the ccs_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ccsd, /sbin/ccsd
-+
-+.EX
+.PP
-+.B ccs_tmp_t
-+.EE
-+
-+- Set files with the ccs_tmp_t type, if you want to store ccs temporary files in the /tmp directories.
-+
++If you want to allow confined applications to run with kerberos for the bluetooth_helper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B ccs_tmpfs_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the ccs_tmpfs_t type, if you want to store ccs files on a tmpfs file system.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux bluetooth_helper policy is very flexible allowing users to setup their bluetooth_helper processes in as secure a method as possible.
++.PP
++The following file types are defined for bluetooth_helper:
+
+
+.EX
+.PP
-+.B ccs_var_lib_t
++.B bluetooth_helper_exec_t
+.EE
+
-+- Set files with the ccs_var_lib_t type, if you want to store the ccs files under the /var/lib directory.
++- Set files with the bluetooth_helper_exec_t type, if you want to transition an executable to the bluetooth_helper_t domain.
+
+
+.EX
+.PP
-+.B ccs_var_log_t
++.B bluetooth_helper_tmp_t
+.EE
+
-+- Set files with the ccs_var_log_t type, if you want to treat the data as ccs var log data, usually stored under the /var/log directory.
++- Set files with the bluetooth_helper_tmp_t type, if you want to store bluetooth helper temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ccs_var_run_t
++.B bluetooth_helper_tmpfs_t
+.EE
+
-+- Set files with the ccs_var_run_t type, if you want to store the ccs files under the /run directory.
++- Set files with the bluetooth_helper_tmpfs_t type, if you want to store bluetooth helper files on a tmpfs file system.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cluster/ccsd\.pid, /var/run/cluster/ccsd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -5551,18 +6879,46 @@ index 0000000..3eb68f4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ccs policy is very flexible allowing users to setup their ccs processes in as secure a method as possible.
++SELinux bluetooth_helper policy is very flexible allowing users to setup their bluetooth_helper processes in as secure a method as possible.
+.PP
-+The following process types are defined for ccs:
++The following process types are defined for bluetooth_helper:
+
+.EX
-+.B ccs_t
++.B bluetooth_helper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type bluetooth_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B bluetooth_helper_tmp_t
++
++
++.br
++.B bluetooth_helper_tmpfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5578,38 +6934,51 @@ index 0000000..3eb68f4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cdcc_selinux.8 b/man/man8/cdcc_selinux.8
++selinux(8), bluetooth_helper(8), semanage(8), restorecon(8), chcon(1)
++, bluetooth_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/bluetooth_selinux.8 b/man/man8/bluetooth_selinux.8
new file mode 100644
-index 0000000..9cf6042
+index 0000000..d1beb84
--- /dev/null
-+++ b/man/man8/cdcc_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "cdcc_selinux" "8" "cdcc" "dwalsh at redhat.com" "cdcc SELinux Policy documentation"
++++ b/man/man8/bluetooth_selinux.8
+@@ -0,0 +1,238 @@
++.TH "bluetooth_selinux" "8" "bluetooth" "dwalsh at redhat.com" "bluetooth SELinux Policy documentation"
+.SH "NAME"
-+cdcc_selinux \- Security Enhanced Linux Policy for the cdcc processes
++bluetooth_selinux \- Security Enhanced Linux Policy for the bluetooth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cdcc processes via flexible mandatory access
++Security-Enhanced Linux secures the bluetooth processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. bluetooth policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bluetooth with the tightest access possible.
++
++
++.PP
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++
++.EX
++.B setsebool -P xguest_use_bluetooth 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cdcc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bluetooth_t, bluetooth_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the cdcc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the bluetooth_t, bluetooth_helper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -5618,120 +6987,118 @@ index 0000000..9cf6042
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cdcc policy is very flexible allowing users to setup their cdcc processes in as secure a method as possible.
++SELinux bluetooth policy is very flexible allowing users to setup their bluetooth processes in as secure a method as possible.
+.PP
-+The following file types are defined for cdcc:
++The following file types are defined for bluetooth:
+
+
+.EX
+.PP
-+.B cdcc_exec_t
++.B bluetooth_conf_rw_t
+.EE
+
-+- Set files with the cdcc_exec_t type, if you want to transition an executable to the cdcc_t domain.
++- Set files with the bluetooth_conf_rw_t type, if you want to treat the files as bluetooth conf read/write content.
+
+
+.EX
+.PP
-+.B cdcc_tmp_t
++.B bluetooth_conf_t
+.EE
+
-+- Set files with the cdcc_tmp_t type, if you want to store cdcc temporary files in the /tmp directories.
++- Set files with the bluetooth_conf_t type, if you want to treat the files as bluetooth configuration data, usually stored under the /etc directory.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B bluetooth_exec_t
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux cdcc policy is very flexible allowing users to setup their cdcc processes in as secure a method as possible.
-+.PP
-+The following process types are defined for cdcc:
++- Set files with the bluetooth_exec_t type, if you want to transition an executable to the bluetooth_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/hcid, /usr/bin/rfcomm, /usr/sbin/sdpd, /usr/bin/hidd, /usr/sbin/bluetoothd, /usr/sbin/hid2hci, /usr/bin/dund, /usr/sbin/hciattach
+
+.EX
-+.B cdcc_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B bluetooth_helper_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++- Set files with the bluetooth_helper_exec_t type, if you want to transition an executable to the bluetooth_helper_t domain.
++
++
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B bluetooth_helper_tmp_t
++.EE
++
++- Set files with the bluetooth_helper_tmp_t type, if you want to store bluetooth helper temporary files in the /tmp directories.
++
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B bluetooth_helper_tmpfs_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the bluetooth_helper_tmpfs_t type, if you want to store bluetooth helper files on a tmpfs file system.
+
-+.SH "SEE ALSO"
-+selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cdrecord_selinux.8 b/man/man8/cdrecord_selinux.8
-new file mode 100644
-index 0000000..48d9d17
---- /dev/null
-+++ b/man/man8/cdrecord_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "cdrecord_selinux" "8" "cdrecord" "dwalsh at redhat.com" "cdrecord SELinux Policy documentation"
-+.SH "NAME"
-+cdrecord_selinux \- Security Enhanced Linux Policy for the cdrecord processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cdrecord processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B bluetooth_initrc_exec_t
++.EE
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. cdrecord policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cdrecord with the tightest access possible.
++- Set files with the bluetooth_initrc_exec_t type, if you want to transition an executable to the bluetooth_initrc_t domain.
+
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/pand
+
++.EX
+.PP
-+If you want to allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files, you must turn on the cdrecord_read_content boolean.
++.B bluetooth_lock_t
++.EE
++
++- Set files with the bluetooth_lock_t type, if you want to treat the files as bluetooth lock data, stored under the /var/lock directory
++
+
+.EX
-+.B setsebool -P cdrecord_read_content 1
++.PP
++.B bluetooth_tmp_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the bluetooth_tmp_t type, if you want to store bluetooth temporary files in the /tmp directories.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B bluetooth_unit_file_t
++.EE
++
++- Set files with the bluetooth_unit_file_t type, if you want to treat the files as bluetooth unit content.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux cdrecord policy is very flexible allowing users to setup their cdrecord processes in as secure a method as possible.
-+.PP
-+The following file types are defined for cdrecord:
++.B bluetooth_var_lib_t
++.EE
++
++- Set files with the bluetooth_var_lib_t type, if you want to store the bluetooth files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B cdrecord_exec_t
++.B bluetooth_var_run_t
+.EE
+
-+- Set files with the cdrecord_exec_t type, if you want to transition an executable to the cdrecord_t domain.
++- Set files with the bluetooth_var_run_t type, if you want to store the bluetooth files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs
++/var/run/bluetoothd_address, /var/run/sdp
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -5746,18 +7113,54 @@ index 0000000..48d9d17
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cdrecord policy is very flexible allowing users to setup their cdrecord processes in as secure a method as possible.
++SELinux bluetooth policy is very flexible allowing users to setup their bluetooth processes in as secure a method as possible.
+.PP
-+The following process types are defined for cdrecord:
++The following process types are defined for bluetooth:
+
+.EX
-+.B cdrecord_t
++.B bluetooth_helper_t, bluetooth_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type bluetooth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B bluetooth_conf_rw_t
++
++ /etc/bluetooth/link_key
++.br
++
++.br
++.B bluetooth_lock_t
++
++
++.br
++.B bluetooth_tmp_t
++
++
++.br
++.B bluetooth_var_lib_t
++
++ /var/lib/bluetooth(/.*)?
++.br
++
++.br
++.B bluetooth_var_run_t
++
++ /var/run/sdp
++.br
++ /var/run/bluetoothd_address
++.br
++
++.br
++.B usbfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5776,99 +7179,113 @@ index 0000000..48d9d17
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cdrecord(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), bluetooth(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), bluetooth_helper_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/certmaster_selinux.8 b/man/man8/certmaster_selinux.8
+diff --git a/man/man8/boinc_selinux.8 b/man/man8/boinc_selinux.8
new file mode 100644
-index 0000000..ad180e1
+index 0000000..4c33797
--- /dev/null
-+++ b/man/man8/certmaster_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "certmaster_selinux" "8" "certmaster" "dwalsh at redhat.com" "certmaster SELinux Policy documentation"
++++ b/man/man8/boinc_selinux.8
+@@ -0,0 +1,210 @@
++.TH "boinc_selinux" "8" "boinc" "dwalsh at redhat.com" "boinc SELinux Policy documentation"
+.SH "NAME"
-+certmaster_selinux \- Security Enhanced Linux Policy for the certmaster processes
++boinc_selinux \- Security Enhanced Linux Policy for the boinc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certmaster processes via flexible mandatory access
++Security-Enhanced Linux secures the boinc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the certmaster_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
++.PP
++The following file types are defined for boinc:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B boinc_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the certmaster_t, you must turn on the kerberos_enabled boolean.
++- Set files with the boinc_exec_t type, if you want to transition an executable to the boinc_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B boinc_initrc_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++- Set files with the boinc_initrc_exec_t type, if you want to transition an executable to the boinc_initrc_t domain.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
-+.PP
-+The following file types are defined for certmaster:
++.B boinc_log_t
++.EE
++
++- Set files with the boinc_log_t type, if you want to treat the data as boinc log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B certmaster_etc_rw_t
++.B boinc_project_tmp_t
+.EE
+
-+- Set files with the certmaster_etc_rw_t type, if you want to treat the files as certmaster etc read/write content.
++- Set files with the boinc_project_tmp_t type, if you want to store boinc project temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B certmaster_exec_t
++.B boinc_project_var_lib_t
+.EE
+
-+- Set files with the certmaster_exec_t type, if you want to transition an executable to the certmaster_t domain.
++- Set files with the boinc_project_var_lib_t type, if you want to store the boinc project files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/boinc/projects(/.*)?, /var/lib/boinc/slots(/.*)?
+
+.EX
+.PP
-+.B certmaster_initrc_exec_t
++.B boinc_tmp_t
+.EE
+
-+- Set files with the certmaster_initrc_exec_t type, if you want to transition an executable to the certmaster_initrc_t domain.
++- Set files with the boinc_tmp_t type, if you want to store boinc temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B certmaster_var_lib_t
++.B boinc_tmpfs_t
+.EE
+
-+- Set files with the certmaster_var_lib_t type, if you want to store the certmaster files under the /var/lib directory.
++- Set files with the boinc_tmpfs_t type, if you want to store boinc files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B certmaster_var_log_t
++.B boinc_unit_file_t
+.EE
+
-+- Set files with the certmaster_var_log_t type, if you want to treat the data as certmaster var log data, usually stored under the /var/log directory.
++- Set files with the boinc_unit_file_t type, if you want to treat the files as boinc unit content.
+
+
+.EX
+.PP
-+.B certmaster_var_run_t
++.B boinc_var_lib_t
+.EE
+
-+- Set files with the certmaster_var_run_t type, if you want to store the certmaster files under the /run directory.
++- Set files with the boinc_var_lib_t type, if you want to store the boinc files under the /var/lib directory.
+
+
+.PP
@@ -5887,19 +7304,30 @@ index 0000000..ad180e1
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
++SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
+.PP
-+The following port types are defined for certmaster:
++The following port types are defined for boinc:
+
+.EX
+.TP 5
-+.B certmaster_port_t
++.B boinc_client_ctrl_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 51235
++tcp 1043
++.EE
++
++.EX
++.TP 5
++.B boinc_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 31416
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -5907,18 +7335,50 @@ index 0000000..ad180e1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
++SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible.
+.PP
-+The following process types are defined for certmaster:
++The following process types are defined for boinc:
+
+.EX
-+.B certmaster_t
++.B boinc_t, boinc_project_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type boinc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boinc_log_t
++
++ /var/log/boinc\.log.*
++.br
++
++.br
++.B boinc_project_var_lib_t
++
++ /var/lib/boinc/slots(/.*)?
++.br
++ /var/lib/boinc/projects(/.*)?
++.br
++
++.br
++.B boinc_tmp_t
++
++
++.br
++.B boinc_tmpfs_t
++
++
++.br
++.B boinc_var_lib_t
++
++ /var/lib/boinc(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -5937,38 +7397,49 @@ index 0000000..ad180e1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/certmonger_selinux.8 b/man/man8/certmonger_selinux.8
++selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/bootloader_selinux.8 b/man/man8/bootloader_selinux.8
new file mode 100644
-index 0000000..a40b2c3
+index 0000000..03c484e
--- /dev/null
-+++ b/man/man8/certmonger_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "certmonger_selinux" "8" "certmonger" "dwalsh at redhat.com" "certmonger SELinux Policy documentation"
-+.SH "NAME"
-+certmonger_selinux \- Security Enhanced Linux Policy for the certmonger processes
++++ b/man/man8/bootloader_selinux.8
+@@ -0,0 +1,284 @@
++.TH "bootloader_selinux" "8" "bootloader" "dwalsh at redhat.com" "bootloader SELinux Policy documentation"
++.SH "NAME"
++bootloader_selinux \- Security Enhanced Linux Policy for the bootloader processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certmonger processes via flexible mandatory access
++Security-Enhanced Linux secures the bootloader processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. bootloader policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bootloader with the tightest access possible.
++
++
++.PP
++If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
++
++.EX
++.B setsebool -P xdm_exec_bootloader 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the certmonger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the bootloader_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the certmonger_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the bootloader_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -5977,49 +7448,49 @@ index 0000000..a40b2c3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux certmonger policy is very flexible allowing users to setup their certmonger processes in as secure a method as possible.
++SELinux bootloader policy is very flexible allowing users to setup their bootloader processes in as secure a method as possible.
+.PP
-+The following file types are defined for certmonger:
-+
-+
-+.EX
-+.PP
-+.B certmonger_exec_t
-+.EE
-+
-+- Set files with the certmonger_exec_t type, if you want to transition an executable to the certmonger_t domain.
++The following file types are defined for bootloader:
+
+
+.EX
+.PP
-+.B certmonger_initrc_exec_t
++.B bootloader_etc_t
+.EE
+
-+- Set files with the certmonger_initrc_exec_t type, if you want to transition an executable to the certmonger_initrc_t domain.
++- Set files with the bootloader_etc_t type, if you want to store bootloader files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/etc/zipl\.conf.*, /etc/yaboot\.conf.*, /etc/default/grub, /etc/lilo\.conf.*
+
+.EX
+.PP
-+.B certmonger_unconfined_exec_t
++.B bootloader_exec_t
+.EE
+
-+- Set files with the certmonger_unconfined_exec_t type, if you want to transition an executable to the certmonger_unconfined_t domain.
++- Set files with the bootloader_exec_t type, if you want to transition an executable to the bootloader_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/ybin.*, /usr/sbin/zipl, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/lilo.*, /sbin/grub.*, /sbin/zipl, /usr/sbin/grub.*
+
+.EX
+.PP
-+.B certmonger_var_lib_t
++.B bootloader_tmp_t
+.EE
+
-+- Set files with the certmonger_var_lib_t type, if you want to store the certmonger files under the /var/lib directory.
++- Set files with the bootloader_tmp_t type, if you want to store bootloader temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B certmonger_var_run_t
++.B bootloader_var_run_t
+.EE
+
-+- Set files with the certmonger_var_run_t type, if you want to store the certmonger files under the /run directory.
++- Set files with the bootloader_var_run_t type, if you want to store the bootloader files under the /run directory.
+
+
+.PP
@@ -6035,18 +7506,168 @@ index 0000000..a40b2c3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux certmonger policy is very flexible allowing users to setup their certmonger processes in as secure a method as possible.
++SELinux bootloader policy is very flexible allowing users to setup their bootloader processes in as secure a method as possible.
+.PP
-+The following process types are defined for certmonger:
++The following process types are defined for bootloader:
+
+.EX
-+.B certmonger_t
++.B bootloader_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type bootloader_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boot_t
++
++ /boot/.*
++.br
++ /vmlinuz.*
++.br
++ /initrd\.img.*
++.br
++ /boot
++.br
++
++.br
++.B bootloader_tmp_t
++
++
++.br
++.B bootloader_var_run_t
++
++
++.br
++.B dosfs_t
++
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B file_t
++
++
++.br
++.B fsadm_var_run_t
++
++ /var/run/blkid(/.*)?
++.br
++
++.br
++.B modules_object_t
++
++ /lib/modules(/.*)?
++.br
++ /usr/lib/modules(/.*)?
++.br
++
++.br
++.B var_log_t
++
++ /var/log/.*
++.br
++ /nsr/logs(/.*)?
++.br
++ /var/webmin(/.*)?
++.br
++ /var/log/cron[^/]*
++.br
++ /var/log/secure[^/]*
++.br
++ /opt/zimbra/log(/.*)?
++.br
++ /var/log/maillog[^/]*
++.br
++ /var/log/spooler[^/]*
++.br
++ /var/log/messages[^/]*
++.br
++ /usr/centreon/log(/.*)?
++.br
++ /var/spool/rsyslog(/.*)?
++.br
++ /var/axfrdns/log/main(/.*)?
++.br
++ /var/spool/bacula/log(/.*)?
++.br
++ /var/tinydns/log/main(/.*)?
++.br
++ /var/dnscache/log/main(/.*)?
++.br
++ /var/stockmaniac/templates_cache(/.*)?
++.br
++ /opt/Symantec/scspagent/IDS/system(/.*)?
++.br
++ /var/log
++.br
++ /var/log/dmesg
++.br
++ /var/log/syslog
++.br
++ /var/log/boot\.log
++.br
++ /var/named/chroot/var/log
++.br
++ /var/spool/plymouth/boot\.log
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6057,27 +7678,32 @@ index 0000000..a40b2c3
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/certwatch_selinux.8 b/man/man8/certwatch_selinux.8
++selinux(8), bootloader(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/brctl_selinux.8 b/man/man8/brctl_selinux.8
new file mode 100644
-index 0000000..1926b29
+index 0000000..8c805bd
--- /dev/null
-+++ b/man/man8/certwatch_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "certwatch_selinux" "8" "certwatch" "dwalsh at redhat.com" "certwatch SELinux Policy documentation"
++++ b/man/man8/brctl_selinux.8
+@@ -0,0 +1,83 @@
++.TH "brctl_selinux" "8" "brctl" "dwalsh at redhat.com" "brctl SELinux Policy documentation"
+.SH "NAME"
-+certwatch_selinux \- Security Enhanced Linux Policy for the certwatch processes
++brctl_selinux \- Security Enhanced Linux Policy for the brctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certwatch processes via flexible mandatory access
++Security-Enhanced Linux secures the brctl processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -6088,17 +7714,17 @@ index 0000000..1926b29
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux certwatch policy is very flexible allowing users to setup their certwatch processes in as secure a method as possible.
++SELinux brctl policy is very flexible allowing users to setup their brctl processes in as secure a method as possible.
+.PP
-+The following file types are defined for certwatch:
++The following file types are defined for brctl:
+
+
+.EX
+.PP
-+.B certwatch_exec_t
++.B brctl_exec_t
+.EE
+
-+- Set files with the certwatch_exec_t type, if you want to transition an executable to the certwatch_t domain.
++- Set files with the brctl_exec_t type, if you want to transition an executable to the brctl_t domain.
+
+
+.PP
@@ -6114,18 +7740,28 @@ index 0000000..1926b29
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux certwatch policy is very flexible allowing users to setup their certwatch processes in as secure a method as possible.
++SELinux brctl policy is very flexible allowing users to setup their brctl processes in as secure a method as possible.
+.PP
-+The following process types are defined for certwatch:
++The following process types are defined for brctl:
+
+.EX
-+.B certwatch_t
++.B brctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type brctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6141,101 +7777,55 @@ index 0000000..1926b29
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cfengine_selinux.8 b/man/man8/cfengine_selinux.8
++selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cachefilesd_selinux.8 b/man/man8/cachefilesd_selinux.8
new file mode 100644
-index 0000000..2a9ebfe
+index 0000000..109637b
--- /dev/null
-+++ b/man/man8/cfengine_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "cfengine_selinux" "8" "cfengine" "dwalsh at redhat.com" "cfengine SELinux Policy documentation"
++++ b/man/man8/cachefilesd_selinux.8
+@@ -0,0 +1,103 @@
++.TH "cachefilesd_selinux" "8" "cachefilesd" "dwalsh at redhat.com" "cachefilesd SELinux Policy documentation"
+.SH "NAME"
-+cfengine_selinux \- Security Enhanced Linux Policy for the cfengine processes
++cachefilesd_selinux \- Security Enhanced Linux Policy for the cachefilesd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cfengine processes via flexible mandatory access
++Security-Enhanced Linux secures the cachefilesd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cfengine_execd_t, cfengine_monitord_t, cfengine_serverd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the cfengine_execd_t, cfengine_monitord_t, cfengine_serverd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cfengine policy is very flexible allowing users to setup their cfengine processes in as secure a method as possible.
++SELinux cachefilesd policy is very flexible allowing users to setup their cachefilesd processes in as secure a method as possible.
+.PP
-+The following file types are defined for cfengine:
-+
-+
-+.EX
-+.PP
-+.B cfengine_execd_exec_t
-+.EE
-+
-+- Set files with the cfengine_execd_exec_t type, if you want to transition an executable to the cfengine_execd_t domain.
++The following file types are defined for cachefilesd:
+
+
+.EX
+.PP
-+.B cfengine_initrc_exec_t
++.B cachefilesd_exec_t
+.EE
+
-+- Set files with the cfengine_initrc_exec_t type, if you want to transition an executable to the cfengine_initrc_t domain.
++- Set files with the cachefilesd_exec_t type, if you want to transition an executable to the cachefilesd_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/rc\.d/init\.d/cf-serverd, /etc/rc\.d/init\.d/cf-execd, /etc/rc\.d/init\.d/cf-monitord
-+
-+.EX
-+.PP
-+.B cfengine_monitord_exec_t
-+.EE
-+
-+- Set files with the cfengine_monitord_exec_t type, if you want to transition an executable to the cfengine_monitord_t domain.
-+
-+
-+.EX
-+.PP
-+.B cfengine_serverd_exec_t
-+.EE
-+
-+- Set files with the cfengine_serverd_exec_t type, if you want to transition an executable to the cfengine_serverd_t domain.
-+
-+
-+.EX
-+.PP
-+.B cfengine_var_lib_t
-+.EE
-+
-+- Set files with the cfengine_var_lib_t type, if you want to store the cfengine files under the /var/lib directory.
-+
++/sbin/cachefilesd, /usr/sbin/cachefilesd
+
+.EX
+.PP
-+.B cfengine_var_log_t
++.B cachefilesd_var_run_t
+.EE
+
-+- Set files with the cfengine_var_log_t type, if you want to treat the data as cfengine var log data, usually stored under the /var/log directory.
++- Set files with the cachefilesd_var_run_t type, if you want to store the cachefilesd files under the /run directory.
+
+
+.PP
@@ -6251,18 +7841,36 @@ index 0000000..2a9ebfe
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cfengine policy is very flexible allowing users to setup their cfengine processes in as secure a method as possible.
++SELinux cachefilesd policy is very flexible allowing users to setup their cachefilesd processes in as secure a method as possible.
+.PP
-+The following process types are defined for cfengine:
++The following process types are defined for cachefilesd:
+
+.EX
-+.B cfengine_execd_t, cfengine_monitord_t, cfengine_serverd_t
++.B cachefilesd_t, cachefiles_kernel_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cachefilesd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cachefiles_var_t
++
++ /var/fscache(/.*)?
++.br
++ /var/cache/fscache(/.*)?
++.br
++
++.br
++.B cachefilesd_var_run_t
++
++ /var/run/cachefilesd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6278,48 +7886,74 @@ index 0000000..2a9ebfe
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cfengine(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cgclear_selinux.8 b/man/man8/cgclear_selinux.8
++selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/calamaris_selinux.8 b/man/man8/calamaris_selinux.8
new file mode 100644
-index 0000000..5d9b403
+index 0000000..1cc7f9e
--- /dev/null
-+++ b/man/man8/cgclear_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "cgclear_selinux" "8" "cgclear" "dwalsh at redhat.com" "cgclear SELinux Policy documentation"
++++ b/man/man8/calamaris_selinux.8
+@@ -0,0 +1,119 @@
++.TH "calamaris_selinux" "8" "calamaris" "dwalsh at redhat.com" "calamaris SELinux Policy documentation"
+.SH "NAME"
-+cgclear_selinux \- Security Enhanced Linux Policy for the cgclear processes
++calamaris_selinux \- Security Enhanced Linux Policy for the calamaris processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgclear processes via flexible mandatory access
++Security-Enhanced Linux secures the calamaris processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the calamaris_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the calamaris_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cgclear policy is very flexible allowing users to setup their cgclear processes in as secure a method as possible.
++SELinux calamaris policy is very flexible allowing users to setup their calamaris processes in as secure a method as possible.
+.PP
-+The following file types are defined for cgclear:
++The following file types are defined for calamaris:
+
+
+.EX
+.PP
-+.B cgclear_exec_t
++.B calamaris_exec_t
+.EE
+
-+- Set files with the cgclear_exec_t type, if you want to transition an executable to the cgclear_t domain.
++- Set files with the calamaris_exec_t type, if you want to transition an executable to the calamaris_t domain.
++
++
++.EX
++.PP
++.B calamaris_log_t
++.EE
++
++- Set files with the calamaris_log_t type, if you want to treat the data as calamaris log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B calamaris_www_t
++.EE
++
++- Set files with the calamaris_www_t type, if you want to treat the files as calamaris www data.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cgclear, /usr/sbin/cgclear
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -6334,18 +7968,34 @@ index 0000000..5d9b403
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cgclear policy is very flexible allowing users to setup their cgclear processes in as secure a method as possible.
++SELinux calamaris policy is very flexible allowing users to setup their calamaris processes in as secure a method as possible.
+.PP
-+The following process types are defined for cgclear:
++The following process types are defined for calamaris:
+
+.EX
-+.B cgclear_t
++.B calamaris_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type calamaris_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B calamaris_log_t
++
++ /var/log/calamaris(/.*)?
++.br
++
++.br
++.B calamaris_www_t
++
++ /var/www/calamaris(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6361,38 +8011,38 @@ index 0000000..5d9b403
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cgconfig_selinux.8 b/man/man8/cgconfig_selinux.8
++selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/callweaver_selinux.8 b/man/man8/callweaver_selinux.8
new file mode 100644
-index 0000000..1b58511
+index 0000000..614cf13
--- /dev/null
-+++ b/man/man8/cgconfig_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "cgconfig_selinux" "8" "cgconfig" "dwalsh at redhat.com" "cgconfig SELinux Policy documentation"
++++ b/man/man8/callweaver_selinux.8
+@@ -0,0 +1,155 @@
++.TH "callweaver_selinux" "8" "callweaver" "dwalsh at redhat.com" "callweaver SELinux Policy documentation"
+.SH "NAME"
-+cgconfig_selinux \- Security Enhanced Linux Policy for the cgconfig processes
++callweaver_selinux \- Security Enhanced Linux Policy for the callweaver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgconfig processes via flexible mandatory access
++Security-Enhanced Linux secures the callweaver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cgconfig_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the callweaver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the cgconfig_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the callweaver_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -6401,41 +8051,57 @@ index 0000000..1b58511
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cgconfig policy is very flexible allowing users to setup their cgconfig processes in as secure a method as possible.
++SELinux callweaver policy is very flexible allowing users to setup their callweaver processes in as secure a method as possible.
+.PP
-+The following file types are defined for cgconfig:
++The following file types are defined for callweaver:
+
+
+.EX
+.PP
-+.B cgconfig_etc_t
++.B callweaver_exec_t
+.EE
+
-+- Set files with the cgconfig_etc_t type, if you want to store cgconfig files in the /etc directories.
++- Set files with the callweaver_exec_t type, if you want to transition an executable to the callweaver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/cgconfig, /etc/cgconfig.conf
+
+.EX
+.PP
-+.B cgconfig_exec_t
++.B callweaver_initrc_exec_t
+.EE
+
-+- Set files with the cgconfig_exec_t type, if you want to transition an executable to the cgconfig_t domain.
++- Set files with the callweaver_initrc_exec_t type, if you want to transition an executable to the callweaver_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cgconfigparser, /sbin/cgconfigparser
+
+.EX
+.PP
-+.B cgconfig_initrc_exec_t
++.B callweaver_log_t
+.EE
+
-+- Set files with the cgconfig_initrc_exec_t type, if you want to transition an executable to the cgconfig_initrc_t domain.
++- Set files with the callweaver_log_t type, if you want to treat the data as callweaver log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B callweaver_spool_t
++.EE
++
++- Set files with the callweaver_spool_t type, if you want to store the callweaver files under the /var/spool directory.
++
++
++.EX
++.PP
++.B callweaver_var_lib_t
++.EE
++
++- Set files with the callweaver_var_lib_t type, if you want to store the callweaver files under the /var/lib directory.
++
++
++.EX
++.PP
++.B callweaver_var_run_t
++.EE
++
++- Set files with the callweaver_var_run_t type, if you want to store the callweaver files under the /run directory.
+
+
+.PP
@@ -6451,18 +8117,46 @@ index 0000000..1b58511
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cgconfig policy is very flexible allowing users to setup their cgconfig processes in as secure a method as possible.
++SELinux callweaver policy is very flexible allowing users to setup their callweaver processes in as secure a method as possible.
+.PP
-+The following process types are defined for cgconfig:
++The following process types are defined for callweaver:
+
+.EX
-+.B cgconfig_t
++.B callweaver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type callweaver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B callweaver_log_t
++
++ /var/log/callweaver(/.*)?
++.br
++
++.br
++.B callweaver_spool_t
++
++ /var/spool/callweaver(/.*)?
++.br
++
++.br
++.B callweaver_var_lib_t
++
++ /var/lib/callweaver(/.*)?
++.br
++
++.br
++.B callweaver_var_run_t
++
++ /var/run/callweaver(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6478,86 +8172,92 @@ index 0000000..1b58511
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cgred_selinux.8 b/man/man8/cgred_selinux.8
++selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/canna_selinux.8 b/man/man8/canna_selinux.8
new file mode 100644
-index 0000000..07be690
+index 0000000..e326bda
--- /dev/null
-+++ b/man/man8/cgred_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "cgred_selinux" "8" "cgred" "dwalsh at redhat.com" "cgred SELinux Policy documentation"
++++ b/man/man8/canna_selinux.8
+@@ -0,0 +1,151 @@
++.TH "canna_selinux" "8" "canna" "dwalsh at redhat.com" "canna SELinux Policy documentation"
+.SH "NAME"
-+cgred_selinux \- Security Enhanced Linux Policy for the cgred processes
++canna_selinux \- Security Enhanced Linux Policy for the canna processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgred processes via flexible mandatory access
++Security-Enhanced Linux secures the canna processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cgred_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the cgred_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cgred policy is very flexible allowing users to setup their cgred processes in as secure a method as possible.
++SELinux canna policy is very flexible allowing users to setup their canna processes in as secure a method as possible.
+.PP
-+The following file types are defined for cgred:
++The following file types are defined for canna:
+
+
+.EX
+.PP
-+.B cgred_exec_t
++.B canna_exec_t
+.EE
+
-+- Set files with the cgred_exec_t type, if you want to transition an executable to the cgred_t domain.
++- Set files with the canna_exec_t type, if you want to transition an executable to the canna_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/cgrulesengd, /usr/sbin/cgrulesengd
++/usr/bin/catdic, /usr/bin/cannaping, /usr/sbin/jserver, /usr/sbin/cannaserver
+
+.EX
+.PP
-+.B cgred_initrc_exec_t
++.B canna_initrc_exec_t
+.EE
+
-+- Set files with the cgred_initrc_exec_t type, if you want to transition an executable to the cgred_initrc_t domain.
++- Set files with the canna_initrc_exec_t type, if you want to transition an executable to the canna_initrc_t domain.
+
+
+.EX
+.PP
-+.B cgred_log_t
++.B canna_log_t
+.EE
+
-+- Set files with the cgred_log_t type, if you want to treat the data as cgred log data, usually stored under the /var/log directory.
++- Set files with the canna_log_t type, if you want to treat the data as canna log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/wnn(/.*)?, /var/log/canna(/.*)?
+
+.EX
+.PP
-+.B cgred_var_run_t
++.B canna_var_lib_t
+.EE
+
-+- Set files with the cgred_var_run_t type, if you want to store the cgred files under the /run directory.
++- Set files with the canna_var_lib_t type, if you want to store the canna files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/wnn/dic(/.*)?, /var/lib/canna/dic(/.*)?
++
++.EX
++.PP
++.B canna_var_run_t
++.EE
+
++- Set files with the canna_var_run_t type, if you want to store the canna files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/\.iroha_unix/.*, /var/run/wnn-unix(/.*)?, /var/run/\.iroha_unix
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -6572,18 +8272,48 @@ index 0000000..07be690
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cgred policy is very flexible allowing users to setup their cgred processes in as secure a method as possible.
++SELinux canna policy is very flexible allowing users to setup their canna processes in as secure a method as possible.
+.PP
-+The following process types are defined for cgred:
++The following process types are defined for canna:
+
+.EX
-+.B cgred_t
++.B canna_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type canna_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B canna_log_t
++
++ /var/log/wnn(/.*)?
++.br
++ /var/log/canna(/.*)?
++.br
++
++.br
++.B canna_var_lib_t
++
++ /var/lib/wnn/dic(/.*)?
++.br
++ /var/lib/canna/dic(/.*)?
++.br
++
++.br
++.B canna_var_run_t
++
++ /var/run/wnn-unix(/.*)?
++.br
++ /var/run/\.iroha_unix/.*
++.br
++ /var/run/\.iroha_unix
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6599,22 +8329,22 @@ index 0000000..07be690
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/checkpc_selinux.8 b/man/man8/checkpc_selinux.8
++selinux(8), canna(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cardmgr_selinux.8 b/man/man8/cardmgr_selinux.8
new file mode 100644
-index 0000000..32fd09a
+index 0000000..f50086e
--- /dev/null
-+++ b/man/man8/checkpc_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "checkpc_selinux" "8" "checkpc" "dwalsh at redhat.com" "checkpc SELinux Policy documentation"
++++ b/man/man8/cardmgr_selinux.8
+@@ -0,0 +1,157 @@
++.TH "cardmgr_selinux" "8" "cardmgr" "dwalsh at redhat.com" "cardmgr SELinux Policy documentation"
+.SH "NAME"
-+checkpc_selinux \- Security Enhanced Linux Policy for the checkpc processes
++cardmgr_selinux \- Security Enhanced Linux Policy for the cardmgr processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the checkpc processes via flexible mandatory access
++Security-Enhanced Linux secures the cardmgr processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -6625,27 +8355,59 @@ index 0000000..32fd09a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux checkpc policy is very flexible allowing users to setup their checkpc processes in as secure a method as possible.
++SELinux cardmgr policy is very flexible allowing users to setup their cardmgr processes in as secure a method as possible.
+.PP
-+The following file types are defined for checkpc:
++The following file types are defined for cardmgr:
+
+
+.EX
+.PP
-+.B checkpc_exec_t
++.B cardmgr_dev_t
+.EE
+
-+- Set files with the checkpc_exec_t type, if you want to transition an executable to the checkpc_t domain.
++- Set files with the cardmgr_dev_t type, if you want to treat the files as cardmgr dev data.
+
+
+.EX
+.PP
-+.B checkpc_log_t
++.B cardmgr_exec_t
+.EE
+
-+- Set files with the checkpc_log_t type, if you want to treat the data as checkpc log data, usually stored under the /var/log directory.
++- Set files with the cardmgr_exec_t type, if you want to transition an executable to the cardmgr_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/cardmgr, /etc/apm/event\.d/pcmcia, /usr/sbin/cardmgr
++
++.EX
++.PP
++.B cardmgr_lnk_t
++.EE
++
++- Set files with the cardmgr_lnk_t type, if you want to treat the files as cardmgr lnk data.
+
+
++.EX
++.PP
++.B cardmgr_var_lib_t
++.EE
++
++- Set files with the cardmgr_var_lib_t type, if you want to store the cardmgr files under the /var/lib directory.
++
++
++.EX
++.PP
++.B cardmgr_var_run_t
++.EE
++
++- Set files with the cardmgr_var_run_t type, if you want to store the cardmgr files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/cardmgr\.pid, /var/run/stab, /var/lib/pcmcia(/.*)?
++
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
@@ -6659,18 +8421,62 @@ index 0000000..32fd09a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux checkpc policy is very flexible allowing users to setup their checkpc processes in as secure a method as possible.
++SELinux cardmgr policy is very flexible allowing users to setup their cardmgr processes in as secure a method as possible.
+.PP
-+The following process types are defined for checkpc:
++The following process types are defined for cardmgr:
+
+.EX
-+.B checkpc_t
++.B cardmgr_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cardmgr_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cardmgr_var_lib_t
++
++
++.br
++.B cardmgr_var_run_t
++
++ /var/lib/pcmcia(/.*)?
++.br
++ /var/run/stab
++.br
++ /var/run/cardmgr\.pid
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6686,22 +8492,22 @@ index 0000000..32fd09a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/checkpolicy_selinux.8 b/man/man8/checkpolicy_selinux.8
++selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ccs_selinux.8 b/man/man8/ccs_selinux.8
new file mode 100644
-index 0000000..ba66ff0
+index 0000000..29235e8
--- /dev/null
-+++ b/man/man8/checkpolicy_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "checkpolicy_selinux" "8" "checkpolicy" "dwalsh at redhat.com" "checkpolicy SELinux Policy documentation"
++++ b/man/man8/ccs_selinux.8
+@@ -0,0 +1,167 @@
++.TH "ccs_selinux" "8" "ccs" "dwalsh at redhat.com" "ccs SELinux Policy documentation"
+.SH "NAME"
-+checkpolicy_selinux \- Security Enhanced Linux Policy for the checkpolicy processes
++ccs_selinux \- Security Enhanced Linux Policy for the ccs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the checkpolicy processes via flexible mandatory access
++Security-Enhanced Linux secures the ccs processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -6712,115 +8518,66 @@ index 0000000..ba66ff0
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux checkpolicy policy is very flexible allowing users to setup their checkpolicy processes in as secure a method as possible.
++SELinux ccs policy is very flexible allowing users to setup their ccs processes in as secure a method as possible.
+.PP
-+The following file types are defined for checkpolicy:
++The following file types are defined for ccs:
+
+
+.EX
+.PP
-+.B checkpolicy_exec_t
++.B ccs_exec_t
+.EE
+
-+- Set files with the checkpolicy_exec_t type, if you want to transition an executable to the checkpolicy_t domain.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the ccs_exec_t type, if you want to transition an executable to the ccs_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux checkpolicy policy is very flexible allowing users to setup their checkpolicy processes in as secure a method as possible.
-+.PP
-+The following process types are defined for checkpolicy:
++.br
++.TP 5
++Paths:
++/usr/sbin/ccsd, /sbin/ccsd
+
+.EX
-+.B checkpolicy_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B ccs_tmp_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the ccs_tmp_t type, if you want to store ccs temporary files in the /tmp directories.
+
-+.SH "SEE ALSO"
-+selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/chfn_selinux.8 b/man/man8/chfn_selinux.8
-new file mode 100644
-index 0000000..e8621ca
---- /dev/null
-+++ b/man/man8/chfn_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "chfn_selinux" "8" "chfn" "dwalsh at redhat.com" "chfn SELinux Policy documentation"
-+.SH "NAME"
-+chfn_selinux \- Security Enhanced Linux Policy for the chfn processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chfn processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B ccs_tmpfs_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the ccs_tmpfs_t type, if you want to store ccs files on a tmpfs file system.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chfn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B ccs_var_lib_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the chfn_t, you must turn on the kerberos_enabled boolean.
++- Set files with the ccs_var_lib_t type, if you want to store the ccs files under the /var/lib directory.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B ccs_var_log_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux chfn policy is very flexible allowing users to setup their chfn processes in as secure a method as possible.
-+.PP
-+The following file types are defined for chfn:
++- Set files with the ccs_var_log_t type, if you want to treat the data as ccs var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B chfn_exec_t
++.B ccs_var_run_t
+.EE
+
-+- Set files with the chfn_exec_t type, if you want to transition an executable to the chfn_t domain.
++- Set files with the ccs_var_run_t type, if you want to store the ccs files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/chfn, /usr/bin/chsh
++/var/run/cluster/ccsd\.pid, /var/run/cluster/ccsd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -6835,18 +8592,64 @@ index 0000000..e8621ca
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux chfn policy is very flexible allowing users to setup their chfn processes in as secure a method as possible.
++SELinux ccs policy is very flexible allowing users to setup their ccs processes in as secure a method as possible.
+.PP
-+The following process types are defined for chfn:
++The following process types are defined for ccs:
+
+.EX
-+.B chfn_t
++.B ccs_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ccs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ccs_tmp_t
++
++
++.br
++.B ccs_tmpfs_t
++
++
++.br
++.B ccs_var_lib_t
++
++
++.br
++.B ccs_var_log_t
++
++
++.br
++.B ccs_var_run_t
++
++ /var/run/cluster/ccsd\.pid
++.br
++ /var/run/cluster/ccsd\.sock
++.br
++
++.br
++.B cluster_conf_t
++
++ /etc/cluster(/.*)?
++.br
++
++.br
++.B file_t
++
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B qpidd_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6862,38 +8665,38 @@ index 0000000..e8621ca
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/chkpwd_selinux.8 b/man/man8/chkpwd_selinux.8
++selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cdcc_selinux.8 b/man/man8/cdcc_selinux.8
new file mode 100644
-index 0000000..6d70e8c
+index 0000000..12029c2
--- /dev/null
-+++ b/man/man8/chkpwd_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "chkpwd_selinux" "8" "chkpwd" "dwalsh at redhat.com" "chkpwd SELinux Policy documentation"
++++ b/man/man8/cdcc_selinux.8
+@@ -0,0 +1,115 @@
++.TH "cdcc_selinux" "8" "cdcc" "dwalsh at redhat.com" "cdcc SELinux Policy documentation"
+.SH "NAME"
-+chkpwd_selinux \- Security Enhanced Linux Policy for the chkpwd processes
++cdcc_selinux \- Security Enhanced Linux Policy for the cdcc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chkpwd processes via flexible mandatory access
++Security-Enhanced Linux secures the cdcc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chkpwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cdcc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the chkpwd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cdcc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -6902,22 +8705,26 @@ index 0000000..6d70e8c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux chkpwd policy is very flexible allowing users to setup their chkpwd processes in as secure a method as possible.
++SELinux cdcc policy is very flexible allowing users to setup their cdcc processes in as secure a method as possible.
+.PP
-+The following file types are defined for chkpwd:
++The following file types are defined for cdcc:
+
+
+.EX
+.PP
-+.B chkpwd_exec_t
++.B cdcc_exec_t
+.EE
+
-+- Set files with the chkpwd_exec_t type, if you want to transition an executable to the chkpwd_t domain.
++- Set files with the cdcc_exec_t type, if you want to transition an executable to the cdcc_t domain.
++
++
++.EX
++.PP
++.B cdcc_tmp_t
++.EE
++
++- Set files with the cdcc_tmp_t type, if you want to store cdcc temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /sbin/unix_verify, /usr/sbin/unix_chkpwd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -6932,18 +8739,38 @@ index 0000000..6d70e8c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux chkpwd policy is very flexible allowing users to setup their chkpwd processes in as secure a method as possible.
++SELinux cdcc policy is very flexible allowing users to setup their cdcc processes in as secure a method as possible.
+.PP
-+The following process types are defined for chkpwd:
++The following process types are defined for cdcc:
+
+.EX
-+.B chkpwd_t
++.B cdcc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cdcc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cdcc_tmp_t
++
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -6959,33 +8786,33 @@ index 0000000..6d70e8c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/chrome_selinux.8 b/man/man8/chrome_selinux.8
++selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cdrecord_selinux.8 b/man/man8/cdrecord_selinux.8
new file mode 100644
-index 0000000..7fb8441
+index 0000000..f71011c
--- /dev/null
-+++ b/man/man8/chrome_selinux.8
-@@ -0,0 +1,120 @@
-+.TH "chrome_selinux" "8" "chrome" "dwalsh at redhat.com" "chrome SELinux Policy documentation"
++++ b/man/man8/cdrecord_selinux.8
+@@ -0,0 +1,96 @@
++.TH "cdrecord_selinux" "8" "cdrecord" "dwalsh at redhat.com" "cdrecord SELinux Policy documentation"
+.SH "NAME"
-+chrome_selinux \- Security Enhanced Linux Policy for the chrome processes
++cdrecord_selinux \- Security Enhanced Linux Policy for the cdrecord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chrome processes via flexible mandatory access
++Security-Enhanced Linux secures the cdrecord processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. chrome policy is extremely flexible and has several booleans that allow you to manipulate the policy and run chrome with the tightest access possible.
++SELinux policy is customizable based on least access required. cdrecord policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cdrecord with the tightest access possible.
+
+
+.PP
-+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
++If you want to allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files, you must turn on the cdrecord_read_content boolean.
+
+.EX
-+.B setsebool -P unconfined_chrome_sandbox_transition 1
++.B setsebool -P cdrecord_read_content 1
+.EE
+
+.SH NSSWITCH DOMAIN
@@ -6996,50 +8823,22 @@ index 0000000..7fb8441
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux chrome policy is very flexible allowing users to setup their chrome processes in as secure a method as possible.
++SELinux cdrecord policy is very flexible allowing users to setup their cdrecord processes in as secure a method as possible.
+.PP
-+The following file types are defined for chrome:
-+
-+
-+.EX
-+.PP
-+.B chrome_sandbox_exec_t
-+.EE
-+
-+- Set files with the chrome_sandbox_exec_t type, if you want to transition an executable to the chrome_sandbox_t domain.
++The following file types are defined for cdrecord:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/chromium-browser/chrome-sandbox, /opt/google/chrome/chrome-sandbox
+
+.EX
+.PP
-+.B chrome_sandbox_nacl_exec_t
++.B cdrecord_exec_t
+.EE
+
-+- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.
++- Set files with the cdrecord_exec_t type, if you want to transition an executable to the cdrecord_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap
-+
-+.EX
-+.PP
-+.B chrome_sandbox_tmp_t
-+.EE
-+
-+- Set files with the chrome_sandbox_tmp_t type, if you want to store chrome sandbox temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B chrome_sandbox_tmpfs_t
-+.EE
-+
-+- Set files with the chrome_sandbox_tmpfs_t type, if you want to store chrome sandbox files on a tmpfs file system.
-+
++/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -7054,18 +8853,22 @@ index 0000000..7fb8441
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux chrome policy is very flexible allowing users to setup their chrome processes in as secure a method as possible.
++SELinux cdrecord policy is very flexible allowing users to setup their cdrecord processes in as secure a method as possible.
+.PP
-+The following process types are defined for chrome:
++The following process types are defined for cdrecord:
+
+.EX
-+.B chrome_sandbox_t, chrome_sandbox_nacl_t
++.B cdrecord_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cdrecord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7084,40 +8887,40 @@ index 0000000..7fb8441
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), chrome(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cdrecord(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/chronyd_selinux.8 b/man/man8/chronyd_selinux.8
+diff --git a/man/man8/certmaster_selinux.8 b/man/man8/certmaster_selinux.8
new file mode 100644
-index 0000000..1a4b417
+index 0000000..846276a
--- /dev/null
-+++ b/man/man8/chronyd_selinux.8
-@@ -0,0 +1,173 @@
-+.TH "chronyd_selinux" "8" "chronyd" "dwalsh at redhat.com" "chronyd SELinux Policy documentation"
++++ b/man/man8/certmaster_selinux.8
+@@ -0,0 +1,195 @@
++.TH "certmaster_selinux" "8" "certmaster" "dwalsh at redhat.com" "certmaster SELinux Policy documentation"
+.SH "NAME"
-+chronyd_selinux \- Security Enhanced Linux Policy for the chronyd processes
++certmaster_selinux \- Security Enhanced Linux Policy for the certmaster processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chronyd processes via flexible mandatory access
++Security-Enhanced Linux secures the certmaster processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chronyd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the certmaster_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the chronyd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the certmaster_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -7126,78 +8929,58 @@ index 0000000..1a4b417
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
++SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
+.PP
-+The following file types are defined for chronyd:
-+
-+
-+.EX
-+.PP
-+.B chronyd_exec_t
-+.EE
-+
-+- Set files with the chronyd_exec_t type, if you want to transition an executable to the chronyd_t domain.
-+
-+
-+.EX
-+.PP
-+.B chronyd_initrc_exec_t
-+.EE
-+
-+- Set files with the chronyd_initrc_exec_t type, if you want to transition an executable to the chronyd_initrc_t domain.
++The following file types are defined for certmaster:
+
+
+.EX
+.PP
-+.B chronyd_keys_t
++.B certmaster_etc_rw_t
+.EE
+
-+- Set files with the chronyd_keys_t type, if you want to treat the files as chronyd keys data.
++- Set files with the certmaster_etc_rw_t type, if you want to treat the files as certmaster etc read/write content.
+
+
+.EX
+.PP
-+.B chronyd_tmpfs_t
++.B certmaster_exec_t
+.EE
+
-+- Set files with the chronyd_tmpfs_t type, if you want to store chronyd files on a tmpfs file system.
++- Set files with the certmaster_exec_t type, if you want to transition an executable to the certmaster_t domain.
+
+
+.EX
+.PP
-+.B chronyd_unit_file_t
++.B certmaster_initrc_exec_t
+.EE
+
-+- Set files with the chronyd_unit_file_t type, if you want to treat the files as chronyd unit content.
++- Set files with the certmaster_initrc_exec_t type, if you want to transition an executable to the certmaster_initrc_t domain.
+
+
+.EX
+.PP
-+.B chronyd_var_lib_t
++.B certmaster_var_lib_t
+.EE
+
-+- Set files with the chronyd_var_lib_t type, if you want to store the chronyd files under the /var/lib directory.
++- Set files with the certmaster_var_lib_t type, if you want to store the certmaster files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B chronyd_var_log_t
++.B certmaster_var_log_t
+.EE
+
-+- Set files with the chronyd_var_log_t type, if you want to treat the data as chronyd var log data, usually stored under the /var/log directory.
++- Set files with the certmaster_var_log_t type, if you want to treat the data as certmaster var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B chronyd_var_run_t
++.B certmaster_var_run_t
+.EE
+
-+- Set files with the chronyd_var_run_t type, if you want to store the chronyd files under the /run directory.
++- Set files with the certmaster_var_run_t type, if you want to store the certmaster files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/chronyd(/.*), /var/run/chronyd\.sock, /var/run/chronyd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -7215,19 +8998,19 @@ index 0000000..1a4b417
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
++SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
+.PP
-+The following port types are defined for chronyd:
++The following port types are defined for certmaster:
+
+.EX
+.TP 5
-+.B chronyd_port_t
++.B certmaster_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+udp 323
++tcp 51235
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -7235,18 +9018,60 @@ index 0000000..1a4b417
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
++SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible.
+.PP
-+The following process types are defined for chronyd:
++The following process types are defined for certmaster:
+
+.EX
-+.B chronyd_t
++.B certmaster_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type certmaster_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cert_t
++
++ /etc/pki(/.*)?
++.br
++ /etc/httpd/alias(/.*)?
++.br
++ /usr/share/ssl/certs(/.*)?
++.br
++ /usr/share/ssl/private(/.*)?
++.br
++ /var/named/chroot/etc/pki(/.*)?
++.br
++
++.br
++.B certmaster_etc_rw_t
++
++ /etc/certmaster(/.*)?
++.br
++
++.br
++.B certmaster_var_lib_t
++
++ /var/lib/certmaster(/.*)?
++.br
++
++.br
++.B certmaster_var_log_t
++
++ /var/log/certmaster(/.*)?
++.br
++
++.br
++.B certmaster_var_run_t
++
++ /var/run/certmaster.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7265,43 +9090,89 @@ index 0000000..1a4b417
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ciped_selinux.8 b/man/man8/ciped_selinux.8
++selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/certmonger_selinux.8 b/man/man8/certmonger_selinux.8
new file mode 100644
-index 0000000..c4fed0a
+index 0000000..8528cdd
--- /dev/null
-+++ b/man/man8/ciped_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "ciped_selinux" "8" "ciped" "dwalsh at redhat.com" "ciped SELinux Policy documentation"
++++ b/man/man8/certmonger_selinux.8
+@@ -0,0 +1,161 @@
++.TH "certmonger_selinux" "8" "certmonger" "dwalsh at redhat.com" "certmonger SELinux Policy documentation"
+.SH "NAME"
-+ciped_selinux \- Security Enhanced Linux Policy for the ciped processes
++certmonger_selinux \- Security Enhanced Linux Policy for the certmonger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ciped processes via flexible mandatory access
++Security-Enhanced Linux secures the certmonger processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the certmonger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the certmonger_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ciped policy is very flexible allowing users to setup their ciped processes in as secure a method as possible.
++SELinux certmonger policy is very flexible allowing users to setup their certmonger processes in as secure a method as possible.
+.PP
-+The following file types are defined for ciped:
++The following file types are defined for certmonger:
+
+
+.EX
+.PP
-+.B ciped_exec_t
++.B certmonger_exec_t
+.EE
+
-+- Set files with the ciped_exec_t type, if you want to transition an executable to the ciped_t domain.
++- Set files with the certmonger_exec_t type, if you want to transition an executable to the certmonger_t domain.
++
++
++.EX
++.PP
++.B certmonger_initrc_exec_t
++.EE
++
++- Set files with the certmonger_initrc_exec_t type, if you want to transition an executable to the certmonger_initrc_t domain.
++
++
++.EX
++.PP
++.B certmonger_unconfined_exec_t
++.EE
++
++- Set files with the certmonger_unconfined_exec_t type, if you want to transition an executable to the certmonger_unconfined_t domain.
++
++
++.EX
++.PP
++.B certmonger_var_lib_t
++.EE
++
++- Set files with the certmonger_var_lib_t type, if you want to store the certmonger files under the /var/lib directory.
++
++
++.EX
++.PP
++.B certmonger_var_run_t
++.EE
++
++- Set files with the certmonger_var_run_t type, if you want to store the certmonger files under the /run directory.
+
+
+.PP
@@ -7317,18 +9188,60 @@ index 0000000..c4fed0a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ciped policy is very flexible allowing users to setup their ciped processes in as secure a method as possible.
++SELinux certmonger policy is very flexible allowing users to setup their certmonger processes in as secure a method as possible.
+.PP
-+The following process types are defined for ciped:
++The following process types are defined for certmonger:
+
+.EX
-+.B ciped_t
++.B certmonger_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type certmonger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B cert_t
++
++ /etc/pki(/.*)?
++.br
++ /etc/httpd/alias(/.*)?
++.br
++ /usr/share/ssl/certs(/.*)?
++.br
++ /usr/share/ssl/private(/.*)?
++.br
++ /var/named/chroot/etc/pki(/.*)?
++.br
++
++.br
++.B certmonger_var_lib_t
++
++ /var/lib/certmonger(/.*)?
++.br
++
++.br
++.B certmonger_var_run_t
++
++ /var/run/certmonger.pid
++.br
++
++.br
++.B dirsrv_config_t
++
++ /etc/dirsrv(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7344,63 +9257,127 @@ index 0000000..c4fed0a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/clamd_selinux.8 b/man/man8/clamd_selinux.8
++selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/certwatch_selinux.8 b/man/man8/certwatch_selinux.8
new file mode 100644
-index 0000000..ee012c5
+index 0000000..db1e4da
--- /dev/null
-+++ b/man/man8/clamd_selinux.8
-@@ -0,0 +1,214 @@
-+.TH "clamd_selinux" "8" "clamd" "dwalsh at redhat.com" "clamd SELinux Policy documentation"
++++ b/man/man8/certwatch_selinux.8
+@@ -0,0 +1,83 @@
++.TH "certwatch_selinux" "8" "certwatch" "dwalsh at redhat.com" "certwatch SELinux Policy documentation"
+.SH "NAME"
-+clamd_selinux \- Security Enhanced Linux Policy for the clamd processes
++certwatch_selinux \- Security Enhanced Linux Policy for the certwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clamd processes via flexible mandatory access
++Security-Enhanced Linux secures the certwatch processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. clamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux certwatch policy is very flexible allowing users to setup their certwatch processes in as secure a method as possible.
++.PP
++The following file types are defined for certwatch:
++
+
+.EX
-+.B setsebool -P clamscan_read_user_content 1
++.PP
++.B certwatch_exec_t
+.EE
+
++- Set files with the certwatch_exec_t type, if you want to transition an executable to the certwatch_t domain.
++
++
+.PP
-+If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux certwatch policy is very flexible allowing users to setup their certwatch processes in as secure a method as possible.
++.PP
++The following process types are defined for certwatch:
+
+.EX
-+.B setsebool -P clamscan_can_scan_system 1
++.B certwatch_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type certwatch_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+If you want to allow clamd to use JIT compiler, you must turn on the clamd_use_jit boolean.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
-+.B setsebool -P clamd_use_jit 1
-+.EE
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cfengine_execd_selinux.8 b/man/man8/cfengine_execd_selinux.8
+new file mode 100644
+index 0000000..cf0f531
+--- /dev/null
++++ b/man/man8/cfengine_execd_selinux.8
+@@ -0,0 +1,103 @@
++.TH "cfengine_execd_selinux" "8" "cfengine_execd" "dwalsh at redhat.com" "cfengine_execd SELinux Policy documentation"
++.SH "NAME"
++cfengine_execd_selinux \- Security Enhanced Linux Policy for the cfengine_execd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the cfengine_execd processes via flexible mandatory access
++control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the clamd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cfengine_execd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the clamd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cfengine_execd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -7409,90 +9386,127 @@ index 0000000..ee012c5
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
++SELinux cfengine_execd policy is very flexible allowing users to setup their cfengine_execd processes in as secure a method as possible.
+.PP
-+The following file types are defined for clamd:
++The following file types are defined for cfengine_execd:
+
+
+.EX
+.PP
-+.B clamd_etc_t
++.B cfengine_execd_exec_t
+.EE
+
-+- Set files with the clamd_etc_t type, if you want to store clamd files in the /etc directories.
++- Set files with the cfengine_execd_exec_t type, if you want to transition an executable to the cfengine_execd_t domain.
+
+
-+.EX
+.PP
-+.B clamd_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux cfengine_execd policy is very flexible allowing users to setup their cfengine_execd processes in as secure a method as possible.
++.PP
++The following process types are defined for cfengine_execd:
++
++.EX
++.B cfengine_execd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the clamd_exec_t type, if you want to transition an executable to the clamd_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type cfengine_execd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/clamd, /usr/sbin/clamav-milter
++.B cfengine_var_lib_t
+
-+.EX
-+.PP
-+.B clamd_initrc_exec_t
-+.EE
++ /var/cfengine(/.*)?
++.br
+
-+- Set files with the clamd_initrc_exec_t type, if you want to transition an executable to the clamd_initrc_t domain.
++.br
++.B cfengine_var_log_t
+
++ /var/cfengine/outputs(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B clamd_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the clamd_tmp_t type, if you want to store clamd temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B clamd_unit_file_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), cfengine_execd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cfengine_monitord_selinux.8 b/man/man8/cfengine_monitord_selinux.8
+new file mode 100644
+index 0000000..a3d1770
+--- /dev/null
++++ b/man/man8/cfengine_monitord_selinux.8
+@@ -0,0 +1,103 @@
++.TH "cfengine_monitord_selinux" "8" "cfengine_monitord" "dwalsh at redhat.com" "cfengine_monitord SELinux Policy documentation"
++.SH "NAME"
++cfengine_monitord_selinux \- Security Enhanced Linux Policy for the cfengine_monitord processes
++.SH "DESCRIPTION"
+
-+- Set files with the clamd_unit_file_t type, if you want to treat the files as clamd unit content.
++Security-Enhanced Linux secures the cfengine_monitord processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
+.PP
-+.B clamd_var_lib_t
-+.EE
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cfengine_monitord_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+- Set files with the clamd_var_lib_t type, if you want to store the clamd files under the /var/lib directory.
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/clamd.*, /var/clamav(/.*)?, /var/lib/clamav(/.*)?
++.PP
++If you want to allow confined applications to run with kerberos for the cfengine_monitord_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B clamd_var_log_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the clamd_var_log_t type, if you want to treat the data as clamd var log data, usually stored under the /var/log directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux cfengine_monitord policy is very flexible allowing users to setup their cfengine_monitord processes in as secure a method as possible.
++.PP
++The following file types are defined for cfengine_monitord:
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/clamav.*, /var/log/clamd.*
+
+.EX
+.PP
-+.B clamd_var_run_t
++.B cfengine_monitord_exec_t
+.EE
+
-+- Set files with the clamd_var_run_t type, if you want to store the clamd files under the /run directory.
++- Set files with the cfengine_monitord_exec_t type, if you want to transition an executable to the cfengine_monitord_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/amavis(d)?/clamd\.pid, /var/run/clamd.*, /var/run/clamav.*, /var/spool/MailScanner(/.*)?, /var/spool/amavisd/clamd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -7501,47 +9515,40 @@ index 0000000..ee012c5
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for clamd:
-+
-+.EX
-+.TP 5
-+.B clamd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 3310
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
++SELinux cfengine_monitord policy is very flexible allowing users to setup their cfengine_monitord processes in as secure a method as possible.
+.PP
-+The following process types are defined for clamd:
++The following process types are defined for cfengine_monitord:
+
+.EX
-+.B clamd_t, clamscan_t
++.B cfengine_monitord_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cfengine_monitord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cfengine_var_lib_t
++
++ /var/cfengine(/.*)?
++.br
++
++.br
++.B cfengine_var_log_t
++
++ /var/cfengine/outputs(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7552,86 +9559,62 @@ index 0000000..ee012c5
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), clamd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/clamscan_selinux.8 b/man/man8/clamscan_selinux.8
++selinux(8), cfengine_monitord(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cfengine_serverd_selinux.8 b/man/man8/cfengine_serverd_selinux.8
new file mode 100644
-index 0000000..f7e5328
+index 0000000..125e4f9
--- /dev/null
-+++ b/man/man8/clamscan_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "clamscan_selinux" "8" "clamscan" "dwalsh at redhat.com" "clamscan SELinux Policy documentation"
++++ b/man/man8/cfengine_serverd_selinux.8
+@@ -0,0 +1,103 @@
++.TH "cfengine_serverd_selinux" "8" "cfengine_serverd" "dwalsh at redhat.com" "cfengine_serverd SELinux Policy documentation"
+.SH "NAME"
-+clamscan_selinux \- Security Enhanced Linux Policy for the clamscan processes
++cfengine_serverd_selinux \- Security Enhanced Linux Policy for the cfengine_serverd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clamscan processes via flexible mandatory access
++Security-Enhanced Linux secures the cfengine_serverd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. clamscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamscan with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cfengine_serverd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P clamscan_read_user_content 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++If you want to allow confined applications to run with kerberos for the cfengine_serverd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P clamscan_can_scan_system 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux clamscan policy is very flexible allowing users to setup their clamscan processes in as secure a method as possible.
++SELinux cfengine_serverd policy is very flexible allowing users to setup their cfengine_serverd processes in as secure a method as possible.
+.PP
-+The following file types are defined for clamscan:
-+
++The following file types are defined for cfengine_serverd:
+
-+.EX
-+.PP
-+.B clamscan_exec_t
-+.EE
-+
-+- Set files with the clamscan_exec_t type, if you want to transition an executable to the clamscan_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/clamdscan, /usr/bin/clamscan
+
+.EX
+.PP
-+.B clamscan_tmp_t
++.B cfengine_serverd_exec_t
+.EE
+
-+- Set files with the clamscan_tmp_t type, if you want to store clamscan temporary files in the /tmp directories.
++- Set files with the cfengine_serverd_exec_t type, if you want to transition an executable to the cfengine_serverd_t domain.
+
+
+.PP
@@ -7647,18 +9630,34 @@ index 0000000..f7e5328
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux clamscan policy is very flexible allowing users to setup their clamscan processes in as secure a method as possible.
++SELinux cfengine_serverd policy is very flexible allowing users to setup their cfengine_serverd processes in as secure a method as possible.
+.PP
-+The following process types are defined for clamscan:
++The following process types are defined for cfengine_serverd:
+
+.EX
-+.B clamscan_t
++.B cfengine_serverd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cfengine_serverd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cfengine_var_lib_t
++
++ /var/cfengine(/.*)?
++.br
++
++.br
++.B cfengine_var_log_t
++
++ /var/cfengine/outputs(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7669,32 +9668,27 @@ index 0000000..f7e5328
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), clamscan(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/clogd_selinux.8 b/man/man8/clogd_selinux.8
++selinux(8), cfengine_serverd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cgclear_selinux.8 b/man/man8/cgclear_selinux.8
new file mode 100644
-index 0000000..903b2bf
+index 0000000..05e9a98
--- /dev/null
-+++ b/man/man8/clogd_selinux.8
++++ b/man/man8/cgclear_selinux.8
@@ -0,0 +1,89 @@
-+.TH "clogd_selinux" "8" "clogd" "dwalsh at redhat.com" "clogd SELinux Policy documentation"
++.TH "cgclear_selinux" "8" "cgclear" "dwalsh at redhat.com" "cgclear SELinux Policy documentation"
+.SH "NAME"
-+clogd_selinux \- Security Enhanced Linux Policy for the clogd processes
++cgclear_selinux \- Security Enhanced Linux Policy for the cgclear processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clogd processes via flexible mandatory access
++Security-Enhanced Linux secures the cgclear processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -7705,34 +9699,22 @@ index 0000000..903b2bf
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux clogd policy is very flexible allowing users to setup their clogd processes in as secure a method as possible.
++SELinux cgclear policy is very flexible allowing users to setup their cgclear processes in as secure a method as possible.
+.PP
-+The following file types are defined for clogd:
-+
-+
-+.EX
-+.PP
-+.B clogd_exec_t
-+.EE
-+
-+- Set files with the clogd_exec_t type, if you want to transition an executable to the clogd_t domain.
-+
-+
-+.EX
-+.PP
-+.B clogd_tmpfs_t
-+.EE
-+
-+- Set files with the clogd_tmpfs_t type, if you want to store clogd files on a tmpfs file system.
++The following file types are defined for cgclear:
+
+
+.EX
+.PP
-+.B clogd_var_run_t
++.B cgclear_exec_t
+.EE
+
-+- Set files with the clogd_var_run_t type, if you want to store the clogd files under the /run directory.
++- Set files with the cgclear_exec_t type, if you want to transition an executable to the cgclear_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/cgclear, /usr/sbin/cgclear
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -7747,18 +9729,30 @@ index 0000000..903b2bf
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux clogd policy is very flexible allowing users to setup their clogd processes in as secure a method as possible.
++SELinux cgclear policy is very flexible allowing users to setup their cgclear processes in as secure a method as possible.
+.PP
-+The following process types are defined for clogd:
++The following process types are defined for cgclear:
+
+.EX
-+.B clogd_t
++.B cgclear_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cgclear_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7774,38 +9768,38 @@ index 0000000..903b2bf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/clvmd_selinux.8 b/man/man8/clvmd_selinux.8
++selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cgconfig_selinux.8 b/man/man8/cgconfig_selinux.8
new file mode 100644
-index 0000000..b862840
+index 0000000..625db2c
--- /dev/null
-+++ b/man/man8/clvmd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "clvmd_selinux" "8" "clvmd" "dwalsh at redhat.com" "clvmd SELinux Policy documentation"
++++ b/man/man8/cgconfig_selinux.8
+@@ -0,0 +1,123 @@
++.TH "cgconfig_selinux" "8" "cgconfig" "dwalsh at redhat.com" "cgconfig SELinux Policy documentation"
+.SH "NAME"
-+clvmd_selinux \- Security Enhanced Linux Policy for the clvmd processes
++cgconfig_selinux \- Security Enhanced Linux Policy for the cgconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clvmd processes via flexible mandatory access
++Security-Enhanced Linux secures the cgconfig processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the clvmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cgconfig_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the clvmd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cgconfig_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -7814,41 +9808,41 @@ index 0000000..b862840
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux clvmd policy is very flexible allowing users to setup their clvmd processes in as secure a method as possible.
++SELinux cgconfig policy is very flexible allowing users to setup their cgconfig processes in as secure a method as possible.
+.PP
-+The following file types are defined for clvmd:
-+
-+
-+.EX
-+.PP
-+.B clvmd_exec_t
-+.EE
-+
-+- Set files with the clvmd_exec_t type, if you want to transition an executable to the clvmd_t domain.
++The following file types are defined for cgconfig:
+
+
+.EX
+.PP
-+.B clvmd_initrc_exec_t
++.B cgconfig_etc_t
+.EE
+
-+- Set files with the clvmd_initrc_exec_t type, if you want to transition an executable to the clvmd_initrc_t domain.
++- Set files with the cgconfig_etc_t type, if you want to store cgconfig files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/etc/sysconfig/cgconfig, /etc/cgconfig.conf
+
+.EX
+.PP
-+.B clvmd_tmpfs_t
++.B cgconfig_exec_t
+.EE
+
-+- Set files with the clvmd_tmpfs_t type, if you want to store clvmd files on a tmpfs file system.
++- Set files with the cgconfig_exec_t type, if you want to transition an executable to the cgconfig_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/cgconfigparser, /sbin/cgconfigparser
+
+.EX
+.PP
-+.B clvmd_var_run_t
++.B cgconfig_initrc_exec_t
+.EE
+
-+- Set files with the clvmd_var_run_t type, if you want to store the clvmd files under the /run directory.
++- Set files with the cgconfig_initrc_exec_t type, if you want to transition an executable to the cgconfig_initrc_t domain.
+
+
+.PP
@@ -7864,18 +9858,30 @@ index 0000000..b862840
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux clvmd policy is very flexible allowing users to setup their clvmd processes in as secure a method as possible.
++SELinux cgconfig policy is very flexible allowing users to setup their cgconfig processes in as secure a method as possible.
+.PP
-+The following process types are defined for clvmd:
++The following process types are defined for cgconfig:
+
+.EX
-+.B clvmd_t
++.B cgconfig_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cgconfig_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7891,67 +9897,85 @@ index 0000000..b862840
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cmirrord_selinux.8 b/man/man8/cmirrord_selinux.8
++selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cgred_selinux.8 b/man/man8/cgred_selinux.8
new file mode 100644
-index 0000000..5f46712
+index 0000000..b8ec36f
--- /dev/null
-+++ b/man/man8/cmirrord_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "cmirrord_selinux" "8" "cmirrord" "dwalsh at redhat.com" "cmirrord SELinux Policy documentation"
++++ b/man/man8/cgred_selinux.8
+@@ -0,0 +1,139 @@
++.TH "cgred_selinux" "8" "cgred" "dwalsh at redhat.com" "cgred SELinux Policy documentation"
+.SH "NAME"
-+cmirrord_selinux \- Security Enhanced Linux Policy for the cmirrord processes
++cgred_selinux \- Security Enhanced Linux Policy for the cgred processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cmirrord processes via flexible mandatory access
++Security-Enhanced Linux secures the cgred processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cgred_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the cgred_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cmirrord policy is very flexible allowing users to setup their cmirrord processes in as secure a method as possible.
++SELinux cgred policy is very flexible allowing users to setup their cgred processes in as secure a method as possible.
+.PP
-+The following file types are defined for cmirrord:
++The following file types are defined for cgred:
+
+
+.EX
+.PP
-+.B cmirrord_exec_t
++.B cgred_exec_t
+.EE
+
-+- Set files with the cmirrord_exec_t type, if you want to transition an executable to the cmirrord_t domain.
++- Set files with the cgred_exec_t type, if you want to transition an executable to the cgred_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/cgrulesengd, /usr/sbin/cgrulesengd
+
+.EX
+.PP
-+.B cmirrord_initrc_exec_t
++.B cgred_initrc_exec_t
+.EE
+
-+- Set files with the cmirrord_initrc_exec_t type, if you want to transition an executable to the cmirrord_initrc_t domain.
++- Set files with the cgred_initrc_exec_t type, if you want to transition an executable to the cgred_initrc_t domain.
+
+
+.EX
+.PP
-+.B cmirrord_tmpfs_t
++.B cgred_log_t
+.EE
+
-+- Set files with the cmirrord_tmpfs_t type, if you want to store cmirrord files on a tmpfs file system.
++- Set files with the cgred_log_t type, if you want to treat the data as cgred log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B cmirrord_var_run_t
++.B cgred_var_run_t
+.EE
+
-+- Set files with the cmirrord_var_run_t type, if you want to store the cmirrord files under the /run directory.
++- Set files with the cgred_var_run_t type, if you want to store the cgred files under the /run directory.
+
+
+.PP
@@ -7967,18 +9991,42 @@ index 0000000..5f46712
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cmirrord policy is very flexible allowing users to setup their cmirrord processes in as secure a method as possible.
++SELinux cgred policy is very flexible allowing users to setup their cgred processes in as secure a method as possible.
+.PP
-+The following process types are defined for cmirrord:
++The following process types are defined for cgred:
+
+.EX
-+.B cmirrord_t
++.B cgred_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cgred_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgred_log_t
++
++ /var/log/cgrulesengd\.log.*
++.br
++
++.br
++.B cgred_var_run_t
++
++ /var/run/cgred.*
++.br
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -7994,117 +10042,51 @@ index 0000000..5f46712
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cobblerd_selinux.8 b/man/man8/cobblerd_selinux.8
++selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/checkpc_selinux.8 b/man/man8/checkpc_selinux.8
new file mode 100644
-index 0000000..97f4a43
+index 0000000..942f348
--- /dev/null
-+++ b/man/man8/cobblerd_selinux.8
-@@ -0,0 +1,177 @@
-+.TH "cobblerd_selinux" "8" "cobblerd" "dwalsh at redhat.com" "cobblerd SELinux Policy documentation"
++++ b/man/man8/checkpc_selinux.8
+@@ -0,0 +1,99 @@
++.TH "checkpc_selinux" "8" "checkpc" "dwalsh at redhat.com" "checkpc SELinux Policy documentation"
+.SH "NAME"
-+cobblerd_selinux \- Security Enhanced Linux Policy for the cobblerd processes
++checkpc_selinux \- Security Enhanced Linux Policy for the checkpc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cobblerd processes via flexible mandatory access
++Security-Enhanced Linux secures the checkpc processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. cobblerd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cobblerd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow Cobbler to connect to the network using TCP, you must turn on the cobbler_can_network_connect boolean.
-+
-+.EX
-+.B setsebool -P cobbler_can_network_connect 1
-+.EE
-+
-+.PP
-+If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P cobbler_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
-+
-+.EX
-+.B setsebool -P httpd_can_network_connect_cobbler 1
-+.EE
-+
-+.PP
-+If you want to allow Cobbler to access cifs file systems, you must turn on the cobbler_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P cobbler_use_cifs 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow cobblerd servers to read the /var/cobblerd directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/cobblerd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/cobblerd
-+.pp
-+.TP
-+Allow cobblerd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_cobblerdd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/cobblerd/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/cobblerd/incoming
-+
-+
-+.PP
-+If you want to allow Cobbler to modify public files used for public file transfer services., you must turn on the cobbler_anon_write boolean.
-+
-+.EX
-+.B setsebool -P cobbler_anon_write 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
++SELinux checkpc policy is very flexible allowing users to setup their checkpc processes in as secure a method as possible.
+.PP
-+The following file types are defined for cobblerd:
-+
-+
-+.EX
-+.PP
-+.B cobblerd_exec_t
-+.EE
-+
-+- Set files with the cobblerd_exec_t type, if you want to transition an executable to the cobblerd_t domain.
++The following file types are defined for checkpc:
+
+
+.EX
+.PP
-+.B cobblerd_initrc_exec_t
++.B checkpc_exec_t
+.EE
+
-+- Set files with the cobblerd_initrc_exec_t type, if you want to transition an executable to the cobblerd_initrc_t domain.
++- Set files with the checkpc_exec_t type, if you want to transition an executable to the checkpc_t domain.
+
+
+.EX
+.PP
-+.B cobblerd_unit_file_t
++.B checkpc_log_t
+.EE
+
-+- Set files with the cobblerd_unit_file_t type, if you want to treat the files as cobblerd unit content.
++- Set files with the checkpc_log_t type, if you want to treat the data as checkpc log data, usually stored under the /var/log directory.
+
+
+.PP
@@ -8114,47 +10096,42 @@ index 0000000..97f4a43
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for cobblerd:
-+
-+.EX
-+.TP 5
-+.B cobbler_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 25151
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
++SELinux checkpc policy is very flexible allowing users to setup their checkpc processes in as secure a method as possible.
+.PP
-+The following process types are defined for cobblerd:
++The following process types are defined for checkpc:
+
+.EX
-+.B cobblerd_t
++.B checkpc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type checkpc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B checkpc_log_t
++
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -8165,48 +10142,29 @@ index 0000000..97f4a43
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cobblerd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/collectd_selinux.8 b/man/man8/collectd_selinux.8
++selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/checkpolicy_selinux.8 b/man/man8/checkpolicy_selinux.8
new file mode 100644
-index 0000000..8c62b84
+index 0000000..0e52e03
--- /dev/null
-+++ b/man/man8/collectd_selinux.8
-@@ -0,0 +1,120 @@
-+.TH "collectd_selinux" "8" "collectd" "dwalsh at redhat.com" "collectd SELinux Policy documentation"
++++ b/man/man8/checkpolicy_selinux.8
+@@ -0,0 +1,89 @@
++.TH "checkpolicy_selinux" "8" "checkpolicy" "dwalsh at redhat.com" "checkpolicy SELinux Policy documentation"
+.SH "NAME"
-+collectd_selinux \- Security Enhanced Linux Policy for the collectd processes
++checkpolicy_selinux \- Security Enhanced Linux Policy for the checkpolicy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the collectd processes via flexible mandatory access
++Security-Enhanced Linux secures the checkpolicy processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. collectd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run collectd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow collectd to connect to the network using TCP, you must turn on the collectd_can_network_connect boolean.
-+
-+.EX
-+.B setsebool -P collectd_can_network_connect 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -8215,49 +10173,17 @@ index 0000000..8c62b84
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux collectd policy is very flexible allowing users to setup their collectd processes in as secure a method as possible.
++SELinux checkpolicy policy is very flexible allowing users to setup their checkpolicy processes in as secure a method as possible.
+.PP
-+The following file types are defined for collectd:
-+
-+
-+.EX
-+.PP
-+.B collectd_exec_t
-+.EE
-+
-+- Set files with the collectd_exec_t type, if you want to transition an executable to the collectd_t domain.
-+
-+
-+.EX
-+.PP
-+.B collectd_initrc_exec_t
-+.EE
-+
-+- Set files with the collectd_initrc_exec_t type, if you want to transition an executable to the collectd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B collectd_unit_file_t
-+.EE
-+
-+- Set files with the collectd_unit_file_t type, if you want to treat the files as collectd unit content.
-+
-+
-+.EX
-+.PP
-+.B collectd_var_lib_t
-+.EE
-+
-+- Set files with the collectd_var_lib_t type, if you want to store the collectd files under the /var/lib directory.
++The following file types are defined for checkpolicy:
+
+
+.EX
+.PP
-+.B collectd_var_run_t
++.B checkpolicy_exec_t
+.EE
+
-+- Set files with the collectd_var_run_t type, if you want to store the collectd files under the /run directory.
++- Set files with the checkpolicy_exec_t type, if you want to transition an executable to the checkpolicy_t domain.
+
+
+.PP
@@ -8273,18 +10199,34 @@ index 0000000..8c62b84
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux collectd policy is very flexible allowing users to setup their collectd processes in as secure a method as possible.
++SELinux checkpolicy policy is very flexible allowing users to setup their checkpolicy processes in as secure a method as possible.
+.PP
-+The following process types are defined for collectd:
++The following process types are defined for checkpolicy:
+
+.EX
-+.B collectd_t
++.B checkpolicy_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type checkpolicy_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B semanage_store_t
++
++ /etc/selinux/([^/]*/)?policy(/.*)?
++.br
++ /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?
++.br
++ /etc/share/selinux/mls(/.*)?
++.br
++ /etc/share/selinux/targeted(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -8295,48 +10237,43 @@ index 0000000..8c62b84
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), collectd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/colord_selinux.8 b/man/man8/colord_selinux.8
++selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/chfn_selinux.8 b/man/man8/chfn_selinux.8
new file mode 100644
-index 0000000..2030937
+index 0000000..a839d60
--- /dev/null
-+++ b/man/man8/colord_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "colord_selinux" "8" "colord" "dwalsh at redhat.com" "colord SELinux Policy documentation"
++++ b/man/man8/chfn_selinux.8
+@@ -0,0 +1,173 @@
++.TH "chfn_selinux" "8" "chfn" "dwalsh at redhat.com" "chfn SELinux Policy documentation"
+.SH "NAME"
-+colord_selinux \- Security Enhanced Linux Policy for the colord processes
++chfn_selinux \- Security Enhanced Linux Policy for the chfn processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the colord processes via flexible mandatory access
++Security-Enhanced Linux secures the chfn processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the colord_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chfn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the colord_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the chfn_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -8345,58 +10282,201 @@ index 0000000..2030937
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux colord policy is very flexible allowing users to setup their colord processes in as secure a method as possible.
++SELinux chfn policy is very flexible allowing users to setup their chfn processes in as secure a method as possible.
+.PP
-+The following file types are defined for colord:
++The following file types are defined for chfn:
+
+
+.EX
+.PP
-+.B colord_exec_t
++.B chfn_exec_t
+.EE
+
-+- Set files with the colord_exec_t type, if you want to transition an executable to the colord_t domain.
++- Set files with the chfn_exec_t type, if you want to transition an executable to the chfn_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/libexec/colord-sane, /usr/libexec/colord
++/usr/bin/chfn, /usr/bin/chsh
+
-+.EX
+.PP
-+.B colord_tmp_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux chfn policy is very flexible allowing users to setup their chfn processes in as secure a method as possible.
++.PP
++The following process types are defined for chfn:
++
++.EX
++.B chfn_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the colord_tmp_t type, if you want to store colord temporary files in the /tmp directories.
++.SH "MANAGED FILES"
+
++The SELinux user type chfn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B passwd_file_t
++
++ /etc/group[-\+]?
++.br
++ /etc/passwd[-\+]?
++.br
++ /etc/ptmptmp
++.br
++ /etc/passwd\.OLD
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B colord_tmpfs_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the colord_tmpfs_t type, if you want to store colord files on a tmpfs file system.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/chkpwd_selinux.8 b/man/man8/chkpwd_selinux.8
+new file mode 100644
+index 0000000..b680d92
+--- /dev/null
++++ b/man/man8/chkpwd_selinux.8
+@@ -0,0 +1,95 @@
++.TH "chkpwd_selinux" "8" "chkpwd" "dwalsh at redhat.com" "chkpwd SELinux Policy documentation"
++.SH "NAME"
++chkpwd_selinux \- Security Enhanced Linux Policy for the chkpwd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the chkpwd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chkpwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B colord_unit_file_t
++If you want to allow confined applications to run with kerberos for the chkpwd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the colord_unit_file_t type, if you want to treat the files as colord unit content.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux chkpwd policy is very flexible allowing users to setup their chkpwd processes in as secure a method as possible.
++.PP
++The following file types are defined for chkpwd:
+
+
+.EX
+.PP
-+.B colord_var_lib_t
++.B chkpwd_exec_t
+.EE
+
-+- Set files with the colord_var_lib_t type, if you want to store the colord files under the /var/lib directory.
++- Set files with the chkpwd_exec_t type, if you want to transition an executable to the chkpwd_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/color(/.*)?, /var/lib/colord(/.*)?
++/sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /sbin/unix_verify, /usr/sbin/unix_chkpwd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -8411,18 +10491,22 @@ index 0000000..2030937
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux colord policy is very flexible allowing users to setup their colord processes in as secure a method as possible.
++SELinux chkpwd policy is very flexible allowing users to setup their chkpwd processes in as secure a method as possible.
+.PP
-+The following process types are defined for colord:
++The following process types are defined for chkpwd:
+
+.EX
-+.B colord_t
++.B chkpwd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type chkpwd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -8438,74 +10522,48 @@ index 0000000..2030937
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), colord(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/comsat_selinux.8 b/man/man8/comsat_selinux.8
++selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/chrome_sandbox_nacl_selinux.8 b/man/man8/chrome_sandbox_nacl_selinux.8
new file mode 100644
-index 0000000..97f145e
+index 0000000..ce170d4
--- /dev/null
-+++ b/man/man8/comsat_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "comsat_selinux" "8" "comsat" "dwalsh at redhat.com" "comsat SELinux Policy documentation"
++++ b/man/man8/chrome_sandbox_nacl_selinux.8
+@@ -0,0 +1,86 @@
++.TH "chrome_sandbox_nacl_selinux" "8" "chrome_sandbox_nacl" "dwalsh at redhat.com" "chrome_sandbox_nacl SELinux Policy documentation"
+.SH "NAME"
-+comsat_selinux \- Security Enhanced Linux Policy for the comsat processes
++chrome_sandbox_nacl_selinux \- Security Enhanced Linux Policy for the chrome_sandbox_nacl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the comsat processes via flexible mandatory access
++Security-Enhanced Linux secures the chrome_sandbox_nacl processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the comsat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the comsat_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
++SELinux chrome_sandbox_nacl policy is very flexible allowing users to setup their chrome_sandbox_nacl processes in as secure a method as possible.
+.PP
-+The following file types are defined for comsat:
-+
-+
-+.EX
-+.PP
-+.B comsat_exec_t
-+.EE
-+
-+- Set files with the comsat_exec_t type, if you want to transition an executable to the comsat_t domain.
-+
-+
-+.EX
-+.PP
-+.B comsat_tmp_t
-+.EE
-+
-+- Set files with the comsat_tmp_t type, if you want to store comsat temporary files in the /tmp directories.
++The following file types are defined for chrome_sandbox_nacl:
+
+
+.EX
+.PP
-+.B comsat_var_run_t
++.B chrome_sandbox_nacl_exec_t
+.EE
+
-+- Set files with the comsat_var_run_t type, if you want to store the comsat files under the /run directory.
++- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -8514,47 +10572,32 @@ index 0000000..97f145e
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
-+.PP
-+The following port types are defined for comsat:
-+
-+.EX
-+.TP 5
-+.B comsat_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 512
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
++SELinux chrome_sandbox_nacl policy is very flexible allowing users to setup their chrome_sandbox_nacl processes in as secure a method as possible.
+.PP
-+The following process types are defined for comsat:
++The following process types are defined for chrome_sandbox_nacl:
+
+.EX
-+.B comsat_t
++.B chrome_sandbox_nacl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type chrome_sandbox_nacl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B chrome_sandbox_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -8565,239 +10608,167 @@ index 0000000..97f145e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/condor_selinux.8 b/man/man8/condor_selinux.8
++selinux(8), chrome_sandbox_nacl(8), semanage(8), restorecon(8), chcon(1)
++, chrome_sandbox_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/chrome_sandbox_selinux.8 b/man/man8/chrome_sandbox_selinux.8
new file mode 100644
-index 0000000..b4838c3
+index 0000000..ac42fa4
--- /dev/null
-+++ b/man/man8/condor_selinux.8
-@@ -0,0 +1,242 @@
-+.TH "condor_selinux" "8" "condor" "dwalsh at redhat.com" "condor SELinux Policy documentation"
++++ b/man/man8/chrome_sandbox_selinux.8
+@@ -0,0 +1,168 @@
++.TH "chrome_sandbox_selinux" "8" "chrome_sandbox" "dwalsh at redhat.com" "chrome_sandbox SELinux Policy documentation"
+.SH "NAME"
-+condor_selinux \- Security Enhanced Linux Policy for the condor processes
++chrome_sandbox_selinux \- Security Enhanced Linux Policy for the chrome_sandbox processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the condor processes via flexible mandatory access
++Security-Enhanced Linux secures the chrome_sandbox processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. condor policy is extremely flexible and has several booleans that allow you to manipulate the policy and run condor with the tightest access possible.
++SELinux policy is customizable based on least access required. chrome_sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run chrome_sandbox with the tightest access possible.
+
+
+.PP
-+If you want to allow codnor domain to connect to the network using TCP, you must turn on the condor_domain_can_network_connect boolean.
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
-+.B setsebool -P condor_domain_can_network_connect 1
++.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_startd_t, condor_master_t, condor_startd_ssh_t, condor_negotiator_t, condor_collector_t, condor_schedd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the condor_startd_t, condor_master_t, condor_startd_ssh_t, condor_negotiator_t, condor_collector_t, condor_schedd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux condor policy is very flexible allowing users to setup their condor processes in as secure a method as possible.
++SELinux chrome_sandbox policy is very flexible allowing users to setup their chrome_sandbox processes in as secure a method as possible.
+.PP
-+The following file types are defined for condor:
++The following file types are defined for chrome_sandbox:
+
+
+.EX
+.PP
-+.B condor_collector_exec_t
++.B chrome_sandbox_exec_t
+.EE
+
-+- Set files with the condor_collector_exec_t type, if you want to transition an executable to the condor_collector_t domain.
++- Set files with the chrome_sandbox_exec_t type, if you want to transition an executable to the chrome_sandbox_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/chromium-browser/chrome-sandbox, /opt/google/chrome/chrome-sandbox
+
+.EX
+.PP
-+.B condor_log_t
++.B chrome_sandbox_nacl_exec_t
+.EE
+
-+- Set files with the condor_log_t type, if you want to treat the data as condor log data, usually stored under the /var/log directory.
++- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap
+
+.EX
+.PP
-+.B condor_master_exec_t
++.B chrome_sandbox_tmp_t
+.EE
+
-+- Set files with the condor_master_exec_t type, if you want to transition an executable to the condor_master_t domain.
++- Set files with the chrome_sandbox_tmp_t type, if you want to store chrome sandbox temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B condor_negotiator_exec_t
++.B chrome_sandbox_tmpfs_t
+.EE
+
-+- Set files with the condor_negotiator_exec_t type, if you want to transition an executable to the condor_negotiator_t domain.
++- Set files with the chrome_sandbox_tmpfs_t type, if you want to store chrome sandbox files on a tmpfs file system.
+
+
-+.EX
+.PP
-+.B condor_procd_exec_t
-+.EE
-+
-+- Set files with the condor_procd_exec_t type, if you want to transition an executable to the condor_procd_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+
-+.EX
-+.PP
-+.B condor_schedd_exec_t
-+.EE
-+
-+- Set files with the condor_schedd_exec_t type, if you want to transition an executable to the condor_schedd_t domain.
-+
-+
-+.EX
-+.PP
-+.B condor_schedd_tmp_t
-+.EE
-+
-+- Set files with the condor_schedd_tmp_t type, if you want to store condor schedd temporary files in the /tmp directories.
-+
-+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B condor_startd_exec_t
-+.EE
-+
-+- Set files with the condor_startd_exec_t type, if you want to transition an executable to the condor_startd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/condor_starter, /usr/sbin/condor_startd
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B condor_startd_tmp_t
-+.EE
-+
-+- Set files with the condor_startd_tmp_t type, if you want to store condor startd temporary files in the /tmp directories.
-+
++Policy governs the access confined processes have to files.
++SELinux chrome_sandbox policy is very flexible allowing users to setup their chrome_sandbox processes in as secure a method as possible.
++.PP
++The following process types are defined for chrome_sandbox:
+
+.EX
-+.PP
-+.B condor_startd_tmpfs_t
++.B chrome_sandbox_t, chrome_sandbox_nacl_t
+.EE
-+
-+- Set files with the condor_startd_tmpfs_t type, if you want to store condor startd files on a tmpfs file system.
-+
-+
-+.EX
+.PP
-+.B condor_unit_file_t
-+.EE
-+
-+- Set files with the condor_unit_file_t type, if you want to treat the files as condor unit content.
-+
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.PP
-+.B condor_var_lib_t
-+.EE
++.SH "MANAGED FILES"
+
-+- Set files with the condor_var_lib_t type, if you want to store the condor files under the /var/lib directory.
++The SELinux user type chrome_sandbox_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/var/lib/condor(/.*)?, /var/lib/condor/execute(/.*)?, /var/lib/condor/spool(/.*)?
-+
-+.EX
-+.PP
-+.B condor_var_lock_t
-+.EE
-+
-+- Set files with the condor_var_lock_t type, if you want to treat the files as condor var lock data, stored under the /var/lock directory
-+
-+
-+.EX
-+.PP
-+.B condor_var_run_t
-+.EE
-+
-+- Set files with the condor_var_run_t type, if you want to store the condor files under the /run directory.
++.B cgroup_t
+
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B chrome_sandbox_tmp_t
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
+
-+.B semanage port -l
++.br
++.B chrome_sandbox_tmpfs_t
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux condor policy is very flexible allowing users to setup their condor processes in as secure a method as possible.
-+.PP
-+The following port types are defined for condor:
+
-+.EX
-+.TP 5
-+.B condor_port_t
-+.TP 10
-+.EE
++.br
++.B home_cert_t
+
++ /root/\.cert(/.*)?
++.br
++ /home/[^/]*/.kde/share/apps/networkmanagement/certificates(/.*)?
++.br
++ /home/[^/]*/\.pki(/.*)?
++.br
++ /home/[^/]*/\.cert(/.*)?
++.br
+
-+Default Defined Ports:
-+tcp 9618
-+.EE
-+udp 9618
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux condor policy is very flexible allowing users to setup their condor processes in as secure a method as possible.
-+.PP
-+The following process types are defined for condor:
++.br
++.B user_fonts_cache_t
+
-+.EX
-+.B condor_collector_t, condor_startd_ssh_t, condor_procd_t, condor_negotiator_t, condor_schedd_t, condor_startd_t, condor_master_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -8809,9 +10780,6 @@ index 0000000..b4838c3
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -8820,40 +10788,40 @@ index 0000000..b4838c3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), condor(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), chrome_sandbox(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), chrome_sandbox_nacl_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/consolekit_selinux.8 b/man/man8/consolekit_selinux.8
+diff --git a/man/man8/chronyd_selinux.8 b/man/man8/chronyd_selinux.8
new file mode 100644
-index 0000000..8efe64c
+index 0000000..9b5d538
--- /dev/null
-+++ b/man/man8/consolekit_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "consolekit_selinux" "8" "consolekit" "dwalsh at redhat.com" "consolekit SELinux Policy documentation"
++++ b/man/man8/chronyd_selinux.8
+@@ -0,0 +1,207 @@
++.TH "chronyd_selinux" "8" "chronyd" "dwalsh at redhat.com" "chronyd SELinux Policy documentation"
+.SH "NAME"
-+consolekit_selinux \- Security Enhanced Linux Policy for the consolekit processes
++chronyd_selinux \- Security Enhanced Linux Policy for the chronyd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the consolekit processes via flexible mandatory access
++Security-Enhanced Linux secures the chronyd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the consolekit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the chronyd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the consolekit_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the chronyd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -8862,54 +10830,78 @@ index 0000000..8efe64c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux consolekit policy is very flexible allowing users to setup their consolekit processes in as secure a method as possible.
++SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
+.PP
-+The following file types are defined for consolekit:
++The following file types are defined for chronyd:
+
+
+.EX
+.PP
-+.B consolekit_exec_t
++.B chronyd_exec_t
+.EE
+
-+- Set files with the consolekit_exec_t type, if you want to transition an executable to the consolekit_t domain.
++- Set files with the chronyd_exec_t type, if you want to transition an executable to the chronyd_t domain.
+
+
+.EX
+.PP
-+.B consolekit_log_t
++.B chronyd_initrc_exec_t
+.EE
+
-+- Set files with the consolekit_log_t type, if you want to treat the data as consolekit log data, usually stored under the /var/log directory.
++- Set files with the chronyd_initrc_exec_t type, if you want to transition an executable to the chronyd_initrc_t domain.
+
+
+.EX
+.PP
-+.B consolekit_tmpfs_t
++.B chronyd_keys_t
+.EE
+
-+- Set files with the consolekit_tmpfs_t type, if you want to store consolekit files on a tmpfs file system.
++- Set files with the chronyd_keys_t type, if you want to treat the files as chronyd keys data.
+
+
+.EX
+.PP
-+.B consolekit_unit_file_t
++.B chronyd_tmpfs_t
+.EE
+
-+- Set files with the consolekit_unit_file_t type, if you want to treat the files as consolekit unit content.
++- Set files with the chronyd_tmpfs_t type, if you want to store chronyd files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B consolekit_var_run_t
++.B chronyd_unit_file_t
+.EE
+
-+- Set files with the consolekit_var_run_t type, if you want to store the consolekit files under the /run directory.
++- Set files with the chronyd_unit_file_t type, if you want to treat the files as chronyd unit content.
++
++
++.EX
++.PP
++.B chronyd_var_lib_t
++.EE
++
++- Set files with the chronyd_var_lib_t type, if you want to store the chronyd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B chronyd_var_log_t
++.EE
++
++- Set files with the chronyd_var_log_t type, if you want to treat the data as chronyd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B chronyd_var_run_t
++.EE
++
++- Set files with the chronyd_var_run_t type, if you want to store the chronyd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/console-kit-daemon\.pid, /var/run/ConsoleKit(/.*)?, /var/run/consolekit\.pid
++/var/run/chronyd(/.*), /var/run/chronyd\.sock, /var/run/chronyd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -8918,24 +10910,81 @@ index 0000000..8efe64c
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
++.PP
++The following port types are defined for chronyd:
++
++.EX
++.TP 5
++.B chronyd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 323
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux consolekit policy is very flexible allowing users to setup their consolekit processes in as secure a method as possible.
++SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible.
+.PP
-+The following process types are defined for consolekit:
++The following process types are defined for chronyd:
+
+.EX
-+.B consolekit_t
++.B chronyd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type chronyd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B chronyd_tmpfs_t
++
++
++.br
++.B chronyd_var_lib_t
++
++ /var/lib/chrony(/.*)?
++.br
++
++.br
++.B chronyd_var_log_t
++
++ /var/log/chrony(/.*)?
++.br
++
++.br
++.B chronyd_var_run_t
++
++ /var/run/chronyd(/.*)
++.br
++ /var/run/chronyd\.pid
++.br
++ /var/run/chronyd\.sock
++.br
++
++.br
++.B gpsd_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -8946,27 +10995,30 @@ index 0000000..8efe64c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/consoletype_selinux.8 b/man/man8/consoletype_selinux.8
++selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ciped_selinux.8 b/man/man8/ciped_selinux.8
new file mode 100644
-index 0000000..9dc6c09
+index 0000000..760b1c2
--- /dev/null
-+++ b/man/man8/consoletype_selinux.8
++++ b/man/man8/ciped_selinux.8
@@ -0,0 +1,77 @@
-+.TH "consoletype_selinux" "8" "consoletype" "dwalsh at redhat.com" "consoletype SELinux Policy documentation"
++.TH "ciped_selinux" "8" "ciped" "dwalsh at redhat.com" "ciped SELinux Policy documentation"
+.SH "NAME"
-+consoletype_selinux \- Security Enhanced Linux Policy for the consoletype processes
++ciped_selinux \- Security Enhanced Linux Policy for the ciped processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the consoletype processes via flexible mandatory access
++Security-Enhanced Linux secures the ciped processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -8977,22 +11029,18 @@ index 0000000..9dc6c09
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux consoletype policy is very flexible allowing users to setup their consoletype processes in as secure a method as possible.
++SELinux ciped policy is very flexible allowing users to setup their ciped processes in as secure a method as possible.
+.PP
-+The following file types are defined for consoletype:
++The following file types are defined for ciped:
+
+
+.EX
+.PP
-+.B consoletype_exec_t
++.B ciped_exec_t
+.EE
+
-+- Set files with the consoletype_exec_t type, if you want to transition an executable to the consoletype_t domain.
++- Set files with the ciped_exec_t type, if you want to transition an executable to the ciped_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/consoletype, /sbin/consoletype
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -9007,18 +11055,22 @@ index 0000000..9dc6c09
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux consoletype policy is very flexible allowing users to setup their consoletype processes in as secure a method as possible.
++SELinux ciped policy is very flexible allowing users to setup their ciped processes in as secure a method as possible.
+.PP
-+The following process types are defined for consoletype:
++The following process types are defined for ciped:
+
+.EX
-+.B consoletype_t
++.B ciped_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ciped_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -9034,38 +11086,63 @@ index 0000000..9dc6c09
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/corosync_selinux.8 b/man/man8/corosync_selinux.8
++selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/clamd_selinux.8 b/man/man8/clamd_selinux.8
new file mode 100644
-index 0000000..d3c5ce4
+index 0000000..42f178a
--- /dev/null
-+++ b/man/man8/corosync_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "corosync_selinux" "8" "corosync" "dwalsh at redhat.com" "corosync SELinux Policy documentation"
++++ b/man/man8/clamd_selinux.8
+@@ -0,0 +1,254 @@
++.TH "clamd_selinux" "8" "clamd" "dwalsh at redhat.com" "clamd SELinux Policy documentation"
+.SH "NAME"
-+corosync_selinux \- Security Enhanced Linux Policy for the corosync processes
++clamd_selinux \- Security Enhanced Linux Policy for the clamd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the corosync processes via flexible mandatory access
++Security-Enhanced Linux secures the clamd processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. clamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamd with the tightest access possible.
++
++
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
++.PP
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++
++.EX
++.B setsebool -P clamscan_can_scan_system 1
++.EE
++
++.PP
++If you want to allow clamd to use JIT compiler, you must turn on the clamd_use_jit boolean.
++
++.EX
++.B setsebool -P clamd_use_jit 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the corosync_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the clamd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the corosync_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the clamd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -9074,90 +11151,90 @@ index 0000000..d3c5ce4
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux corosync policy is very flexible allowing users to setup their corosync processes in as secure a method as possible.
++SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
+.PP
-+The following file types are defined for corosync:
++The following file types are defined for clamd:
+
+
+.EX
+.PP
-+.B corosync_exec_t
++.B clamd_etc_t
+.EE
+
-+- Set files with the corosync_exec_t type, if you want to transition an executable to the corosync_t domain.
++- Set files with the clamd_etc_t type, if you want to store clamd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ccs_tool, /usr/sbin/corosync, /usr/sbin/corosync-notifyd, /usr/lib(64)?/heartbeat/heartbeat, /usr/sbin/cman_tool
+
+.EX
+.PP
-+.B corosync_initrc_exec_t
++.B clamd_exec_t
+.EE
+
-+- Set files with the corosync_initrc_exec_t type, if you want to transition an executable to the corosync_initrc_t domain.
++- Set files with the clamd_exec_t type, if you want to transition an executable to the clamd_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/rc\.d/init\.d/heartbeat, /etc/rc\.d/init\.d/corosync
++/usr/sbin/clamd, /usr/sbin/clamav-milter
+
+.EX
+.PP
-+.B corosync_tmp_t
++.B clamd_initrc_exec_t
+.EE
+
-+- Set files with the corosync_tmp_t type, if you want to store corosync temporary files in the /tmp directories.
++- Set files with the clamd_initrc_exec_t type, if you want to transition an executable to the clamd_initrc_t domain.
+
+
+.EX
+.PP
-+.B corosync_tmpfs_t
++.B clamd_tmp_t
+.EE
+
-+- Set files with the corosync_tmpfs_t type, if you want to store corosync files on a tmpfs file system.
++- Set files with the clamd_tmp_t type, if you want to store clamd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B corosync_unit_file_t
++.B clamd_unit_file_t
+.EE
+
-+- Set files with the corosync_unit_file_t type, if you want to treat the files as corosync unit content.
++- Set files with the clamd_unit_file_t type, if you want to treat the files as clamd unit content.
+
+
+.EX
+.PP
-+.B corosync_var_lib_t
++.B clamd_var_lib_t
+.EE
+
-+- Set files with the corosync_var_lib_t type, if you want to store the corosync files under the /var/lib directory.
++- Set files with the clamd_var_lib_t type, if you want to store the clamd files under the /var/lib directory.
+
+.br
+.TP 5
+Paths:
-+/var/lib/heartbeat(/.*)?, /var/lib/corosync(/.*)?
++/var/lib/clamd.*, /var/clamav(/.*)?, /var/lib/clamav(/.*)?
+
+.EX
+.PP
-+.B corosync_var_log_t
++.B clamd_var_log_t
+.EE
+
-+- Set files with the corosync_var_log_t type, if you want to treat the data as corosync var log data, usually stored under the /var/log directory.
++- Set files with the clamd_var_log_t type, if you want to treat the data as clamd var log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/clamav.*, /var/log/clamd.*
+
+.EX
+.PP
-+.B corosync_var_run_t
++.B clamd_var_run_t
+.EE
+
-+- Set files with the corosync_var_run_t type, if you want to store the corosync files under the /run directory.
++- Set files with the clamd_var_run_t type, if you want to store the clamd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/rsctmp(/.*)?, /var/run/corosync\.pid, /var/run/cman_.*, /var/run/heartbeat(/.*)?
++/var/run/amavis(d)?/clamd\.pid, /var/run/clamd.*, /var/run/clamav.*, /var/spool/MailScanner(/.*)?, /var/spool/amavisd/clamd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -9166,24 +11243,87 @@ index 0000000..d3c5ce4
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
++.PP
++The following port types are defined for clamd:
++
++.EX
++.TP 5
++.B clamd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 3310
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux corosync policy is very flexible allowing users to setup their corosync processes in as secure a method as possible.
++SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible.
+.PP
-+The following process types are defined for corosync:
++The following process types are defined for clamd:
+
+.EX
-+.B corosync_t
++.B clamd_t, clamscan_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type clamd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B clamd_tmp_t
++
++
++.br
++.B clamd_var_lib_t
++
++ /var/clamav(/.*)?
++.br
++ /var/lib/clamd.*
++.br
++ /var/lib/clamav(/.*)?
++.br
++
++.br
++.B clamd_var_log_t
++
++ /var/log/clamd.*
++.br
++ /var/log/clamav.*
++.br
++
++.br
++.B clamd_var_run_t
++
++ /var/run/clamd.*
++.br
++ /var/run/clamav.*
++.br
++ /var/run/amavis(d)?/clamd\.pid
++.br
++ /var/spool/MailScanner(/.*)?
++.br
++ /var/spool/amavisd/clamd\.sock
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -9194,165 +11334,140 @@ index 0000000..d3c5ce4
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/couchdb_selinux.8 b/man/man8/couchdb_selinux.8
++selinux(8), clamd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), clamscan_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/clamscan_selinux.8 b/man/man8/clamscan_selinux.8
new file mode 100644
-index 0000000..fe8af46
+index 0000000..3fd406a
--- /dev/null
-+++ b/man/man8/couchdb_selinux.8
-@@ -0,0 +1,163 @@
-+.TH "couchdb_selinux" "8" "couchdb" "dwalsh at redhat.com" "couchdb SELinux Policy documentation"
++++ b/man/man8/clamscan_selinux.8
+@@ -0,0 +1,131 @@
++.TH "clamscan_selinux" "8" "clamscan" "dwalsh at redhat.com" "clamscan SELinux Policy documentation"
+.SH "NAME"
-+couchdb_selinux \- Security Enhanced Linux Policy for the couchdb processes
++clamscan_selinux \- Security Enhanced Linux Policy for the clamscan processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the couchdb processes via flexible mandatory access
++Security-Enhanced Linux secures the clamscan processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. clamscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamscan with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the couchdb_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P clamscan_read_user_content 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the couchdb_t, you must turn on the kerberos_enabled boolean.
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P clamscan_can_scan_system 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
++SELinux clamscan policy is very flexible allowing users to setup their clamscan processes in as secure a method as possible.
+.PP
-+The following file types are defined for couchdb:
++The following file types are defined for clamscan:
+
+
+.EX
+.PP
-+.B couchdb_etc_t
++.B clamscan_exec_t
+.EE
+
-+- Set files with the couchdb_etc_t type, if you want to store couchdb files in the /etc directories.
++- Set files with the clamscan_exec_t type, if you want to transition an executable to the clamscan_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/clamdscan, /usr/bin/clamscan
+
+.EX
+.PP
-+.B couchdb_exec_t
++.B clamscan_tmp_t
+.EE
+
-+- Set files with the couchdb_exec_t type, if you want to transition an executable to the couchdb_t domain.
++- Set files with the clamscan_tmp_t type, if you want to store clamscan temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B couchdb_log_t
-+.EE
-+
-+- Set files with the couchdb_log_t type, if you want to treat the data as couchdb log data, usually stored under the /var/log directory.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux clamscan policy is very flexible allowing users to setup their clamscan processes in as secure a method as possible.
++.PP
++The following process types are defined for clamscan:
+
+.EX
-+.PP
-+.B couchdb_tmp_t
++.B clamscan_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the couchdb_tmp_t type, if you want to store couchdb temporary files in the /tmp directories.
++.SH "MANAGED FILES"
+
++The SELinux user type clamscan_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B couchdb_unit_file_t
-+.EE
++.br
++.B amavis_spool_t
+
-+- Set files with the couchdb_unit_file_t type, if you want to treat the files as couchdb unit content.
++ /var/spool/amavisd(/.*)?
++.br
+
++.br
++.B clamd_var_lib_t
+
-+.EX
-+.PP
-+.B couchdb_var_lib_t
-+.EE
++ /var/clamav(/.*)?
++.br
++ /var/lib/clamd.*
++.br
++ /var/lib/clamav(/.*)?
++.br
+
-+- Set files with the couchdb_var_lib_t type, if you want to store the couchdb files under the /var/lib directory.
++.br
++.B clamscan_tmp_t
+
+
-+.EX
-+.PP
-+.B couchdb_var_run_t
-+.EE
-+
-+- Set files with the couchdb_var_run_t type, if you want to store the couchdb files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
-+.PP
-+The following port types are defined for couchdb:
-+
-+.EX
-+.TP 5
-+.B couchdb_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 5984
-+.EE
-+udp 5984
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
-+.PP
-+The following process types are defined for couchdb:
-+
-+.EX
-+.B couchdb_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
+.B semanage permissive
+can also be used to manipulate whether or not a process type is permissive.
@@ -9360,161 +11475,69 @@ index 0000000..fe8af46
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), couchdb(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/courier_selinux.8 b/man/man8/courier_selinux.8
++selinux(8), clamscan(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/clogd_selinux.8 b/man/man8/clogd_selinux.8
new file mode 100644
-index 0000000..89e7fe7
+index 0000000..069dcaa
--- /dev/null
-+++ b/man/man8/courier_selinux.8
-@@ -0,0 +1,183 @@
-+.TH "courier_selinux" "8" "courier" "dwalsh at redhat.com" "courier SELinux Policy documentation"
++++ b/man/man8/clogd_selinux.8
+@@ -0,0 +1,103 @@
++.TH "clogd_selinux" "8" "clogd" "dwalsh at redhat.com" "clogd SELinux Policy documentation"
+.SH "NAME"
-+courier_selinux \- Security Enhanced Linux Policy for the courier processes
++clogd_selinux \- Security Enhanced Linux Policy for the clogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the courier processes via flexible mandatory access
++Security-Enhanced Linux secures the clogd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the courier_authdaemon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the courier_authdaemon_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux courier policy is very flexible allowing users to setup their courier processes in as secure a method as possible.
++SELinux clogd policy is very flexible allowing users to setup their clogd processes in as secure a method as possible.
+.PP
-+The following file types are defined for courier:
-+
-+
-+.EX
-+.PP
-+.B courier_authdaemon_exec_t
-+.EE
-+
-+- Set files with the courier_authdaemon_exec_t type, if you want to transition an executable to the courier_authdaemon_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/authdaemond, /usr/lib/courier/authlib/.*
-+
-+.EX
-+.PP
-+.B courier_etc_t
-+.EE
-+
-+- Set files with the courier_etc_t type, if you want to store courier files in the /etc directories.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/courier/rootcerts(/.*)?, /etc/courier(/.*)?, /etc/courier-imap(/.*)?
-+
-+.EX
-+.PP
-+.B courier_exec_t
-+.EE
-+
-+- Set files with the courier_exec_t type, if you want to transition an executable to the courier_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/courierlogger, /usr/lib/courier/courier/.*, /usr/sbin/courierldapaliasd
-+
-+.EX
-+.PP
-+.B courier_pcp_exec_t
-+.EE
-+
-+- Set files with the courier_pcp_exec_t type, if you want to transition an executable to the courier_pcp_t domain.
-+
-+
-+.EX
-+.PP
-+.B courier_pop_exec_t
-+.EE
-+
-+- Set files with the courier_pop_exec_t type, if you want to transition an executable to the courier_pop_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/courier/imapd, /usr/lib/courier/courier/courierpop.*, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin, /usr/bin/imapd
-+
-+.EX
-+.PP
-+.B courier_spool_t
-+.EE
-+
-+- Set files with the courier_spool_t type, if you want to store the courier files under the /var/spool directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/authdaemon(/.*)?, /var/spool/courier(/.*)?
-+
-+.EX
-+.PP
-+.B courier_sqwebmail_exec_t
-+.EE
-+
-+- Set files with the courier_sqwebmail_exec_t type, if you want to transition an executable to the courier_sqwebmail_t domain.
++The following file types are defined for clogd:
+
+
+.EX
+.PP
-+.B courier_tcpd_exec_t
++.B clogd_exec_t
+.EE
+
-+- Set files with the courier_tcpd_exec_t type, if you want to transition an executable to the courier_tcpd_t domain.
++- Set files with the clogd_exec_t type, if you want to transition an executable to the clogd_t domain.
+
+
+.EX
+.PP
-+.B courier_var_lib_t
++.B clogd_tmpfs_t
+.EE
+
-+- Set files with the courier_var_lib_t type, if you want to store the courier files under the /var/lib directory.
++- Set files with the clogd_tmpfs_t type, if you want to store clogd files on a tmpfs file system.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/courier(/.*)?, /var/lib/courier-imap(/.*)?
+
+.EX
+.PP
-+.B courier_var_run_t
++.B clogd_var_run_t
+.EE
+
-+- Set files with the courier_var_run_t type, if you want to store the courier files under the /run directory.
++- Set files with the clogd_var_run_t type, if you want to store the clogd files under the /run directory.
+
+
+.PP
@@ -9530,18 +11553,32 @@ index 0000000..89e7fe7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux courier policy is very flexible allowing users to setup their courier processes in as secure a method as possible.
++SELinux clogd policy is very flexible allowing users to setup their clogd processes in as secure a method as possible.
+.PP
-+The following process types are defined for courier:
++The following process types are defined for clogd:
+
+.EX
-+.B courier_sqwebmail_t, courier_tcpd_t, courier_authdaemon_t, courier_pcp_t, courier_pop_t
++.B clogd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type clogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B clogd_tmpfs_t
++
++
++.br
++.B clogd_var_run_t
++
++ /var/run/clogd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -9557,116 +11594,39 @@ index 0000000..89e7fe7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), courier(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cpucontrol_selinux.8 b/man/man8/cpucontrol_selinux.8
++selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/clvmd_selinux.8 b/man/man8/clvmd_selinux.8
new file mode 100644
-index 0000000..9145f2b
+index 0000000..8731ff2
--- /dev/null
-+++ b/man/man8/cpucontrol_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "cpucontrol_selinux" "8" "cpucontrol" "dwalsh at redhat.com" "cpucontrol SELinux Policy documentation"
++++ b/man/man8/clvmd_selinux.8
+@@ -0,0 +1,129 @@
++.TH "clvmd_selinux" "8" "clvmd" "dwalsh at redhat.com" "clvmd SELinux Policy documentation"
+.SH "NAME"
-+cpucontrol_selinux \- Security Enhanced Linux Policy for the cpucontrol processes
++clvmd_selinux \- Security Enhanced Linux Policy for the clvmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cpucontrol processes via flexible mandatory access
++Security-Enhanced Linux secures the clvmd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux cpucontrol policy is very flexible allowing users to setup their cpucontrol processes in as secure a method as possible.
-+.PP
-+The following file types are defined for cpucontrol:
-+
-+
-+.EX
+.PP
-+.B cpucontrol_conf_t
-+.EE
-+
-+- Set files with the cpucontrol_conf_t type, if you want to treat the files as cpucontrol configuration data, usually stored under the /etc directory.
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the clvmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B cpucontrol_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the cpucontrol_exec_t type, if you want to transition an executable to the cpucontrol_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/microcode_ctl, /usr/sbin/microcode_ctl
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux cpucontrol policy is very flexible allowing users to setup their cpucontrol processes in as secure a method as possible.
-+.PP
-+The following process types are defined for cpucontrol:
++If you want to allow confined applications to run with kerberos for the clvmd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B cpucontrol_t
++.B setsebool -P kerberos_enabled 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cpufreqselector_selinux.8 b/man/man8/cpufreqselector_selinux.8
-new file mode 100644
-index 0000000..be066ae
---- /dev/null
-+++ b/man/man8/cpufreqselector_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "cpufreqselector_selinux" "8" "cpufreqselector" "dwalsh at redhat.com" "cpufreqselector SELinux Policy documentation"
-+.SH "NAME"
-+cpufreqselector_selinux \- Security Enhanced Linux Policy for the cpufreqselector processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the cpufreqselector processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -9674,108 +11634,41 @@ index 0000000..be066ae
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cpufreqselector policy is very flexible allowing users to setup their cpufreqselector processes in as secure a method as possible.
++SELinux clvmd policy is very flexible allowing users to setup their clvmd processes in as secure a method as possible.
+.PP
-+The following file types are defined for cpufreqselector:
++The following file types are defined for clvmd:
+
+
+.EX
+.PP
-+.B cpufreqselector_exec_t
++.B clvmd_exec_t
+.EE
+
-+- Set files with the cpufreqselector_exec_t type, if you want to transition an executable to the cpufreqselector_t domain.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the clvmd_exec_t type, if you want to transition an executable to the clvmd_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux cpufreqselector policy is very flexible allowing users to setup their cpufreqselector processes in as secure a method as possible.
-+.PP
-+The following process types are defined for cpufreqselector:
+
+.EX
-+.B cpufreqselector_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cpuspeed_selinux.8 b/man/man8/cpuspeed_selinux.8
-new file mode 100644
-index 0000000..3948ea7
---- /dev/null
-+++ b/man/man8/cpuspeed_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "cpuspeed_selinux" "8" "cpuspeed" "dwalsh at redhat.com" "cpuspeed SELinux Policy documentation"
-+.SH "NAME"
-+cpuspeed_selinux \- Security Enhanced Linux Policy for the cpuspeed processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the cpuspeed processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
++.B clvmd_initrc_exec_t
++.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux cpuspeed policy is very flexible allowing users to setup their cpuspeed processes in as secure a method as possible.
-+.PP
-+The following file types are defined for cpuspeed:
++- Set files with the clvmd_initrc_exec_t type, if you want to transition an executable to the clvmd_initrc_t domain.
+
+
+.EX
+.PP
-+.B cpuspeed_exec_t
++.B clvmd_tmpfs_t
+.EE
+
-+- Set files with the cpuspeed_exec_t type, if you want to transition an executable to the cpuspeed_t domain.
++- Set files with the clvmd_tmpfs_t type, if you want to store clvmd files on a tmpfs file system.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cpuspeed, /usr/sbin/powernowd, /usr/sbin/cpufreqd
+
+.EX
+.PP
-+.B cpuspeed_var_run_t
++.B clvmd_var_run_t
+.EE
+
-+- Set files with the cpuspeed_var_run_t type, if you want to store the cpuspeed files under the /run directory.
++- Set files with the clvmd_var_run_t type, if you want to store the clvmd files under the /run directory.
+
+
+.PP
@@ -9791,18 +11684,36 @@ index 0000000..3948ea7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cpuspeed policy is very flexible allowing users to setup their cpuspeed processes in as secure a method as possible.
++SELinux clvmd policy is very flexible allowing users to setup their clvmd processes in as secure a method as possible.
+.PP
-+The following process types are defined for cpuspeed:
++The following process types are defined for clvmd:
+
+.EX
-+.B cpuspeed_t
++.B clvmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type clvmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B clvmd_tmpfs_t
++
++
++.br
++.B clvmd_var_run_t
++
++ /var/run/clvmd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -9818,22 +11729,22 @@ index 0000000..3948ea7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/crack_selinux.8 b/man/man8/crack_selinux.8
++selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cmirrord_selinux.8 b/man/man8/cmirrord_selinux.8
new file mode 100644
-index 0000000..02402d3
+index 0000000..54fbebe
--- /dev/null
-+++ b/man/man8/crack_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "crack_selinux" "8" "crack" "dwalsh at redhat.com" "crack SELinux Policy documentation"
++++ b/man/man8/cmirrord_selinux.8
+@@ -0,0 +1,111 @@
++.TH "cmirrord_selinux" "8" "cmirrord" "dwalsh at redhat.com" "cmirrord SELinux Policy documentation"
+.SH "NAME"
-+crack_selinux \- Security Enhanced Linux Policy for the crack processes
++cmirrord_selinux \- Security Enhanced Linux Policy for the cmirrord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crack processes via flexible mandatory access
++Security-Enhanced Linux secures the cmirrord processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -9844,41 +11755,41 @@ index 0000000..02402d3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux crack policy is very flexible allowing users to setup their crack processes in as secure a method as possible.
++SELinux cmirrord policy is very flexible allowing users to setup their cmirrord processes in as secure a method as possible.
+.PP
-+The following file types are defined for crack:
++The following file types are defined for cmirrord:
+
+
+.EX
+.PP
-+.B crack_db_t
++.B cmirrord_exec_t
+.EE
+
-+- Set files with the crack_db_t type, if you want to treat the files as crack database content.
++- Set files with the cmirrord_exec_t type, if you want to transition an executable to the cmirrord_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/cracklib(/.*)?, /usr/share/cracklib(/.*)?, /usr/lib/cracklib_dict.*
+
+.EX
+.PP
-+.B crack_exec_t
++.B cmirrord_initrc_exec_t
+.EE
+
-+- Set files with the crack_exec_t type, if you want to transition an executable to the crack_t domain.
++- Set files with the cmirrord_initrc_exec_t type, if you want to transition an executable to the cmirrord_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cracklib-[a-z]*, /usr/sbin/crack_[a-z]*
+
+.EX
+.PP
-+.B crack_tmp_t
++.B cmirrord_tmpfs_t
+.EE
+
-+- Set files with the crack_tmp_t type, if you want to store crack temporary files in the /tmp directories.
++- Set files with the cmirrord_tmpfs_t type, if you want to store cmirrord files on a tmpfs file system.
++
++
++.EX
++.PP
++.B cmirrord_var_run_t
++.EE
++
++- Set files with the cmirrord_var_run_t type, if you want to store the cmirrord files under the /run directory.
+
+
+.PP
@@ -9894,18 +11805,32 @@ index 0000000..02402d3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux crack policy is very flexible allowing users to setup their crack processes in as secure a method as possible.
++SELinux cmirrord policy is very flexible allowing users to setup their cmirrord processes in as secure a method as possible.
+.PP
-+The following process types are defined for crack:
++The following process types are defined for cmirrord:
+
+.EX
-+.B crack_t
++.B cmirrord_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cmirrord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cmirrord_tmpfs_t
++
++
++.br
++.B cmirrord_var_run_t
++
++ /var/run/cmirrord\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -9921,56 +11846,82 @@ index 0000000..02402d3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), crack(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/crond_selinux.8 b/man/man8/crond_selinux.8
++selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cobblerd_selinux.8 b/man/man8/cobblerd_selinux.8
new file mode 100644
-index 0000000..64e8674
+index 0000000..c42baa4
--- /dev/null
-+++ b/man/man8/crond_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "crond_selinux" "8" "crond" "dwalsh at redhat.com" "crond SELinux Policy documentation"
++++ b/man/man8/cobblerd_selinux.8
+@@ -0,0 +1,343 @@
++.TH "cobblerd_selinux" "8" "cobblerd" "dwalsh at redhat.com" "cobblerd SELinux Policy documentation"
+.SH "NAME"
-+crond_selinux \- Security Enhanced Linux Policy for the crond processes
++cobblerd_selinux \- Security Enhanced Linux Policy for the cobblerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crond processes via flexible mandatory access
++Security-Enhanced Linux secures the cobblerd processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. crond policy is extremely flexible and has several booleans that allow you to manipulate the policy and run crond with the tightest access possible.
++SELinux policy is customizable based on least access required. cobblerd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cobblerd with the tightest access possible.
+
+
+.PP
-+If you want to enable extra rules in the cron domain to support fcron, you must turn on the fcron_crond boolean.
++If you want to allow Cobbler to connect to the network using TCP, you must turn on the cobbler_can_network_connect boolean.
+
+.EX
-+.B setsebool -P fcron_crond 1
++.B setsebool -P cobbler_can_network_connect 1
+.EE
+
+.PP
-+If you want to allow system cron jobs to relabel filesystem for restoring file contexts, you must turn on the cron_can_relabel boolean.
++If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
+
+.EX
-+.B setsebool -P cron_can_relabel 1
++.B setsebool -P cobbler_use_nfs 1
+.EE
+
-+.SH NSSWITCH DOMAIN
++.PP
++If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect_cobbler 1
++.EE
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the crontab_t, crond_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow Cobbler to access cifs file systems, you must turn on the cobbler_use_cifs boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P cobbler_use_cifs 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow cobblerd servers to read the /var/cobblerd directory by adding the public_content_t file type to the directory and by restoring the file type.
+.PP
-+If you want to allow confined applications to run with kerberos for the crontab_t, crond_t, you must turn on the kerberos_enabled boolean.
++.B
++semanage fcontext -a -t public_content_t "/var/cobblerd(/.*)?"
++.br
++.B restorecon -F -R -v /var/cobblerd
++.pp
++.TP
++Allow cobblerd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_cobblerdd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/cobblerd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/cobblerd/incoming
++
++
++.PP
++If you want to allow Cobbler to modify public files used for public file transfer services., you must turn on the cobbler_anon_write boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P cobbler_anon_write 1
+.EE
+
+.SH FILE CONTEXTS
@@ -9979,88 +11930,249 @@ index 0000000..64e8674
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux crond policy is very flexible allowing users to setup their crond processes in as secure a method as possible.
++SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
+.PP
-+The following file types are defined for crond:
++The following file types are defined for cobblerd:
+
+
+.EX
+.PP
-+.B crond_exec_t
++.B cobblerd_exec_t
+.EE
+
-+- Set files with the crond_exec_t type, if you want to transition an executable to the crond_t domain.
++- Set files with the cobblerd_exec_t type, if you want to transition an executable to the cobblerd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/atd, /usr/sbin/fcron, /usr/sbin/cron(d)?
+
+.EX
+.PP
-+.B crond_initrc_exec_t
++.B cobblerd_initrc_exec_t
+.EE
+
-+- Set files with the crond_initrc_exec_t type, if you want to transition an executable to the crond_initrc_t domain.
++- Set files with the cobblerd_initrc_exec_t type, if you want to transition an executable to the cobblerd_initrc_t domain.
+
+
+.EX
+.PP
-+.B crond_tmp_t
++.B cobblerd_unit_file_t
+.EE
+
-+- Set files with the crond_tmp_t type, if you want to store crond temporary files in the /tmp directories.
++- Set files with the cobblerd_unit_file_t type, if you want to treat the files as cobblerd unit content.
+
+
-+.EX
+.PP
-+.B crond_unit_file_t
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+- Set files with the crond_unit_file_t type, if you want to treat the files as crond unit content.
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/crond.*, /usr/lib/systemd/system/atd.*
++.B semanage port -l
+
-+.EX
+.PP
-+.B crond_var_run_t
-+.EE
-+
-+- Set files with the crond_var_run_t type, if you want to store the crond files under the /run directory.
++Policy governs the access confined processes have to these ports.
++SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
++.PP
++The following port types are defined for cobblerd:
+
-+.br
++.EX
+.TP 5
-+Paths:
-+/var/run/crond?\.pid, /var/run/.*cron.*, /var/run/fcron\.pid, /var/run/crond?\.reboot, /var/run/fcron\.fifo, /var/run/atd\.pid, /var/run/anacron\.pid
++.B cobbler_port_t
++.TP 10
++.EE
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
++Default Defined Ports:
++tcp 25151
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux crond policy is very flexible allowing users to setup their crond processes in as secure a method as possible.
++SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible.
+.PP
-+The following process types are defined for crond:
++The following process types are defined for cobblerd:
+
+.EX
-+.B crond_t, cronjob_t, crontab_t
++.B cobblerd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cobblerd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cobbler_tmp_t
++
++
++.br
++.B cobbler_var_lib_t
++
++ /var/lib/cobbler(/.*)?
++.br
++ /var/www/cobbler/pub(/.*)?
++.br
++ /var/lib/tftpboot/etc(/.*)?
++.br
++ /var/lib/tftpboot/ppc(/.*)?
++.br
++ /var/lib/tftpboot/grub(/.*)?
++.br
++ /var/www/cobbler/links(/.*)?
++.br
++ /var/lib/tftpboot/s390x(/.*)?
++.br
++ /var/www/cobbler/images(/.*)?
++.br
++ /var/lib/tftpboot/images(/.*)?
++.br
++ /var/www/cobbler/rendered(/.*)?
++.br
++ /var/www/cobbler/ks_mirror(/.*)?
++.br
++ /var/www/cobbler/localmirror(/.*)?
++.br
++ /var/www/cobbler/repo_mirror(/.*)?
++.br
++ /var/lib/tftpboot/pxelinux\.cfg(/.*)?
++.br
++ /var/lib/tftpboot/yaboot
++.br
++ /var/lib/tftpboot/memdisk
++.br
++ /var/lib/tftpboot/menu\.c32
++.br
++ /var/lib/tftpboot/pxelinux\.0
++.br
++
++.br
++.B cobbler_var_log_t
++
++ /var/log/cobbler(/.*)?
++.br
++
++.br
++.B dhcp_etc_t
++
++ /etc/dhcpc.*
++.br
++ /etc/dhcp3(/.*)?
++.br
++ /etc/dhcpd(6)?\.conf
++.br
++ /etc/dhcp3?/dhclient.*
++.br
++ /etc/dhclient.*conf
++.br
++ /etc/dhcp/dhcpd(6)?\.conf
++.br
++ /etc/dhclient-script
++.br
++
++.br
++.B dnsmasq_etc_t
++
++ /etc/dnsmasq\.conf
++.br
++
++.br
++.B httpd_cobbler_rw_content_t
++
++
++.br
++.B named_conf_t
++
++ /etc/rndc.*
++.br
++ /etc/unbound(/.*)?
++.br
++ /var/named/chroot(/.*)?
++.br
++ /etc/named\.rfc1912.zones
++.br
++ /var/named/chroot/etc/named\.rfc1912.zones
++.br
++ /etc/named\.conf
++.br
++ /var/named/named\.ca
++.br
++ /etc/named\.root\.hints
++.br
++ /var/named/chroot/etc/named\.conf
++.br
++ /etc/named\.caching-nameserver\.conf
++.br
++ /var/named/chroot/var/named/named\.ca
++.br
++ /var/named/chroot/etc/named\.root\.hints
++.br
++ /var/named/chroot/etc/named\.caching-nameserver\.conf
++.br
++
++.br
++.B named_zone_t
++
++ /var/named(/.*)?
++.br
++ /var/named/chroot/var/named(/.*)?
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B rsync_etc_t
++
++ /etc/rsyncd\.conf
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B tftpd_etc_t
++
++ /etc/xinetd\.d/tftp
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10071,6 +12183,9 @@ index 0000000..64e8674
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -10079,71 +12194,88 @@ index 0000000..64e8674
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), crond(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cobblerd(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/crontab_selinux.8 b/man/man8/crontab_selinux.8
+diff --git a/man/man8/collectd_selinux.8 b/man/man8/collectd_selinux.8
new file mode 100644
-index 0000000..43963c6
+index 0000000..bada43b
--- /dev/null
-+++ b/man/man8/crontab_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "crontab_selinux" "8" "crontab" "dwalsh at redhat.com" "crontab SELinux Policy documentation"
++++ b/man/man8/collectd_selinux.8
+@@ -0,0 +1,136 @@
++.TH "collectd_selinux" "8" "collectd" "dwalsh at redhat.com" "collectd SELinux Policy documentation"
+.SH "NAME"
-+crontab_selinux \- Security Enhanced Linux Policy for the crontab processes
++collectd_selinux \- Security Enhanced Linux Policy for the collectd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crontab processes via flexible mandatory access
++Security-Enhanced Linux secures the collectd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
-+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the crontab_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. collectd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run collectd with the tightest access possible.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the crontab_t, you must turn on the kerberos_enabled boolean.
++If you want to allow collectd to connect to the network using TCP, you must turn on the collectd_can_network_connect boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P collectd_can_network_connect 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux crontab policy is very flexible allowing users to setup their crontab processes in as secure a method as possible.
++SELinux collectd policy is very flexible allowing users to setup their collectd processes in as secure a method as possible.
+.PP
-+The following file types are defined for crontab:
++The following file types are defined for collectd:
+
+
+.EX
+.PP
-+.B crontab_exec_t
++.B collectd_exec_t
+.EE
+
-+- Set files with the crontab_exec_t type, if you want to transition an executable to the crontab_t domain.
++- Set files with the collectd_exec_t type, if you want to transition an executable to the collectd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/(f)?crontab, /usr/sbin/fcronsighup, /usr/bin/at
+
+.EX
+.PP
-+.B crontab_tmp_t
++.B collectd_initrc_exec_t
+.EE
+
-+- Set files with the crontab_tmp_t type, if you want to store crontab temporary files in the /tmp directories.
++- Set files with the collectd_initrc_exec_t type, if you want to transition an executable to the collectd_initrc_t domain.
++
++
++.EX
++.PP
++.B collectd_unit_file_t
++.EE
++
++- Set files with the collectd_unit_file_t type, if you want to treat the files as collectd unit content.
++
++
++.EX
++.PP
++.B collectd_var_lib_t
++.EE
++
++- Set files with the collectd_var_lib_t type, if you want to store the collectd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B collectd_var_run_t
++.EE
++
++- Set files with the collectd_var_run_t type, if you want to store the collectd files under the /run directory.
+
+
+.PP
@@ -10159,18 +12291,34 @@ index 0000000..43963c6
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux crontab policy is very flexible allowing users to setup their crontab processes in as secure a method as possible.
++SELinux collectd policy is very flexible allowing users to setup their collectd processes in as secure a method as possible.
+.PP
-+The following process types are defined for crontab:
++The following process types are defined for collectd:
+
+.EX
-+.B crontab_t
++.B collectd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type collectd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B collectd_var_lib_t
++
++ /var/lib/collectd(/.*)?
++.br
++
++.br
++.B collectd_var_run_t
++
++ /var/run/collectd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10181,101 +12329,108 @@ index 0000000..43963c6
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ctdbd_selinux.8 b/man/man8/ctdbd_selinux.8
++selinux(8), collectd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/colord_selinux.8 b/man/man8/colord_selinux.8
new file mode 100644
-index 0000000..d02c37a
+index 0000000..e9e543d
--- /dev/null
-+++ b/man/man8/ctdbd_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "ctdbd_selinux" "8" "ctdbd" "dwalsh at redhat.com" "ctdbd SELinux Policy documentation"
++++ b/man/man8/colord_selinux.8
+@@ -0,0 +1,159 @@
++.TH "colord_selinux" "8" "colord" "dwalsh at redhat.com" "colord SELinux Policy documentation"
+.SH "NAME"
-+ctdbd_selinux \- Security Enhanced Linux Policy for the ctdbd processes
++colord_selinux \- Security Enhanced Linux Policy for the colord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ctdbd processes via flexible mandatory access
++Security-Enhanced Linux secures the colord processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the colord_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the colord_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
++SELinux colord policy is very flexible allowing users to setup their colord processes in as secure a method as possible.
+.PP
-+The following file types are defined for ctdbd:
-+
-+
-+.EX
-+.PP
-+.B ctdbd_exec_t
-+.EE
-+
-+- Set files with the ctdbd_exec_t type, if you want to transition an executable to the ctdbd_t domain.
++The following file types are defined for colord:
+
+
+.EX
+.PP
-+.B ctdbd_initrc_exec_t
++.B colord_exec_t
+.EE
+
-+- Set files with the ctdbd_initrc_exec_t type, if you want to transition an executable to the ctdbd_initrc_t domain.
++- Set files with the colord_exec_t type, if you want to transition an executable to the colord_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/libexec/colord-sane, /usr/libexec/colord
+
+.EX
+.PP
-+.B ctdbd_log_t
++.B colord_tmp_t
+.EE
+
-+- Set files with the ctdbd_log_t type, if you want to treat the data as ctdbd log data, usually stored under the /var/log directory.
++- Set files with the colord_tmp_t type, if you want to store colord temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ctdbd_spool_t
++.B colord_tmpfs_t
+.EE
+
-+- Set files with the ctdbd_spool_t type, if you want to store the ctdbd files under the /var/spool directory.
++- Set files with the colord_tmpfs_t type, if you want to store colord files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B ctdbd_tmp_t
++.B colord_unit_file_t
+.EE
+
-+- Set files with the ctdbd_tmp_t type, if you want to store ctdbd temporary files in the /tmp directories.
++- Set files with the colord_unit_file_t type, if you want to treat the files as colord unit content.
+
+
+.EX
+.PP
-+.B ctdbd_var_lib_t
++.B colord_var_lib_t
+.EE
+
-+- Set files with the ctdbd_var_lib_t type, if you want to store the ctdbd files under the /var/lib directory.
++- Set files with the colord_var_lib_t type, if you want to store the colord files under the /var/lib directory.
+
+.br
+.TP 5
+Paths:
-+/var/ctdb(/.*)?, /var/lib/ctdbd(/.*)?, /etc/ctdb(/.*)?, /var/ctdbd(/.*)?
-+
-+.EX
-+.PP
-+.B ctdbd_var_run_t
-+.EE
-+
-+- Set files with the ctdbd_var_run_t type, if you want to store the ctdbd files under the /run directory.
-+
++/var/lib/color(/.*)?, /var/lib/colord(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -10284,49 +12439,56 @@ index 0000000..d02c37a
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ctdbd:
-+
-+.EX
-+.TP 5
-+.B ctdb_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 4379
-+.EE
-+udp 4379
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
++SELinux colord policy is very flexible allowing users to setup their colord processes in as secure a method as possible.
+.PP
-+The following process types are defined for ctdbd:
++The following process types are defined for colord:
+
+.EX
-+.B ctdbd_t
++.B colord_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type colord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B colord_tmp_t
++
++
++.br
++.B colord_tmpfs_t
++
++
++.br
++.B colord_var_lib_t
++
++ /var/lib/color(/.*)?
++.br
++ /var/lib/colord(/.*)?
++.br
++
++.br
++.B user_tmpfs_t
++
++ /dev/shm/mono.*
++.br
++ /dev/shm/pulse-shm.*
++.br
++
++.br
++.B zoneminder_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10337,46 +12499,43 @@ index 0000000..d02c37a
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cups_selinux.8 b/man/man8/cups_selinux.8
++selinux(8), colord(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/comsat_selinux.8 b/man/man8/comsat_selinux.8
new file mode 100644
-index 0000000..3534e79
+index 0000000..a94d43e
--- /dev/null
-+++ b/man/man8/cups_selinux.8
-@@ -0,0 +1,235 @@
-+.TH "cups_selinux" "8" "cups" "dwalsh at redhat.com" "cups SELinux Policy documentation"
++++ b/man/man8/comsat_selinux.8
+@@ -0,0 +1,141 @@
++.TH "comsat_selinux" "8" "comsat" "dwalsh at redhat.com" "comsat SELinux Policy documentation"
+.SH "NAME"
-+cups_selinux \- Security Enhanced Linux Policy for the cups processes
++comsat_selinux \- Security Enhanced Linux Policy for the comsat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cups processes via flexible mandatory access
++Security-Enhanced Linux secures the comsat processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the comsat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the comsat_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -10385,166 +12544,165 @@ index 0000000..3534e79
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cups policy is very flexible allowing users to setup their cups processes in as secure a method as possible.
++SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
+.PP
-+The following file types are defined for cups:
++The following file types are defined for comsat:
+
+
+.EX
+.PP
-+.B cups_pdf_exec_t
++.B comsat_exec_t
+.EE
+
-+- Set files with the cups_pdf_exec_t type, if you want to transition an executable to the cups_pdf_t domain.
++- Set files with the comsat_exec_t type, if you want to transition an executable to the comsat_t domain.
+
+
+.EX
+.PP
-+.B cups_pdf_tmp_t
++.B comsat_tmp_t
+.EE
+
-+- Set files with the cups_pdf_tmp_t type, if you want to store cups pdf temporary files in the /tmp directories.
++- Set files with the comsat_tmp_t type, if you want to store comsat temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B cupsd_config_exec_t
++.B comsat_var_run_t
+.EE
+
-+- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
++- Set files with the comsat_var_run_t type, if you want to store the comsat files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
-+.EX
+.PP
-+.B cupsd_config_var_run_t
-+.EE
-+
-+- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B cupsd_etc_t
-+.EE
++You can see the types associated with a port by using the following command:
+
-+- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories.
++.B semanage port -l
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/cups(/.*)?, /etc/cups(/.*)?
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
++.PP
++The following port types are defined for comsat:
+
+.EX
-+.PP
-+.B cupsd_exec_t
++.TP 5
++.B comsat_port_t
++.TP 10
+.EE
+
-+- Set files with the cupsd_exec_t type, if you want to transition an executable to the cupsd_t domain.
+
++Default Defined Ports:
++udp 512
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible.
++.PP
++The following process types are defined for comsat:
+
+.EX
-+.PP
-+.B cupsd_initrc_exec_t
++.B comsat_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the cupsd_initrc_exec_t type, if you want to transition an executable to the cupsd_initrc_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type comsat_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B cupsd_interface_t
-+.EE
++.br
++.B comsat_tmp_t
+
-+- Set files with the cupsd_interface_t type, if you want to treat the files as cupsd interface data.
+
++.br
++.B comsat_var_run_t
+
-+.EX
-+.PP
-+.B cupsd_lock_t
-+.EE
+
-+- Set files with the cupsd_lock_t type, if you want to treat the files as cupsd lock data, stored under the /var/lock directory
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
+
-+.EX
+.PP
-+.B cupsd_log_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/local/Brother/fax/.*\.log.*, /var/log/cups(/.*)?, /var/log/turboprint.*
++.SH "SEE ALSO"
++selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_collector_selinux.8 b/man/man8/condor_collector_selinux.8
+new file mode 100644
+index 0000000..38b67d1
+--- /dev/null
++++ b/man/man8/condor_collector_selinux.8
+@@ -0,0 +1,119 @@
++.TH "condor_collector_selinux" "8" "condor_collector" "dwalsh at redhat.com" "condor_collector SELinux Policy documentation"
++.SH "NAME"
++condor_collector_selinux \- Security Enhanced Linux Policy for the condor_collector processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B cupsd_lpd_exec_t
-+.EE
++Security-Enhanced Linux secures the condor_collector processes via flexible mandatory access
++control.
+
-+- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_collector_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B cupsd_lpd_tmp_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the cupsd_lpd_tmp_t type, if you want to store cupsd lpd temporary files in the /tmp directories.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the condor_collector_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B cupsd_lpd_var_run_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the cupsd_lpd_var_run_t type, if you want to store the cupsd lpd files under the /run directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux condor_collector policy is very flexible allowing users to setup their condor_collector processes in as secure a method as possible.
++.PP
++The following file types are defined for condor_collector:
+
+
+.EX
+.PP
-+.B cupsd_rw_etc_t
++.B condor_collector_exec_t
+.EE
+
-+- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories.
++- Set files with the condor_collector_exec_t type, if you want to transition an executable to the condor_collector_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /etc/cups/subscriptions.*, /opt/brother/Printers(.*/)?inf(/.*)?, /usr/local/Brother/(.*/)?inf(/.*)?, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /etc/alchemist/namespace/printconf(/.*)?, /usr/local/Printer/(.*/)?inf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids
-+
-+.EX
-+.PP
-+.B cupsd_tmp_t
-+.EE
-+
-+- Set files with the cupsd_tmp_t type, if you want to store cupsd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B cupsd_unit_file_t
-+.EE
-+
-+- Set files with the cupsd_unit_file_t type, if you want to treat the files as cupsd unit content.
-+
-+
-+.EX
-+.PP
-+.B cupsd_var_run_t
-+.EE
-+
-+- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -10559,18 +12717,50 @@ index 0000000..3534e79
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cups policy is very flexible allowing users to setup their cups processes in as secure a method as possible.
++SELinux condor_collector policy is very flexible allowing users to setup their condor_collector processes in as secure a method as possible.
+.PP
-+The following process types are defined for cups:
++The following process types are defined for condor_collector:
+
+.EX
-+.B cupsd_t, cupsd_config_t, cupsd_lpd_t, cups_pdf_t
++.B condor_collector_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type condor_collector_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B condor_log_t
++
++ /var/log/condor(/.*)?
++.br
++
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B condor_var_lock_t
++
++ /var/lock/condor(/.*)?
++.br
++
++.br
++.B condor_var_run_t
++
++ /var/run/condor(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10586,38 +12776,38 @@ index 0000000..3534e79
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cups(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cupsd_selinux.8 b/man/man8/cupsd_selinux.8
++selinux(8), condor_collector(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_master_selinux.8 b/man/man8/condor_master_selinux.8
new file mode 100644
-index 0000000..5df9c63
+index 0000000..c299941
--- /dev/null
-+++ b/man/man8/cupsd_selinux.8
-@@ -0,0 +1,219 @@
-+.TH "cupsd_selinux" "8" "cupsd" "dwalsh at redhat.com" "cupsd SELinux Policy documentation"
++++ b/man/man8/condor_master_selinux.8
+@@ -0,0 +1,119 @@
++.TH "condor_master_selinux" "8" "condor_master" "dwalsh at redhat.com" "condor_master SELinux Policy documentation"
+.SH "NAME"
-+cupsd_selinux \- Security Enhanced Linux Policy for the cupsd processes
++condor_master_selinux \- Security Enhanced Linux Policy for the condor_master processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cupsd processes via flexible mandatory access
++Security-Enhanced Linux secures the condor_master processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_master_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the condor_master_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -10626,150 +12816,143 @@ index 0000000..5df9c63
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cupsd policy is very flexible allowing users to setup their cupsd processes in as secure a method as possible.
++SELinux condor_master policy is very flexible allowing users to setup their condor_master processes in as secure a method as possible.
+.PP
-+The following file types are defined for cupsd:
++The following file types are defined for condor_master:
+
+
+.EX
+.PP
-+.B cupsd_config_exec_t
++.B condor_master_exec_t
+.EE
+
-+- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
++- Set files with the condor_master_exec_t type, if you want to transition an executable to the condor_master_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
-+.EX
+.PP
-+.B cupsd_config_var_run_t
-+.EE
-+
-+- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B cupsd_etc_t
-+.EE
-+
-+- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/cups(/.*)?, /etc/cups(/.*)?
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B cupsd_exec_t
-+.EE
-+
-+- Set files with the cupsd_exec_t type, if you want to transition an executable to the cupsd_t domain.
-+
++Policy governs the access confined processes have to files.
++SELinux condor_master policy is very flexible allowing users to setup their condor_master processes in as secure a method as possible.
++.PP
++The following process types are defined for condor_master:
+
+.EX
-+.PP
-+.B cupsd_initrc_exec_t
++.B condor_master_t
+.EE
-+
-+- Set files with the cupsd_initrc_exec_t type, if you want to transition an executable to the cupsd_initrc_t domain.
-+
-+
-+.EX
+.PP
-+.B cupsd_interface_t
-+.EE
-+
-+- Set files with the cupsd_interface_t type, if you want to treat the files as cupsd interface data.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B cupsd_lock_t
-+.EE
++The SELinux user type condor_master_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the cupsd_lock_t type, if you want to treat the files as cupsd lock data, stored under the /var/lock directory
++.br
++.B condor_log_t
+
++ /var/log/condor(/.*)?
++.br
+
-+.EX
-+.PP
-+.B cupsd_log_t
-+.EE
++.br
++.B condor_var_lib_t
+
-+- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory.
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/local/Brother/fax/.*\.log.*, /var/log/cups(/.*)?, /var/log/turboprint.*
++.B condor_var_lock_t
+
-+.EX
-+.PP
-+.B cupsd_lpd_exec_t
-+.EE
++ /var/lock/condor(/.*)?
++.br
+
-+- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain.
++.br
++.B condor_var_run_t
+
++ /var/run/condor(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B cupsd_lpd_tmp_t
-+.EE
-+
-+- Set files with the cupsd_lpd_tmp_t type, if you want to store cupsd lpd temporary files in the /tmp directories.
-+
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B cupsd_lpd_var_run_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the cupsd_lpd_var_run_t type, if you want to store the cupsd lpd files under the /run directory.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), condor_master(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_negotiator_selinux.8 b/man/man8/condor_negotiator_selinux.8
+new file mode 100644
+index 0000000..8cc8c88
+--- /dev/null
++++ b/man/man8/condor_negotiator_selinux.8
+@@ -0,0 +1,119 @@
++.TH "condor_negotiator_selinux" "8" "condor_negotiator" "dwalsh at redhat.com" "condor_negotiator SELinux Policy documentation"
++.SH "NAME"
++condor_negotiator_selinux \- Security Enhanced Linux Policy for the condor_negotiator processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B cupsd_rw_etc_t
-+.EE
++Security-Enhanced Linux secures the condor_negotiator processes via flexible mandatory access
++control.
+
-+- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories.
++.SH NSSWITCH DOMAIN
+
-+.br
-+.TP 5
-+Paths:
-+/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /etc/cups/subscriptions.*, /opt/brother/Printers(.*/)?inf(/.*)?, /usr/local/Brother/(.*/)?inf(/.*)?, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /etc/alchemist/namespace/printconf(/.*)?, /usr/local/Printer/(.*/)?inf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_negotiator_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B cupsd_tmp_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the cupsd_tmp_t type, if you want to store cupsd temporary files in the /tmp directories.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the condor_negotiator_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B cupsd_unit_file_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the cupsd_unit_file_t type, if you want to treat the files as cupsd unit content.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux condor_negotiator policy is very flexible allowing users to setup their condor_negotiator processes in as secure a method as possible.
++.PP
++The following file types are defined for condor_negotiator:
+
+
+.EX
+.PP
-+.B cupsd_var_run_t
++.B condor_negotiator_exec_t
+.EE
+
-+- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory.
++- Set files with the condor_negotiator_exec_t type, if you want to transition an executable to the condor_negotiator_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -10784,18 +12967,50 @@ index 0000000..5df9c63
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cupsd policy is very flexible allowing users to setup their cupsd processes in as secure a method as possible.
++SELinux condor_negotiator policy is very flexible allowing users to setup their condor_negotiator processes in as secure a method as possible.
+.PP
-+The following process types are defined for cupsd:
++The following process types are defined for condor_negotiator:
+
+.EX
-+.B cupsd_t, cupsd_config_t, cupsd_lpd_t, cups_pdf_t
++.B condor_negotiator_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type condor_negotiator_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B condor_log_t
++
++ /var/log/condor(/.*)?
++.br
++
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B condor_var_lock_t
++
++ /var/lock/condor(/.*)?
++.br
++
++.br
++.B condor_var_run_t
++
++ /var/run/condor(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10811,112 +13026,43 @@ index 0000000..5df9c63
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cvs_selinux.8 b/man/man8/cvs_selinux.8
++selinux(8), condor_negotiator(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_procd_selinux.8 b/man/man8/condor_procd_selinux.8
new file mode 100644
-index 0000000..bbec072
+index 0000000..3d02ecf
--- /dev/null
-+++ b/man/man8/cvs_selinux.8
-@@ -0,0 +1,174 @@
-+.TH "cvs_selinux" "8" "cvs" "dwalsh at redhat.com" "cvs SELinux Policy documentation"
++++ b/man/man8/condor_procd_selinux.8
+@@ -0,0 +1,105 @@
++.TH "condor_procd_selinux" "8" "condor_procd" "dwalsh at redhat.com" "condor_procd SELinux Policy documentation"
+.SH "NAME"
-+cvs_selinux \- Security Enhanced Linux Policy for the cvs processes
++condor_procd_selinux \- Security Enhanced Linux Policy for the condor_procd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cvs processes via flexible mandatory access
++Security-Enhanced Linux secures the condor_procd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. cvs policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cvs with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow cvs daemon to read shadow, you must turn on the cvs_read_shadow boolean.
-+
-+.EX
-+.B setsebool -P cvs_read_shadow 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cvs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the cvs_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
++SELinux condor_procd policy is very flexible allowing users to setup their condor_procd processes in as secure a method as possible.
+.PP
-+The following file types are defined for cvs:
-+
-+
-+.EX
-+.PP
-+.B cvs_data_t
-+.EE
-+
-+- Set files with the cvs_data_t type, if you want to treat the files as cvs content.
-+
-+.br
-+.TP 5
-+Paths:
-+/opt/cvs(/.*)?, /var/cvs(/.*)?
-+
-+.EX
-+.PP
-+.B cvs_exec_t
-+.EE
-+
-+- Set files with the cvs_exec_t type, if you want to transition an executable to the cvs_t domain.
-+
-+
-+.EX
-+.PP
-+.B cvs_initrc_exec_t
-+.EE
-+
-+- Set files with the cvs_initrc_exec_t type, if you want to transition an executable to the cvs_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B cvs_keytab_t
-+.EE
-+
-+- Set files with the cvs_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
-+
-+.EX
-+.PP
-+.B cvs_tmp_t
-+.EE
-+
-+- Set files with the cvs_tmp_t type, if you want to store cvs temporary files in the /tmp directories.
++The following file types are defined for condor_procd:
+
+
+.EX
+.PP
-+.B cvs_var_run_t
++.B condor_procd_exec_t
+.EE
+
-+- Set files with the cvs_var_run_t type, if you want to store the cvs files under the /run directory.
++- Set files with the condor_procd_exec_t type, if you want to transition an executable to the condor_procd_t domain.
+
+
+.PP
@@ -10926,49 +13072,56 @@ index 0000000..bbec072
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
-+.PP
-+The following port types are defined for cvs:
-+
-+.EX
-+.TP 5
-+.B cvs_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 2401
-+.EE
-+udp 2401
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
++SELinux condor_procd policy is very flexible allowing users to setup their condor_procd processes in as secure a method as possible.
+.PP
-+The following process types are defined for cvs:
++The following process types are defined for condor_procd:
+
+.EX
-+.B cvs_t
++.B condor_procd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type condor_procd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B condor_log_t
++
++ /var/log/condor(/.*)?
++.br
++
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B condor_var_lock_t
++
++ /var/lock/condor(/.*)?
++.br
++
++.br
++.B condor_var_run_t
++
++ /var/run/condor(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10979,80 +13132,70 @@ index 0000000..bbec072
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cvs(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/cyphesis_selinux.8 b/man/man8/cyphesis_selinux.8
++selinux(8), condor_procd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_schedd_selinux.8 b/man/man8/condor_schedd_selinux.8
new file mode 100644
-index 0000000..920e97f
+index 0000000..182d529
--- /dev/null
-+++ b/man/man8/cyphesis_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "cyphesis_selinux" "8" "cyphesis" "dwalsh at redhat.com" "cyphesis SELinux Policy documentation"
++++ b/man/man8/condor_schedd_selinux.8
+@@ -0,0 +1,131 @@
++.TH "condor_schedd_selinux" "8" "condor_schedd" "dwalsh at redhat.com" "condor_schedd SELinux Policy documentation"
+.SH "NAME"
-+cyphesis_selinux \- Security Enhanced Linux Policy for the cyphesis processes
++condor_schedd_selinux \- Security Enhanced Linux Policy for the condor_schedd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cyphesis processes via flexible mandatory access
++Security-Enhanced Linux secures the condor_schedd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
-+.PP
-+The following file types are defined for cyphesis:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_schedd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B cyphesis_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the cyphesis_exec_t type, if you want to transition an executable to the cyphesis_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the condor_schedd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B cyphesis_log_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the cyphesis_log_t type, if you want to treat the data as cyphesis log data, usually stored under the /var/log directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux condor_schedd policy is very flexible allowing users to setup their condor_schedd processes in as secure a method as possible.
++.PP
++The following file types are defined for condor_schedd:
+
+
+.EX
+.PP
-+.B cyphesis_tmp_t
++.B condor_schedd_exec_t
+.EE
+
-+- Set files with the cyphesis_tmp_t type, if you want to store cyphesis temporary files in the /tmp directories.
++- Set files with the condor_schedd_exec_t type, if you want to transition an executable to the condor_schedd_t domain.
+
+
+.EX
+.PP
-+.B cyphesis_var_run_t
++.B condor_schedd_tmp_t
+.EE
+
-+- Set files with the cyphesis_var_run_t type, if you want to store the cyphesis files under the /run directory.
++- Set files with the condor_schedd_tmp_t type, if you want to store condor schedd temporary files in the /tmp directories.
+
+
+.PP
@@ -11062,49 +13205,60 @@ index 0000000..920e97f
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
-+.PP
-+The following port types are defined for cyphesis:
-+
-+.EX
-+.TP 5
-+.B cyphesis_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 6767,6769,6780-6799
-+.EE
-+udp 32771
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
++SELinux condor_schedd policy is very flexible allowing users to setup their condor_schedd processes in as secure a method as possible.
+.PP
-+The following process types are defined for cyphesis:
++The following process types are defined for condor_schedd:
+
+.EX
-+.B cyphesis_t
++.B condor_schedd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type condor_schedd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B condor_log_t
++
++ /var/log/condor(/.*)?
++.br
++
++.br
++.B condor_schedd_tmp_t
++
++
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B condor_var_lock_t
++
++ /var/lock/condor(/.*)?
++.br
++
++.br
++.B condor_var_run_t
++
++ /var/run/condor(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -11115,46 +13269,43 @@ index 0000000..920e97f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/cyrus_selinux.8 b/man/man8/cyrus_selinux.8
++selinux(8), condor_schedd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/condor_startd_selinux.8 b/man/man8/condor_startd_selinux.8
new file mode 100644
-index 0000000..d8334d2
+index 0000000..66dcc83
--- /dev/null
-+++ b/man/man8/cyrus_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "cyrus_selinux" "8" "cyrus" "dwalsh at redhat.com" "cyrus SELinux Policy documentation"
++++ b/man/man8/condor_startd_selinux.8
+@@ -0,0 +1,169 @@
++.TH "condor_startd_selinux" "8" "condor_startd" "dwalsh at redhat.com" "condor_startd SELinux Policy documentation"
+.SH "NAME"
-+cyrus_selinux \- Security Enhanced Linux Policy for the cyrus processes
++condor_startd_selinux \- Security Enhanced Linux Policy for the condor_startd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cyrus processes via flexible mandatory access
++Security-Enhanced Linux secures the condor_startd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cyrus_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the condor_startd_t, condor_startd_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the cyrus_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the condor_startd_t, condor_startd_ssh_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -11163,91 +13314,125 @@ index 0000000..d8334d2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux cyrus policy is very flexible allowing users to setup their cyrus processes in as secure a method as possible.
++SELinux condor_startd policy is very flexible allowing users to setup their condor_startd processes in as secure a method as possible.
+.PP
-+The following file types are defined for cyrus:
++The following file types are defined for condor_startd:
+
+
+.EX
+.PP
-+.B cyrus_exec_t
++.B condor_startd_exec_t
+.EE
+
-+- Set files with the cyrus_exec_t type, if you want to transition an executable to the cyrus_t domain.
++- Set files with the condor_startd_exec_t type, if you want to transition an executable to the condor_startd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/cyrus-imapd/cyrus-master, /usr/lib/cyrus/master
++/usr/sbin/condor_starter, /usr/sbin/condor_startd
+
+.EX
+.PP
-+.B cyrus_initrc_exec_t
++.B condor_startd_tmp_t
+.EE
+
-+- Set files with the cyrus_initrc_exec_t type, if you want to transition an executable to the cyrus_initrc_t domain.
++- Set files with the condor_startd_tmp_t type, if you want to store condor startd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B cyrus_keytab_t
++.B condor_startd_tmpfs_t
+.EE
+
-+- Set files with the cyrus_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the condor_startd_tmpfs_t type, if you want to store condor startd files on a tmpfs file system.
+
+
-+.EX
+.PP
-+.B cyrus_tmp_t
-+.EE
-+
-+- Set files with the cyrus_tmp_t type, if you want to store cyrus temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux condor_startd policy is very flexible allowing users to setup their condor_startd processes in as secure a method as possible.
++.PP
++The following process types are defined for condor_startd:
+
+.EX
-+.PP
-+.B cyrus_var_lib_t
++.B condor_startd_ssh_t, condor_startd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the cyrus_var_lib_t type, if you want to store the cyrus files under the /var/lib directory.
++.SH "MANAGED FILES"
++
++The SELinux user type condor_startd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/var/imap(/.*)?, /var/lib/imap(/.*)?
++.B condor_log_t
+
-+.EX
-+.PP
-+.B cyrus_var_run_t
-+.EE
++ /var/log/condor(/.*)?
++.br
+
-+- Set files with the cyrus_var_run_t type, if you want to store the cyrus files under the /run directory.
++.br
++.B condor_startd_tmp_t
+
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B condor_startd_tmpfs_t
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux cyrus policy is very flexible allowing users to setup their cyrus processes in as secure a method as possible.
-+.PP
-+The following process types are defined for cyrus:
+
-+.EX
-+.B cyrus_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B condor_var_lock_t
++
++ /var/lock/condor(/.*)?
++.br
++
++.br
++.B condor_var_run_t
++
++ /var/run/condor(/.*)?
++.br
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -11264,145 +13449,245 @@ index 0000000..d8334d2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dbadm_selinux.8 b/man/man8/dbadm_selinux.8
++selinux(8), condor_startd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/consolekit_selinux.8 b/man/man8/consolekit_selinux.8
new file mode 100644
-index 0000000..4bbec80
+index 0000000..9632d0c
--- /dev/null
-+++ b/man/man8/dbadm_selinux.8
-@@ -0,0 +1,65 @@
-+.TH "dbadm_selinux" "8" "dbadm" "mgrepl at redhat.com" "dbadm SELinux Policy documentation"
++++ b/man/man8/consolekit_selinux.8
+@@ -0,0 +1,191 @@
++.TH "consolekit_selinux" "8" "consolekit" "dwalsh at redhat.com" "consolekit SELinux Policy documentation"
+.SH "NAME"
-+dbadm_r \- \fBDatabase administrator role\fP - Security Enhanced Linux Policy
++consolekit_selinux \- Security Enhanced Linux Policy for the consolekit processes
++.SH "DESCRIPTION"
+
-+.SH DESCRIPTION
++Security-Enhanced Linux secures the consolekit processes via flexible mandatory access
++control.
+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++.SH NSSWITCH DOMAIN
+
-+Note: The examples in the man page will user the staff_u user.
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the consolekit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+Non login roles are usually used for administrative tasks.
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
+
-+Roles usually have default types assigned to them.
++.PP
++If you want to allow confined applications to run with kerberos for the consolekit_t, you must turn on the kerberos_enabled boolean.
+
-+The default type for the dbadm_r role is dbadm_t.
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux consolekit policy is very flexible allowing users to setup their consolekit processes in as secure a method as possible.
++.PP
++The following file types are defined for consolekit:
+
-+.B newrole -r dbadm_r -t dbadm_t
+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
++.EX
++.PP
++.B consolekit_exec_t
++.EE
++
++- Set files with the consolekit_exec_t type, if you want to transition an executable to the consolekit_t domain.
++
++
++.EX
++.PP
++.B consolekit_log_t
++.EE
++
++- Set files with the consolekit_log_t type, if you want to treat the data as consolekit log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B consolekit_tmpfs_t
++.EE
++
++- Set files with the consolekit_tmpfs_t type, if you want to store consolekit files on a tmpfs file system.
++
++
++.EX
++.PP
++.B consolekit_unit_file_t
++.EE
++
++- Set files with the consolekit_unit_file_t type, if you want to treat the files as consolekit unit content.
++
++
++.EX
++.PP
++.B consolekit_var_run_t
++.EE
++
++- Set files with the consolekit_var_run_t type, if you want to store the consolekit files under the /run directory.
+
-+USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
+.br
-+sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
++.TP 5
++Paths:
++/var/run/console-kit-daemon\.pid, /var/run/ConsoleKit(/.*)?, /var/run/consolekit\.pid
+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux consolekit policy is very flexible allowing users to setup their consolekit processes in as secure a method as possible.
++.PP
++The following process types are defined for consolekit:
+
-+You can see all of the assigned SELinux roles using the following
++.EX
++.B consolekit_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.B semanage user -l
++.SH "MANAGED FILES"
+
-+If you wanted to add dbadm_r to the staff_u user, you would execute:
++The SELinux user type consolekit_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B $ semanage user -m -R 'staff_r dbadm_r' staff_u
++.br
++.B consolekit_log_t
+
++ /var/log/ConsoleKit(/.*)?
++.br
+
++.br
++.B consolekit_var_run_t
+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
++ /var/run/ConsoleKit(/.*)?
++.br
++ /var/run/consolekit\.pid
++.br
++ /var/run/console-kit-daemon\.pid
++.br
+
-+.B sesearch --role_allow
++.br
++.B initrc_var_run_t
+
-+SELinux policy allows the staff_r role can transition to the dbadm_r role.
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
++.br
++.B pam_var_console_t
+
-+.SH "COMMANDS"
++ /var/run/console(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B wtmp_t
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
++ /var/log/wtmp.*
++.br
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/dbskkd_selinux.8 b/man/man8/dbskkd_selinux.8
++selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/consoletype_selinux.8 b/man/man8/consoletype_selinux.8
new file mode 100644
-index 0000000..e7106ae
+index 0000000..165e37c
--- /dev/null
-+++ b/man/man8/dbskkd_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "dbskkd_selinux" "8" "dbskkd" "dwalsh at redhat.com" "dbskkd SELinux Policy documentation"
++++ b/man/man8/consoletype_selinux.8
+@@ -0,0 +1,85 @@
++.TH "consoletype_selinux" "8" "consoletype" "dwalsh at redhat.com" "consoletype SELinux Policy documentation"
+.SH "NAME"
-+dbskkd_selinux \- Security Enhanced Linux Policy for the dbskkd processes
++consoletype_selinux \- Security Enhanced Linux Policy for the consoletype processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dbskkd processes via flexible mandatory access
++Security-Enhanced Linux secures the consoletype processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dbskkd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the dbskkd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
++SELinux consoletype policy is very flexible allowing users to setup their consoletype processes in as secure a method as possible.
+.PP
-+The following file types are defined for dbskkd:
-+
-+
-+.EX
-+.PP
-+.B dbskkd_exec_t
-+.EE
-+
-+- Set files with the dbskkd_exec_t type, if you want to transition an executable to the dbskkd_t domain.
-+
-+
-+.EX
-+.PP
-+.B dbskkd_tmp_t
-+.EE
-+
-+- Set files with the dbskkd_tmp_t type, if you want to store dbskkd temporary files in the /tmp directories.
++The following file types are defined for consoletype:
+
+
+.EX
+.PP
-+.B dbskkd_var_run_t
++.B consoletype_exec_t
+.EE
+
-+- Set files with the dbskkd_var_run_t type, if you want to store the dbskkd files under the /run directory.
++- Set files with the consoletype_exec_t type, if you want to transition an executable to the consoletype_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/consoletype, /sbin/consoletype
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11411,47 +13696,32 @@ index 0000000..e7106ae
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dbskkd:
-+
-+.EX
-+.TP 5
-+.B dbskkd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1178
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
++SELinux consoletype policy is very flexible allowing users to setup their consoletype processes in as secure a method as possible.
+.PP
-+The following process types are defined for dbskkd:
++The following process types are defined for consoletype:
+
+.EX
-+.B dbskkd_t
++.B consoletype_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type consoletype_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -11462,46 +13732,43 @@ index 0000000..e7106ae
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dcc_selinux.8 b/man/man8/dcc_selinux.8
++selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/corosync_selinux.8 b/man/man8/corosync_selinux.8
new file mode 100644
-index 0000000..eaba130
+index 0000000..c4f9340
--- /dev/null
-+++ b/man/man8/dcc_selinux.8
-@@ -0,0 +1,258 @@
-+.TH "dcc_selinux" "8" "dcc" "dwalsh at redhat.com" "dcc SELinux Policy documentation"
++++ b/man/man8/corosync_selinux.8
+@@ -0,0 +1,265 @@
++.TH "corosync_selinux" "8" "corosync" "dwalsh at redhat.com" "corosync SELinux Policy documentation"
+.SH "NAME"
-+dcc_selinux \- Security Enhanced Linux Policy for the dcc processes
++corosync_selinux \- Security Enhanced Linux Policy for the corosync processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dcc processes via flexible mandatory access
++Security-Enhanced Linux secures the corosync processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the corosync_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the corosync_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -11510,211 +13777,221 @@ index 0000000..eaba130
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dcc policy is very flexible allowing users to setup their dcc processes in as secure a method as possible.
++SELinux corosync policy is very flexible allowing users to setup their corosync processes in as secure a method as possible.
+.PP
-+The following file types are defined for dcc:
-+
-+
-+.EX
-+.PP
-+.B dcc_client_exec_t
-+.EE
-+
-+- Set files with the dcc_client_exec_t type, if you want to transition an executable to the dcc_client_t domain.
++The following file types are defined for corosync:
+
+
+.EX
+.PP
-+.B dcc_client_map_t
++.B corosync_exec_t
+.EE
+
-+- Set files with the dcc_client_map_t type, if you want to treat the files as dcc client map data.
++- Set files with the corosync_exec_t type, if you want to transition an executable to the corosync_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/dcc/map, /etc/dcc/map, /var/run/dcc/map, /var/dcc/map
++/usr/sbin/ccs_tool, /usr/sbin/corosync, /usr/sbin/corosync-notifyd, /usr/sbin/cman_tool
+
+.EX
+.PP
-+.B dcc_client_tmp_t
++.B corosync_initrc_exec_t
+.EE
+
-+- Set files with the dcc_client_tmp_t type, if you want to store dcc client temporary files in the /tmp directories.
++- Set files with the corosync_initrc_exec_t type, if you want to transition an executable to the corosync_initrc_t domain.
+
+
+.EX
+.PP
-+.B dcc_dbclean_exec_t
++.B corosync_tmp_t
+.EE
+
-+- Set files with the dcc_dbclean_exec_t type, if you want to transition an executable to the dcc_dbclean_t domain.
++- Set files with the corosync_tmp_t type, if you want to store corosync temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dcc_dbclean_tmp_t
++.B corosync_tmpfs_t
+.EE
+
-+- Set files with the dcc_dbclean_tmp_t type, if you want to store dcc dbclean temporary files in the /tmp directories.
++- Set files with the corosync_tmpfs_t type, if you want to store corosync files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B dcc_var_run_t
++.B corosync_unit_file_t
+.EE
+
-+- Set files with the dcc_var_run_t type, if you want to store the dcc files under the /run directory.
++- Set files with the corosync_unit_file_t type, if you want to treat the files as corosync unit content.
+
+
+.EX
+.PP
-+.B dcc_var_t
++.B corosync_var_lib_t
+.EE
+
-+- Set files with the dcc_var_t type, if you want to store the files under the /var directory.
++- Set files with the corosync_var_lib_t type, if you want to store the corosync files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/dcc(/.*)?, /var/dcc(/.*)?, /var/lib/dcc(/.*)?
+
+.EX
+.PP
-+.B dccd_exec_t
++.B corosync_var_log_t
+.EE
+
-+- Set files with the dccd_exec_t type, if you want to transition an executable to the dccd_t domain.
++- Set files with the corosync_var_log_t type, if you want to treat the data as corosync var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B dccd_tmp_t
++.B corosync_var_run_t
+.EE
+
-+- Set files with the dccd_tmp_t type, if you want to store dccd temporary files in the /tmp directories.
++- Set files with the corosync_var_run_t type, if you want to store the corosync files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/rsctmp(/.*)?, /var/run/corosync\.pid, /var/run/cman_.*
+
-+.EX
+.PP
-+.B dccd_var_run_t
-+.EE
-+
-+- Set files with the dccd_var_run_t type, if you want to store the dccd files under the /run directory.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux corosync policy is very flexible allowing users to setup their corosync processes in as secure a method as possible.
++.PP
++The following process types are defined for corosync:
+
+.EX
-+.PP
-+.B dccifd_exec_t
++.B corosync_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the dccifd_exec_t type, if you want to transition an executable to the dccifd_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type corosync_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B dccifd_tmp_t
-+.EE
++.br
++.B cluster_tmpfs
+
-+- Set files with the dccifd_tmp_t type, if you want to store dccifd temporary files in the /tmp directories.
+
++.br
++.B cluster_var_lib_t
+
-+.EX
-+.PP
-+.B dccifd_var_run_t
-+.EE
++ /var/lib/cluster(/.*)?
++.br
++
++.br
++.B clvmd_tmpfs_t
+
-+- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory.
+
+.br
-+.TP 5
-+Paths:
-+/etc/dcc/dccifd, /var/run/dcc/dccifd
++.B cmirrord_tmpfs_t
+
-+.EX
-+.PP
-+.B dccm_exec_t
-+.EE
+
-+- Set files with the dccm_exec_t type, if you want to transition an executable to the dccm_t domain.
++.br
++.B corosync_tmp_t
+
+
-+.EX
-+.PP
-+.B dccm_tmp_t
-+.EE
++.br
++.B corosync_tmpfs_t
+
-+- Set files with the dccm_tmp_t type, if you want to store dccm temporary files in the /tmp directories.
+
++.br
++.B corosync_var_lib_t
+
-+.EX
-+.PP
-+.B dccm_var_run_t
-+.EE
++ /var/lib/corosync(/.*)?
++.br
+
-+- Set files with the dccm_var_run_t type, if you want to store the dccm files under the /run directory.
++.br
++.B corosync_var_log_t
+
++ /var/log/cluster/corosync\.log.*
++.br
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B corosync_var_run_t
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++ /var/run/cman_.*
++.br
++ /var/run/rsctmp(/.*)?
++.br
++ /var/run/corosync\.pid
++.br
+
-+.B semanage port -l
++.br
++.B initrc_state_t
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dcc policy is very flexible allowing users to setup their dcc processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dcc:
+
-+.EX
-+.TP 5
-+.B dcc_port_t
-+.TP 10
-+.EE
++.br
++.B initrc_tmp_t
+
+
-+Default Defined Ports:
-+udp 6276,6277
-+.EE
++.br
++.B qpidd_tmpfs_t
+
-+.EX
-+.TP 5
-+.B dccm_port_t
-+.TP 10
-+.EE
+
++.br
++.B rgmanager_tmpfs_t
+
-+Default Defined Ports:
-+tcp 5679
-+.EE
-+udp 5679
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux dcc policy is very flexible allowing users to setup their dcc processes in as secure a method as possible.
-+.PP
-+The following process types are defined for dcc:
+
-+.EX
-+.B dccm_t, dcc_client_t, dcc_dbclean_t, dccifd_t, dccd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B rgmanager_var_lib_t
++
++ /usr/lib(64)?/heartbeat(/.*)?
++.br
++ /var/lib/heartbeat(/.*)?
++.br
++
++.br
++.B rgmanager_var_run_t
++
++ /var/run/heartbeat(/.*)?
++.br
++ /var/run/cpglockd\.pid
++.br
++ /var/run/rgmanager\.pid
++.br
++ /var/run/cluster/rgmanager\.sk
++.br
++
++.br
++.B tmpfs_t
++
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
++
++.br
++.B user_tmpfs_t
++
++ /dev/shm/mono.*
++.br
++ /dev/shm/pulse-shm.*
++.br
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -11726,46 +14003,43 @@ index 0000000..eaba130
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dcc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dccd_selinux.8 b/man/man8/dccd_selinux.8
++selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/couchdb_selinux.8 b/man/man8/couchdb_selinux.8
new file mode 100644
-index 0000000..37ca629
+index 0000000..c1235b5
--- /dev/null
-+++ b/man/man8/dccd_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "dccd_selinux" "8" "dccd" "dwalsh at redhat.com" "dccd SELinux Policy documentation"
++++ b/man/man8/couchdb_selinux.8
+@@ -0,0 +1,189 @@
++.TH "couchdb_selinux" "8" "couchdb" "dwalsh at redhat.com" "couchdb SELinux Policy documentation"
+.SH "NAME"
-+dccd_selinux \- Security Enhanced Linux Policy for the dccd processes
++couchdb_selinux \- Security Enhanced Linux Policy for the couchdb processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccd processes via flexible mandatory access
++Security-Enhanced Linux secures the couchdb processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the couchdb_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the couchdb_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -11774,33 +14048,65 @@ index 0000000..37ca629
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
++SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
+.PP
-+The following file types are defined for dccd:
++The following file types are defined for couchdb:
+
+
+.EX
+.PP
-+.B dccd_exec_t
++.B couchdb_etc_t
+.EE
+
-+- Set files with the dccd_exec_t type, if you want to transition an executable to the dccd_t domain.
++- Set files with the couchdb_etc_t type, if you want to store couchdb files in the /etc directories.
+
+
+.EX
+.PP
-+.B dccd_tmp_t
++.B couchdb_exec_t
+.EE
+
-+- Set files with the dccd_tmp_t type, if you want to store dccd temporary files in the /tmp directories.
++- Set files with the couchdb_exec_t type, if you want to transition an executable to the couchdb_t domain.
+
+
+.EX
+.PP
-+.B dccd_var_run_t
++.B couchdb_log_t
+.EE
+
-+- Set files with the dccd_var_run_t type, if you want to store the dccd files under the /run directory.
++- Set files with the couchdb_log_t type, if you want to treat the data as couchdb log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B couchdb_tmp_t
++.EE
++
++- Set files with the couchdb_tmp_t type, if you want to store couchdb temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B couchdb_unit_file_t
++.EE
++
++- Set files with the couchdb_unit_file_t type, if you want to treat the files as couchdb unit content.
++
++
++.EX
++.PP
++.B couchdb_var_lib_t
++.EE
++
++- Set files with the couchdb_var_lib_t type, if you want to store the couchdb files under the /var/lib directory.
++
++
++.EX
++.PP
++.B couchdb_var_run_t
++.EE
++
++- Set files with the couchdb_var_run_t type, if you want to store the couchdb files under the /run directory.
+
+
+.PP
@@ -11819,32 +14125,21 @@ index 0000000..37ca629
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
++SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
+.PP
-+The following port types are defined for dccd:
-+
-+.EX
-+.TP 5
-+.B dcc_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 6276,6277
-+.EE
++The following port types are defined for couchdb:
+
+.EX
+.TP 5
-+.B dccm_port_t
++.B couchdb_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 5679
++tcp 5984
+.EE
-+udp 5679
++udp 5984
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -11852,18 +14147,44 @@ index 0000000..37ca629
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
++SELinux couchdb policy is very flexible allowing users to setup their couchdb processes in as secure a method as possible.
+.PP
-+The following process types are defined for dccd:
++The following process types are defined for couchdb:
+
+.EX
-+.B dccm_t, dcc_client_t, dcc_dbclean_t, dccifd_t, dccd_t
++.B couchdb_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type couchdb_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B couchdb_log_t
++
++ /var/log/couchdb(/.*)?
++.br
++
++.br
++.B couchdb_tmp_t
++
++
++.br
++.B couchdb_var_lib_t
++
++ /var/lib/couchdb(/.*)?
++.br
++
++.br
++.B couchdb_var_run_t
++
++ /var/run/couchdb(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -11882,38 +14203,38 @@ index 0000000..37ca629
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dccifd_selinux.8 b/man/man8/dccifd_selinux.8
++selinux(8), couchdb(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/courier_authdaemon_selinux.8 b/man/man8/courier_authdaemon_selinux.8
new file mode 100644
-index 0000000..d1647bd
+index 0000000..2d2507b
--- /dev/null
-+++ b/man/man8/dccifd_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "dccifd_selinux" "8" "dccifd" "dwalsh at redhat.com" "dccifd SELinux Policy documentation"
++++ b/man/man8/courier_authdaemon_selinux.8
+@@ -0,0 +1,127 @@
++.TH "courier_authdaemon_selinux" "8" "courier_authdaemon" "dwalsh at redhat.com" "courier_authdaemon SELinux Policy documentation"
+.SH "NAME"
-+dccifd_selinux \- Security Enhanced Linux Policy for the dccifd processes
++courier_authdaemon_selinux \- Security Enhanced Linux Policy for the courier_authdaemon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccifd processes via flexible mandatory access
++Security-Enhanced Linux secures the courier_authdaemon processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccifd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the courier_authdaemon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dccifd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the courier_authdaemon_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -11922,38 +14243,22 @@ index 0000000..d1647bd
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dccifd policy is very flexible allowing users to setup their dccifd processes in as secure a method as possible.
++SELinux courier_authdaemon policy is very flexible allowing users to setup their courier_authdaemon processes in as secure a method as possible.
+.PP
-+The following file types are defined for dccifd:
-+
-+
-+.EX
-+.PP
-+.B dccifd_exec_t
-+.EE
-+
-+- Set files with the dccifd_exec_t type, if you want to transition an executable to the dccifd_t domain.
-+
-+
-+.EX
-+.PP
-+.B dccifd_tmp_t
-+.EE
-+
-+- Set files with the dccifd_tmp_t type, if you want to store dccifd temporary files in the /tmp directories.
++The following file types are defined for courier_authdaemon:
+
+
+.EX
+.PP
-+.B dccifd_var_run_t
++.B courier_authdaemon_exec_t
+.EE
+
-+- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory.
++- Set files with the courier_authdaemon_exec_t type, if you want to transition an executable to the courier_authdaemon_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/dcc/dccifd, /var/run/dcc/dccifd
++/usr/sbin/authdaemond, /usr/lib/courier/authlib/.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11968,18 +14273,54 @@ index 0000000..d1647bd
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dccifd policy is very flexible allowing users to setup their dccifd processes in as secure a method as possible.
++SELinux courier_authdaemon policy is very flexible allowing users to setup their courier_authdaemon processes in as secure a method as possible.
+.PP
-+The following process types are defined for dccifd:
++The following process types are defined for courier_authdaemon:
+
+.EX
-+.B dccifd_t
++.B courier_authdaemon_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type courier_authdaemon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B courier_var_run_t
++
++ /var/run/courier(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -11995,73 +14336,43 @@ index 0000000..d1647bd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dccm_selinux.8 b/man/man8/dccm_selinux.8
++selinux(8), courier_authdaemon(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/courier_pcp_selinux.8 b/man/man8/courier_pcp_selinux.8
new file mode 100644
-index 0000000..f930d66
+index 0000000..d8e70f5
--- /dev/null
-+++ b/man/man8/dccm_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "dccm_selinux" "8" "dccm" "dwalsh at redhat.com" "dccm SELinux Policy documentation"
++++ b/man/man8/courier_pcp_selinux.8
+@@ -0,0 +1,83 @@
++.TH "courier_pcp_selinux" "8" "courier_pcp" "dwalsh at redhat.com" "courier_pcp SELinux Policy documentation"
+.SH "NAME"
-+dccm_selinux \- Security Enhanced Linux Policy for the dccm processes
++courier_pcp_selinux \- Security Enhanced Linux Policy for the courier_pcp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccm processes via flexible mandatory access
++Security-Enhanced Linux secures the courier_pcp processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the dccm_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
++SELinux courier_pcp policy is very flexible allowing users to setup their courier_pcp processes in as secure a method as possible.
+.PP
-+The following file types are defined for dccm:
-+
-+
-+.EX
-+.PP
-+.B dccm_exec_t
-+.EE
-+
-+- Set files with the dccm_exec_t type, if you want to transition an executable to the dccm_t domain.
-+
-+
-+.EX
-+.PP
-+.B dccm_tmp_t
-+.EE
-+
-+- Set files with the dccm_tmp_t type, if you want to store dccm temporary files in the /tmp directories.
++The following file types are defined for courier_pcp:
+
+
+.EX
+.PP
-+.B dccm_var_run_t
++.B courier_pcp_exec_t
+.EE
+
-+- Set files with the dccm_var_run_t type, if you want to store the dccm files under the /run directory.
++- Set files with the courier_pcp_exec_t type, if you want to transition an executable to the courier_pcp_t domain.
+
+
+.PP
@@ -12071,49 +14382,34 @@ index 0000000..f930d66
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dccm:
-+
-+.EX
-+.TP 5
-+.B dccm_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 5679
-+.EE
-+udp 5679
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
++SELinux courier_pcp policy is very flexible allowing users to setup their courier_pcp processes in as secure a method as possible.
+.PP
-+The following process types are defined for dccm:
++The following process types are defined for courier_pcp:
+
+.EX
-+.B dccm_t
++.B courier_pcp_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type courier_pcp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B courier_var_run_t
++
++ /var/run/courier(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12124,30 +14420,27 @@ index 0000000..f930d66
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dcerpcd_selinux.8 b/man/man8/dcerpcd_selinux.8
++selinux(8), courier_pcp(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/courier_pop_selinux.8 b/man/man8/courier_pop_selinux.8
new file mode 100644
-index 0000000..10ac2d2
+index 0000000..59be1e0
--- /dev/null
-+++ b/man/man8/dcerpcd_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "dcerpcd_selinux" "8" "dcerpcd" "dwalsh at redhat.com" "dcerpcd SELinux Policy documentation"
++++ b/man/man8/courier_pop_selinux.8
+@@ -0,0 +1,93 @@
++.TH "courier_pop_selinux" "8" "courier_pop" "dwalsh at redhat.com" "courier_pop SELinux Policy documentation"
+.SH "NAME"
-+dcerpcd_selinux \- Security Enhanced Linux Policy for the dcerpcd processes
++courier_pop_selinux \- Security Enhanced Linux Policy for the courier_pop processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dcerpcd processes via flexible mandatory access
++Security-Enhanced Linux secures the courier_pop processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -12158,42 +14451,22 @@ index 0000000..10ac2d2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dcerpcd policy is very flexible allowing users to setup their dcerpcd processes in as secure a method as possible.
++SELinux courier_pop policy is very flexible allowing users to setup their courier_pop processes in as secure a method as possible.
+.PP
-+The following file types are defined for dcerpcd:
-+
-+
-+.EX
-+.PP
-+.B dcerpcd_exec_t
-+.EE
-+
-+- Set files with the dcerpcd_exec_t type, if you want to transition an executable to the dcerpcd_t domain.
-+
-+
-+.EX
-+.PP
-+.B dcerpcd_var_lib_t
-+.EE
-+
-+- Set files with the dcerpcd_var_lib_t type, if you want to store the dcerpcd files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B dcerpcd_var_run_t
-+.EE
-+
-+- Set files with the dcerpcd_var_run_t type, if you want to store the dcerpcd files under the /run directory.
++The following file types are defined for courier_pop:
+
+
+.EX
+.PP
-+.B dcerpcd_var_socket_t
++.B courier_pop_exec_t
+.EE
+
-+- Set files with the dcerpcd_var_socket_t type, if you want to treat the files as dcerpcd var socket data.
++- Set files with the courier_pop_exec_t type, if you want to transition an executable to the courier_pop_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/courier/imapd, /usr/lib/courier/courier/courierpop.*, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin, /usr/bin/imapd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12208,18 +14481,34 @@ index 0000000..10ac2d2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dcerpcd policy is very flexible allowing users to setup their dcerpcd processes in as secure a method as possible.
++SELinux courier_pop policy is very flexible allowing users to setup their courier_pop processes in as secure a method as possible.
+.PP
-+The following process types are defined for dcerpcd:
++The following process types are defined for courier_pop:
+
+.EX
-+.B dcerpcd_t
++.B courier_pop_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type courier_pop_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B courier_var_run_t
++
++ /var/run/courier(/.*)?
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12235,22 +14524,22 @@ index 0000000..10ac2d2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ddclient_selinux.8 b/man/man8/ddclient_selinux.8
++selinux(8), courier_pop(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/courier_sqwebmail_selinux.8 b/man/man8/courier_sqwebmail_selinux.8
new file mode 100644
-index 0000000..15e7310
+index 0000000..c6ca9b6
--- /dev/null
-+++ b/man/man8/ddclient_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "ddclient_selinux" "8" "ddclient" "dwalsh at redhat.com" "ddclient SELinux Policy documentation"
++++ b/man/man8/courier_sqwebmail_selinux.8
+@@ -0,0 +1,83 @@
++.TH "courier_sqwebmail_selinux" "8" "courier_sqwebmail" "dwalsh at redhat.com" "courier_sqwebmail SELinux Policy documentation"
+.SH "NAME"
-+ddclient_selinux \- Security Enhanced Linux Policy for the ddclient processes
++courier_sqwebmail_selinux \- Security Enhanced Linux Policy for the courier_sqwebmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ddclient processes via flexible mandatory access
++Security-Enhanced Linux secures the courier_sqwebmail processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -12261,85 +14550,106 @@ index 0000000..15e7310
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ddclient policy is very flexible allowing users to setup their ddclient processes in as secure a method as possible.
++SELinux courier_sqwebmail policy is very flexible allowing users to setup their courier_sqwebmail processes in as secure a method as possible.
+.PP
-+The following file types are defined for ddclient:
++The following file types are defined for courier_sqwebmail:
+
+
+.EX
+.PP
-+.B ddclient_etc_t
++.B courier_sqwebmail_exec_t
+.EE
+
-+- Set files with the ddclient_etc_t type, if you want to store ddclient files in the /etc directories.
++- Set files with the courier_sqwebmail_exec_t type, if you want to transition an executable to the courier_sqwebmail_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ddclient\.conf, /etc/ddtcd\.conf
+
-+.EX
+.PP
-+.B ddclient_exec_t
-+.EE
-+
-+- Set files with the ddclient_exec_t type, if you want to transition an executable to the ddclient_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ddclient, /usr/sbin/ddtcd
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux courier_sqwebmail policy is very flexible allowing users to setup their courier_sqwebmail processes in as secure a method as possible.
++.PP
++The following process types are defined for courier_sqwebmail:
+
+.EX
-+.PP
-+.B ddclient_initrc_exec_t
++.B courier_sqwebmail_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the ddclient_initrc_exec_t type, if you want to transition an executable to the ddclient_initrc_t domain.
-+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B ddclient_log_t
-+.EE
++The SELinux user type courier_sqwebmail_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the ddclient_log_t type, if you want to treat the data as ddclient log data, usually stored under the /var/log directory.
++.br
++.B courier_var_run_t
+
++ /var/run/courier(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B ddclient_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the ddclient_tmp_t type, if you want to store ddclient temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B ddclient_var_lib_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), courier_sqwebmail(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/courier_tcpd_selinux.8 b/man/man8/courier_tcpd_selinux.8
+new file mode 100644
+index 0000000..dc5b5dc
+--- /dev/null
++++ b/man/man8/courier_tcpd_selinux.8
+@@ -0,0 +1,91 @@
++.TH "courier_tcpd_selinux" "8" "courier_tcpd" "dwalsh at redhat.com" "courier_tcpd SELinux Policy documentation"
++.SH "NAME"
++courier_tcpd_selinux \- Security Enhanced Linux Policy for the courier_tcpd processes
++.SH "DESCRIPTION"
+
-+- Set files with the ddclient_var_lib_t type, if you want to store the ddclient files under the /var/lib directory.
++Security-Enhanced Linux secures the courier_tcpd processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B ddclient_var_run_t
-+.EE
-+
-+- Set files with the ddclient_var_run_t type, if you want to store the ddclient files under the /run directory.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux courier_tcpd policy is very flexible allowing users to setup their courier_tcpd processes in as secure a method as possible.
++.PP
++The following file types are defined for courier_tcpd:
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/ddtcd\.pid, /var/run/ddclient\.pid
+
+.EX
+.PP
-+.B ddclient_var_t
++.B courier_tcpd_exec_t
+.EE
+
-+- Set files with the ddclient_var_t type, if you want to store the ddcl files under the /var directory.
++- Set files with the courier_tcpd_exec_t type, if you want to transition an executable to the courier_tcpd_t domain.
+
+
+.PP
@@ -12355,18 +14665,36 @@ index 0000000..15e7310
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ddclient policy is very flexible allowing users to setup their ddclient processes in as secure a method as possible.
++SELinux courier_tcpd policy is very flexible allowing users to setup their courier_tcpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for ddclient:
++The following process types are defined for courier_tcpd:
+
+.EX
-+.B ddclient_t
++.B courier_tcpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type courier_tcpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B courier_var_lib_t
++
++ /var/lib/courier(/.*)?
++.br
++ /var/lib/courier-imap(/.*)?
++.br
++
++.br
++.B courier_var_run_t
++
++ /var/run/courier(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12382,82 +14710,56 @@ index 0000000..15e7310
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/deltacloudd_selinux.8 b/man/man8/deltacloudd_selinux.8
++selinux(8), courier_tcpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cpucontrol_selinux.8 b/man/man8/cpucontrol_selinux.8
new file mode 100644
-index 0000000..1abae65
+index 0000000..238081d
--- /dev/null
-+++ b/man/man8/deltacloudd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "deltacloudd_selinux" "8" "deltacloudd" "dwalsh at redhat.com" "deltacloudd SELinux Policy documentation"
++++ b/man/man8/cpucontrol_selinux.8
+@@ -0,0 +1,89 @@
++.TH "cpucontrol_selinux" "8" "cpucontrol" "dwalsh at redhat.com" "cpucontrol SELinux Policy documentation"
+.SH "NAME"
-+deltacloudd_selinux \- Security Enhanced Linux Policy for the deltacloudd processes
++cpucontrol_selinux \- Security Enhanced Linux Policy for the cpucontrol processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the deltacloudd processes via flexible mandatory access
++Security-Enhanced Linux secures the cpucontrol processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the deltacloudd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the deltacloudd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux deltacloudd policy is very flexible allowing users to setup their deltacloudd processes in as secure a method as possible.
++SELinux cpucontrol policy is very flexible allowing users to setup their cpucontrol processes in as secure a method as possible.
+.PP
-+The following file types are defined for deltacloudd:
-+
-+
-+.EX
-+.PP
-+.B deltacloudd_exec_t
-+.EE
-+
-+- Set files with the deltacloudd_exec_t type, if you want to transition an executable to the deltacloudd_t domain.
-+
-+
-+.EX
-+.PP
-+.B deltacloudd_log_t
-+.EE
-+
-+- Set files with the deltacloudd_log_t type, if you want to treat the data as deltacloudd log data, usually stored under the /var/log directory.
++The following file types are defined for cpucontrol:
+
+
+.EX
+.PP
-+.B deltacloudd_tmp_t
++.B cpucontrol_conf_t
+.EE
+
-+- Set files with the deltacloudd_tmp_t type, if you want to store deltacloudd temporary files in the /tmp directories.
++- Set files with the cpucontrol_conf_t type, if you want to treat the files as cpucontrol configuration data, usually stored under the /etc directory.
+
+
+.EX
+.PP
-+.B deltacloudd_var_run_t
++.B cpucontrol_exec_t
+.EE
+
-+- Set files with the deltacloudd_var_run_t type, if you want to store the deltacloudd files under the /run directory.
++- Set files with the cpucontrol_exec_t type, if you want to transition an executable to the cpucontrol_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/microcode_ctl, /usr/sbin/microcode_ctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12472,18 +14774,22 @@ index 0000000..1abae65
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux deltacloudd policy is very flexible allowing users to setup their deltacloudd processes in as secure a method as possible.
++SELinux cpucontrol policy is very flexible allowing users to setup their cpucontrol processes in as secure a method as possible.
+.PP
-+The following process types are defined for deltacloudd:
++The following process types are defined for cpucontrol:
+
+.EX
-+.B deltacloudd_t
++.B cpucontrol_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cpucontrol_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12499,89 +14805,43 @@ index 0000000..1abae65
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/denyhosts_selinux.8 b/man/man8/denyhosts_selinux.8
++selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cpufreqselector_selinux.8 b/man/man8/cpufreqselector_selinux.8
new file mode 100644
-index 0000000..1ab2fa0
+index 0000000..fbdece6
--- /dev/null
-+++ b/man/man8/denyhosts_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "denyhosts_selinux" "8" "denyhosts" "dwalsh at redhat.com" "denyhosts SELinux Policy documentation"
++++ b/man/man8/cpufreqselector_selinux.8
+@@ -0,0 +1,83 @@
++.TH "cpufreqselector_selinux" "8" "cpufreqselector" "dwalsh at redhat.com" "cpufreqselector SELinux Policy documentation"
+.SH "NAME"
-+denyhosts_selinux \- Security Enhanced Linux Policy for the denyhosts processes
++cpufreqselector_selinux \- Security Enhanced Linux Policy for the cpufreqselector processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the denyhosts processes via flexible mandatory access
++Security-Enhanced Linux secures the cpufreqselector processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the denyhosts_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the denyhosts_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux denyhosts policy is very flexible allowing users to setup their denyhosts processes in as secure a method as possible.
++SELinux cpufreqselector policy is very flexible allowing users to setup their cpufreqselector processes in as secure a method as possible.
+.PP
-+The following file types are defined for denyhosts:
++The following file types are defined for cpufreqselector:
+
+
+.EX
+.PP
-+.B denyhosts_exec_t
++.B cpufreqselector_exec_t
+.EE
+
-+- Set files with the denyhosts_exec_t type, if you want to transition an executable to the denyhosts_t domain.
-+
-+
-+.EX
-+.PP
-+.B denyhosts_initrc_exec_t
-+.EE
-+
-+- Set files with the denyhosts_initrc_exec_t type, if you want to transition an executable to the denyhosts_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B denyhosts_var_lib_t
-+.EE
-+
-+- Set files with the denyhosts_var_lib_t type, if you want to store the denyhosts files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B denyhosts_var_lock_t
-+.EE
-+
-+- Set files with the denyhosts_var_lock_t type, if you want to treat the files as denyhosts var lock data, stored under the /var/lock directory
-+
-+
-+.EX
-+.PP
-+.B denyhosts_var_log_t
-+.EE
-+
-+- Set files with the denyhosts_var_log_t type, if you want to treat the data as denyhosts var log data, usually stored under the /var/log directory.
++- Set files with the cpufreqselector_exec_t type, if you want to transition an executable to the cpufreqselector_t domain.
+
+
+.PP
@@ -12597,18 +14857,28 @@ index 0000000..1ab2fa0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux denyhosts policy is very flexible allowing users to setup their denyhosts processes in as secure a method as possible.
++SELinux cpufreqselector policy is very flexible allowing users to setup their cpufreqselector processes in as secure a method as possible.
+.PP
-+The following process types are defined for denyhosts:
++The following process types are defined for cpufreqselector:
+
+.EX
-+.B denyhosts_t
++.B cpufreqselector_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cpufreqselector_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12624,22 +14894,22 @@ index 0000000..1ab2fa0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/depmod_selinux.8 b/man/man8/depmod_selinux.8
++selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cpuspeed_selinux.8 b/man/man8/cpuspeed_selinux.8
new file mode 100644
-index 0000000..0db30f2
+index 0000000..e878313
--- /dev/null
-+++ b/man/man8/depmod_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "depmod_selinux" "8" "depmod" "dwalsh at redhat.com" "depmod SELinux Policy documentation"
++++ b/man/man8/cpuspeed_selinux.8
+@@ -0,0 +1,101 @@
++.TH "cpuspeed_selinux" "8" "cpuspeed" "dwalsh at redhat.com" "cpuspeed SELinux Policy documentation"
+.SH "NAME"
-+depmod_selinux \- Security Enhanced Linux Policy for the depmod processes
++cpuspeed_selinux \- Security Enhanced Linux Policy for the cpuspeed processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the depmod processes via flexible mandatory access
++Security-Enhanced Linux secures the cpuspeed processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -12650,22 +14920,30 @@ index 0000000..0db30f2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux depmod policy is very flexible allowing users to setup their depmod processes in as secure a method as possible.
++SELinux cpuspeed policy is very flexible allowing users to setup their cpuspeed processes in as secure a method as possible.
+.PP
-+The following file types are defined for depmod:
++The following file types are defined for cpuspeed:
+
+
+.EX
+.PP
-+.B depmod_exec_t
++.B cpuspeed_exec_t
+.EE
+
-+- Set files with the depmod_exec_t type, if you want to transition an executable to the depmod_t domain.
++- Set files with the cpuspeed_exec_t type, if you want to transition an executable to the cpuspeed_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/depmod.*, /usr/sbin/depmod.*
++/usr/sbin/cpuspeed, /usr/sbin/powernowd, /usr/sbin/cpufreqd
++
++.EX
++.PP
++.B cpuspeed_var_run_t
++.EE
++
++- Set files with the cpuspeed_var_run_t type, if you want to store the cpuspeed files under the /run directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12680,18 +14958,34 @@ index 0000000..0db30f2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux depmod policy is very flexible allowing users to setup their depmod processes in as secure a method as possible.
++SELinux cpuspeed policy is very flexible allowing users to setup their cpuspeed processes in as secure a method as possible.
+.PP
-+The following process types are defined for depmod:
++The following process types are defined for cpuspeed:
+
+.EX
-+.B depmod_t
++.B cpuspeed_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cpuspeed_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cpuspeed_var_run_t
++
++ /var/run/cpufreqd\.pid
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12707,126 +15001,68 @@ index 0000000..0db30f2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/devicekit_selinux.8 b/man/man8/devicekit_selinux.8
++selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/crack_selinux.8 b/man/man8/crack_selinux.8
new file mode 100644
-index 0000000..8f4dbf7
+index 0000000..763e0d4
--- /dev/null
-+++ b/man/man8/devicekit_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "devicekit_selinux" "8" "devicekit" "dwalsh at redhat.com" "devicekit SELinux Policy documentation"
++++ b/man/man8/crack_selinux.8
+@@ -0,0 +1,115 @@
++.TH "crack_selinux" "8" "crack" "dwalsh at redhat.com" "crack SELinux Policy documentation"
+.SH "NAME"
-+devicekit_selinux \- Security Enhanced Linux Policy for the devicekit processes
++crack_selinux \- Security Enhanced Linux Policy for the crack processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the devicekit processes via flexible mandatory access
++Security-Enhanced Linux secures the crack processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the devicekit_disk_t, devicekit_power_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the devicekit_disk_t, devicekit_power_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux devicekit policy is very flexible allowing users to setup their devicekit processes in as secure a method as possible.
++SELinux crack policy is very flexible allowing users to setup their crack processes in as secure a method as possible.
+.PP
-+The following file types are defined for devicekit:
-+
-+
-+.EX
-+.PP
-+.B devicekit_disk_exec_t
-+.EE
-+
-+- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
-+
-+.EX
-+.PP
-+.B devicekit_exec_t
-+.EE
-+
-+- Set files with the devicekit_exec_t type, if you want to transition an executable to the devicekit_t domain.
-+
-+
-+.EX
-+.PP
-+.B devicekit_power_exec_t
-+.EE
-+
-+- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon
-+
-+.EX
-+.PP
-+.B devicekit_tmp_t
-+.EE
-+
-+- Set files with the devicekit_tmp_t type, if you want to store devicekit temporary files in the /tmp directories.
++The following file types are defined for crack:
+
+
+.EX
+.PP
-+.B devicekit_var_lib_t
++.B crack_db_t
+.EE
+
-+- Set files with the devicekit_var_lib_t type, if you want to store the devicekit files under the /var/lib directory.
++- Set files with the crack_db_t type, if you want to treat the files as crack database content.
+
+.br
+.TP 5
+Paths:
-+/var/lib/udisks.*, /var/lib/DeviceKit-.*, /var/lib/upower(/.*)?
++/var/cache/cracklib(/.*)?, /usr/share/cracklib(/.*)?, /usr/lib/cracklib_dict.*
+
+.EX
+.PP
-+.B devicekit_var_log_t
++.B crack_exec_t
+.EE
+
-+- Set files with the devicekit_var_log_t type, if you want to treat the data as devicekit var log data, usually stored under the /var/log directory.
++- Set files with the crack_exec_t type, if you want to transition an executable to the crack_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/log/pm-suspend\.log.*, /var/log/pm-powersave\.log.*
++/usr/sbin/cracklib-[a-z]*, /usr/sbin/crack_[a-z]*
+
+.EX
+.PP
-+.B devicekit_var_run_t
++.B crack_tmp_t
+.EE
+
-+- Set files with the devicekit_var_run_t type, if you want to store the devicekit files under the /run directory.
++- Set files with the crack_tmp_t type, if you want to store crack temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/upower(/.*)?, /var/run/udisks.*, /var/run/devkit(/.*)?, /var/run/DeviceKit-disks(/.*)?, /var/run/pm-utils(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12841,18 +15077,36 @@ index 0000000..8f4dbf7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux devicekit policy is very flexible allowing users to setup their devicekit processes in as secure a method as possible.
++SELinux crack policy is very flexible allowing users to setup their crack processes in as secure a method as possible.
+.PP
-+The following process types are defined for devicekit:
++The following process types are defined for crack:
+
+.EX
-+.B devicekit_power_t, devicekit_disk_t, devicekit_t
++.B crack_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type crack_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B crack_db_t
++
++ /usr/share/cracklib(/.*)?
++.br
++ /var/cache/cracklib(/.*)?
++.br
++ /usr/lib/cracklib_dict.*
++.br
++
++.br
++.B crack_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -12868,49 +15122,56 @@ index 0000000..8f4dbf7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dhcpc_selinux.8 b/man/man8/dhcpc_selinux.8
++selinux(8), crack(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/crond_selinux.8 b/man/man8/crond_selinux.8
new file mode 100644
-index 0000000..7638a9c
+index 0000000..107d65b
--- /dev/null
-+++ b/man/man8/dhcpc_selinux.8
-@@ -0,0 +1,174 @@
-+.TH "dhcpc_selinux" "8" "dhcpc" "dwalsh at redhat.com" "dhcpc SELinux Policy documentation"
++++ b/man/man8/crond_selinux.8
+@@ -0,0 +1,295 @@
++.TH "crond_selinux" "8" "crond" "dwalsh at redhat.com" "crond SELinux Policy documentation"
+.SH "NAME"
-+dhcpc_selinux \- Security Enhanced Linux Policy for the dhcpc processes
++crond_selinux \- Security Enhanced Linux Policy for the crond processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dhcpc processes via flexible mandatory access
++Security-Enhanced Linux secures the crond processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. dhcpc policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpc with the tightest access possible.
++SELinux policy is customizable based on least access required. crond policy is extremely flexible and has several booleans that allow you to manipulate the policy and run crond with the tightest access possible.
+
+
+.PP
-+If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++If you want to enable extra rules in the cron domain to support fcron, you must turn on the fcron_crond boolean.
+
+.EX
-+.B setsebool -P dhcpc_exec_iptables 1
++.B setsebool -P fcron_crond 1
++.EE
++
++.PP
++If you want to allow system cron jobs to relabel filesystem for restoring file contexts, you must turn on the cron_can_relabel boolean.
++
++.EX
++.B setsebool -P cron_can_relabel 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dhcpc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the crontab_t, crond_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dhcpc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the crontab_t, crond_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -12919,62 +15180,62 @@ index 0000000..7638a9c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
++SELinux crond policy is very flexible allowing users to setup their crond processes in as secure a method as possible.
+.PP
-+The following file types are defined for dhcpc:
++The following file types are defined for crond:
+
+
+.EX
+.PP
-+.B dhcpc_exec_t
++.B crond_exec_t
+.EE
+
-+- Set files with the dhcpc_exec_t type, if you want to transition an executable to the dhcpc_t domain.
++- Set files with the crond_exec_t type, if you want to transition an executable to the crond_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/dhcpcd, /sbin/dhcpcd, /usr/sbin/pump, /sbin/dhclient.*, /usr/sbin/dhclient.*, /sbin/pump, /usr/sbin/dhcdbd, /sbin/dhcdbd
++/usr/sbin/fcron, /usr/sbin/cron(d)?, /usr/sbin/atd
+
+.EX
+.PP
-+.B dhcpc_helper_exec_t
++.B crond_initrc_exec_t
+.EE
+
-+- Set files with the dhcpc_helper_exec_t type, if you want to transition an executable to the dhcpc_helper_t domain.
++- Set files with the crond_initrc_exec_t type, if you want to transition an executable to the crond_initrc_t domain.
+
+
+.EX
+.PP
-+.B dhcpc_state_t
++.B crond_tmp_t
+.EE
+
-+- Set files with the dhcpc_state_t type, if you want to treat the files as dhcpc state data.
++- Set files with the crond_tmp_t type, if you want to store crond temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dhclient(/.*)?, /var/lib/dhcp3?/dhclient.*, /var/lib/wifiroamd(/.*)?, /var/lib/dhcpcd(/.*)?
+
+.EX
+.PP
-+.B dhcpc_tmp_t
++.B crond_unit_file_t
+.EE
+
-+- Set files with the dhcpc_tmp_t type, if you want to store dhcpc temporary files in the /tmp directories.
++- Set files with the crond_unit_file_t type, if you want to treat the files as crond unit content.
+
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/crond.*, /usr/lib/systemd/system/atd.*
+
+.EX
+.PP
-+.B dhcpc_var_run_t
++.B crond_var_run_t
+.EE
+
-+- Set files with the dhcpc_var_run_t type, if you want to store the dhcpc files under the /run directory.
++- Set files with the crond_var_run_t type, if you want to store the crond files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/dhclient.*, /var/run/dhcpcd(/.*)?
++/var/run/crond?\.pid, /var/run/.*cron.*, /var/run/fcron\.pid, /var/run/crond?\.reboot, /var/run/fcron\.fifo, /var/run/atd\.pid, /var/run/anacron\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12983,49 +15244,166 @@ index 0000000..7638a9c
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dhcpc:
-+
-+.EX
-+.TP 5
-+.B dhcpc_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 68,546
-+.EE
-+udp 68,546
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
++SELinux crond policy is very flexible allowing users to setup their crond processes in as secure a method as possible.
+.PP
-+The following process types are defined for dhcpc:
++The following process types are defined for crond:
+
+.EX
-+.B dhcpc_t
++.B crond_t, cronjob_t, crontab_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type crond_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B cron_log_t
++
++ /var/log/rpmpkgs.*
++.br
++
++.br
++.B cron_spool_t
++
++ /var/spool/fcron
++.br
++ /var/spool/cron/crontabs
++.br
++
++.br
++.B crond_tmp_t
++
++
++.br
++.B crond_var_run_t
++
++ /var/run/.*cron.*
++.br
++ /var/run/crond?\.pid
++.br
++ /var/run/crond?\.reboot
++.br
++ /var/run/atd\.pid
++.br
++ /var/run/fcron\.pid
++.br
++ /var/run/fcron\.fifo
++.br
++ /var/run/anacron\.pid
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B rpm_log_t
++
++ /var/log/yum\.log.*
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B system_cron_spool_t
++
++ /etc/cron\.d(/.*)?
++.br
++ /var/spool/anacron(/.*)?
++.br
++ /etc/crontab
++.br
++ /var/spool/fcron/systab
++.br
++ /var/spool/fcron/new\.systab
++.br
++ /var/spool/fcron/systab\.orig
++.br
++
++.br
++.B user_cron_spool_t
++
++ /var/spool/at(/.*)?
++.br
++ /var/spool/cron
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -13036,9 +15414,6 @@ index 0000000..7638a9c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -13047,58 +15422,40 @@ index 0000000..7638a9c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dhcpc(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), crond(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), crontab_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/dhcpd_selinux.8 b/man/man8/dhcpd_selinux.8
+diff --git a/man/man8/crontab_selinux.8 b/man/man8/crontab_selinux.8
new file mode 100644
-index 0000000..371086a
+index 0000000..185a00a
--- /dev/null
-+++ b/man/man8/dhcpd_selinux.8
-@@ -0,0 +1,194 @@
-+.TH "dhcpd_selinux" "8" "dhcpd" "dwalsh at redhat.com" "dhcpd SELinux Policy documentation"
++++ b/man/man8/crontab_selinux.8
+@@ -0,0 +1,175 @@
++.TH "crontab_selinux" "8" "crontab" "dwalsh at redhat.com" "crontab SELinux Policy documentation"
+.SH "NAME"
-+dhcpd_selinux \- Security Enhanced Linux Policy for the dhcpd processes
++crontab_selinux \- Security Enhanced Linux Policy for the crontab processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dhcpd processes via flexible mandatory access
++Security-Enhanced Linux secures the crontab processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. dhcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
-+
-+.EX
-+.B setsebool -P dhcpc_exec_iptables 1
-+.EE
-+
-+.PP
-+If you want to allow DHCP daemon to use LDAP backends, you must turn on the dhcpd_use_ldap boolean.
-+
-+.EX
-+.B setsebool -P dhcpd_use_ldap 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dhcpd_t, dhcpc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the crontab_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dhcpd_t, dhcpc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the crontab_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -13107,61 +15464,29 @@ index 0000000..371086a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
++SELinux crontab policy is very flexible allowing users to setup their crontab processes in as secure a method as possible.
+.PP
-+The following file types are defined for dhcpd:
-+
-+
-+.EX
-+.PP
-+.B dhcpd_exec_t
-+.EE
-+
-+- Set files with the dhcpd_exec_t type, if you want to transition an executable to the dhcpd_t domain.
-+
-+
-+.EX
-+.PP
-+.B dhcpd_initrc_exec_t
-+.EE
-+
-+- Set files with the dhcpd_initrc_exec_t type, if you want to transition an executable to the dhcpd_initrc_t domain.
++The following file types are defined for crontab:
+
+
+.EX
+.PP
-+.B dhcpd_state_t
++.B crontab_exec_t
+.EE
+
-+- Set files with the dhcpd_state_t type, if you want to treat the files as dhcpd state data.
++- Set files with the crontab_exec_t type, if you want to transition an executable to the crontab_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/dhcp(3)?/dhcpd\.leases.*, /var/lib/dhcpd(/.*)?
-+
-+.EX
-+.PP
-+.B dhcpd_tmp_t
-+.EE
-+
-+- Set files with the dhcpd_tmp_t type, if you want to store dhcpd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B dhcpd_unit_file_t
-+.EE
-+
-+- Set files with the dhcpd_unit_file_t type, if you want to treat the files as dhcpd unit content.
-+
++/usr/bin/(f)?crontab, /usr/sbin/fcronsighup, /usr/bin/at
+
+.EX
+.PP
-+.B dhcpd_var_run_t
++.B crontab_tmp_t
+.EE
+
-+- Set files with the dhcpd_var_run_t type, if you want to store the dhcpd files under the /run directory.
++- Set files with the crontab_tmp_t type, if you want to store crontab temporary files in the /tmp directories.
+
+
+.PP
@@ -13171,168 +15496,204 @@ index 0000000..371086a
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dhcpd:
-+
-+.EX
-+.TP 5
-+.B dhcpc_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 68,546
-+.EE
-+udp 68,546
-+.EE
-+
-+.EX
-+.TP 5
-+.B dhcpd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 547,548,647,847,7911
-+.EE
-+udp 67,547,548,647,847
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
++SELinux crontab policy is very flexible allowing users to setup their crontab processes in as secure a method as possible.
+.PP
-+The following process types are defined for dhcpd:
++The following process types are defined for crontab:
+
+.EX
-+.B dhcpc_t, dhcpd_t
++.B crontab_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++The SELinux user type crontab_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B crontab_tmp_t
++
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B user_cron_spool_t
++
++ /var/spool/at(/.*)?
++.br
++ /var/spool/cron
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dhcpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/dictd_selinux.8 b/man/man8/dictd_selinux.8
++selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ctdbd_selinux.8 b/man/man8/ctdbd_selinux.8
new file mode 100644
-index 0000000..428bd7b
+index 0000000..511c22e
--- /dev/null
-+++ b/man/man8/dictd_selinux.8
-@@ -0,0 +1,145 @@
-+.TH "dictd_selinux" "8" "dictd" "dwalsh at redhat.com" "dictd SELinux Policy documentation"
++++ b/man/man8/ctdbd_selinux.8
+@@ -0,0 +1,209 @@
++.TH "ctdbd_selinux" "8" "ctdbd" "dwalsh at redhat.com" "ctdbd SELinux Policy documentation"
+.SH "NAME"
-+dictd_selinux \- Security Enhanced Linux Policy for the dictd processes
++ctdbd_selinux \- Security Enhanced Linux Policy for the ctdbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dictd processes via flexible mandatory access
++Security-Enhanced Linux secures the ctdbd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dictd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
++.PP
++The following file types are defined for ctdbd:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B ctdbd_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the dictd_t, you must turn on the kerberos_enabled boolean.
++- Set files with the ctdbd_exec_t type, if you want to transition an executable to the ctdbd_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B ctdbd_initrc_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for dictd:
++- Set files with the ctdbd_initrc_exec_t type, if you want to transition an executable to the ctdbd_initrc_t domain.
+
+
+.EX
+.PP
-+.B dictd_etc_t
++.B ctdbd_log_t
+.EE
+
-+- Set files with the dictd_etc_t type, if you want to store dictd files in the /etc directories.
++- Set files with the ctdbd_log_t type, if you want to treat the data as ctdbd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B dictd_exec_t
++.B ctdbd_spool_t
+.EE
+
-+- Set files with the dictd_exec_t type, if you want to transition an executable to the dictd_t domain.
++- Set files with the ctdbd_spool_t type, if you want to store the ctdbd files under the /var/spool directory.
+
+
+.EX
+.PP
-+.B dictd_initrc_exec_t
++.B ctdbd_tmp_t
+.EE
+
-+- Set files with the dictd_initrc_exec_t type, if you want to transition an executable to the dictd_initrc_t domain.
++- Set files with the ctdbd_tmp_t type, if you want to store ctdbd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dictd_var_lib_t
++.B ctdbd_var_lib_t
+.EE
+
-+- Set files with the dictd_var_lib_t type, if you want to store the dictd files under the /var/lib directory.
++- Set files with the ctdbd_var_lib_t type, if you want to store the ctdbd files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/ctdb(/.*)?, /etc/ctdb(/.*)?, /var/lib/ctdbd(/.*)?, /var/ctdbd(/.*)?
+
+.EX
+.PP
-+.B dictd_var_run_t
++.B ctdbd_var_run_t
+.EE
+
-+- Set files with the dictd_var_run_t type, if you want to store the dictd files under the /run directory.
++- Set files with the ctdbd_var_run_t type, if you want to store the ctdbd files under the /run directory.
+
+
+.PP
@@ -13351,19 +15712,21 @@ index 0000000..428bd7b
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
++SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
+.PP
-+The following port types are defined for dictd:
++The following port types are defined for ctdbd:
+
+.EX
+.TP 5
-+.B dict_port_t
++.B ctdb_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 2628
++tcp 4379
++.EE
++udp 4379
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -13371,18 +15734,74 @@ index 0000000..428bd7b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
++SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible.
+.PP
-+The following process types are defined for dictd:
++The following process types are defined for ctdbd:
+
+.EX
-+.B dictd_t
++.B ctdbd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ctdbd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ctdbd_log_t
++
++ /var/log/log\.ctdb
++.br
++
++.br
++.B ctdbd_spool_t
++
++ /var/spool/ctdb(/.*)?
++.br
++
++.br
++.B ctdbd_tmp_t
++
++
++.br
++.B ctdbd_var_lib_t
++
++ /etc/ctdb(/.*)?
++.br
++ /var/ctdb(/.*)?
++.br
++ /var/ctdbd(/.*)?
++.br
++ /var/lib/ctdbd(/.*)?
++.br
++
++.br
++.B ctdbd_var_run_t
++
++ /var/run/ctdbd(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -13401,38 +15820,38 @@ index 0000000..428bd7b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dirsrv_selinux.8 b/man/man8/dirsrv_selinux.8
++selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cups_pdf_selinux.8 b/man/man8/cups_pdf_selinux.8
new file mode 100644
-index 0000000..8264151
+index 0000000..2aaabe2
--- /dev/null
-+++ b/man/man8/dirsrv_selinux.8
-@@ -0,0 +1,227 @@
-+.TH "dirsrv_selinux" "8" "dirsrv" "dwalsh at redhat.com" "dirsrv SELinux Policy documentation"
++++ b/man/man8/cups_pdf_selinux.8
+@@ -0,0 +1,133 @@
++.TH "cups_pdf_selinux" "8" "cups_pdf" "dwalsh at redhat.com" "cups_pdf SELinux Policy documentation"
+.SH "NAME"
-+dirsrv_selinux \- Security Enhanced Linux Policy for the dirsrv processes
++cups_pdf_selinux \- Security Enhanced Linux Policy for the cups_pdf processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dirsrv processes via flexible mandatory access
++Security-Enhanced Linux secures the cups_pdf processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dirsrv_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cups_pdf_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dirsrv_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cups_pdf_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -13441,183 +15860,89 @@ index 0000000..8264151
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible.
++SELinux cups_pdf policy is very flexible allowing users to setup their cups_pdf processes in as secure a method as possible.
+.PP
-+The following file types are defined for dirsrv:
-+
-+
-+.EX
-+.PP
-+.B dirsrv_config_t
-+.EE
-+
-+- Set files with the dirsrv_config_t type, if you want to treat the files as dirsrv configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
-+.PP
-+.B dirsrv_exec_t
-+.EE
-+
-+- Set files with the dirsrv_exec_t type, if you want to transition an executable to the dirsrv_t domain.
-+
-+
-+.EX
-+.PP
-+.B dirsrv_share_t
-+.EE
-+
-+- Set files with the dirsrv_share_t type, if you want to treat the files as dirsrv share data.
-+
-+
-+.EX
-+.PP
-+.B dirsrv_snmp_exec_t
-+.EE
-+
-+- Set files with the dirsrv_snmp_exec_t type, if you want to transition an executable to the dirsrv_snmp_t domain.
-+
-+
-+.EX
-+.PP
-+.B dirsrv_snmp_var_log_t
-+.EE
-+
-+- Set files with the dirsrv_snmp_var_log_t type, if you want to treat the data as dirsrv snmp var log data, usually stored under the /var/log directory.
++The following file types are defined for cups_pdf:
+
+
+.EX
+.PP
-+.B dirsrv_snmp_var_run_t
++.B cups_pdf_exec_t
+.EE
+
-+- Set files with the dirsrv_snmp_var_run_t type, if you want to store the dirsrv snmp files under the /run directory.
++- Set files with the cups_pdf_exec_t type, if you want to transition an executable to the cups_pdf_t domain.
+
+
+.EX
+.PP
-+.B dirsrv_tmp_t
++.B cups_pdf_tmp_t
+.EE
+
-+- Set files with the dirsrv_tmp_t type, if you want to store dirsrv temporary files in the /tmp directories.
++- Set files with the cups_pdf_tmp_t type, if you want to store cups pdf temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B dirsrv_tmpfs_t
-+.EE
-+
-+- Set files with the dirsrv_tmpfs_t type, if you want to store dirsrv files on a tmpfs file system.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B dirsrv_var_lib_t
-+.EE
-+
-+- Set files with the dirsrv_var_lib_t type, if you want to store the dirsrv files under the /var/lib directory.
-+
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B dirsrv_var_lock_t
-+.EE
-+
-+- Set files with the dirsrv_var_lock_t type, if you want to treat the files as dirsrv var lock data, stored under the /var/lock directory
-+
++Policy governs the access confined processes have to files.
++SELinux cups_pdf policy is very flexible allowing users to setup their cups_pdf processes in as secure a method as possible.
++.PP
++The following process types are defined for cups_pdf:
+
+.EX
-+.PP
-+.B dirsrv_var_log_t
++.B cups_pdf_t
+.EE
-+
-+- Set files with the dirsrv_var_log_t type, if you want to treat the data as dirsrv var log data, usually stored under the /var/log directory.
-+
-+
-+.EX
+.PP
-+.B dirsrv_var_run_t
-+.EE
-+
-+- Set files with the dirsrv_var_run_t type, if you want to store the dirsrv files under the /run directory.
-+
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.PP
-+.B dirsrvadmin_config_t
-+.EE
++.SH "MANAGED FILES"
+
-+- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
++The SELinux user type cups_pdf_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
-+
-+.EX
-+.PP
-+.B dirsrvadmin_exec_t
-+.EE
++.B anon_inodefs_t
+
-+- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
++.B cups_pdf_tmp_t
+
-+.EX
-+.PP
-+.B dirsrvadmin_lock_t
-+.EE
-+
-+- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory
-+
-+
-+.EX
-+.PP
-+.B dirsrvadmin_tmp_t
-+.EE
+
-+- Set files with the dirsrvadmin_tmp_t type, if you want to store dirsrvadmin temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B dirsrvadmin_unconfined_script_exec_t
-+.EE
++.br
++.B cupsd_log_t
+
-+- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
++ /var/log/cups(/.*)?
++.br
++ /usr/Brother/fax/.*\.log.*
++.br
++ /var/log/turboprint.*
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
++.B print_spool_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible.
-+.PP
-+The following process types are defined for dirsrv:
++.br
++.B user_home_t
+
-+.EX
-+.B dirsrvadmin_unconfined_script_t, dirsrv_snmp_t, dirsrvadmin_t, dirsrv_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /home/[^/]*/.+
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -13634,88 +15959,70 @@ index 0000000..8264151
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dirsrvadmin_selinux.8 b/man/man8/dirsrvadmin_selinux.8
++selinux(8), cups_pdf(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cupsd_config_selinux.8 b/man/man8/cupsd_config_selinux.8
new file mode 100644
-index 0000000..8f4b784
+index 0000000..f085353
--- /dev/null
-+++ b/man/man8/dirsrvadmin_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "dirsrvadmin_selinux" "8" "dirsrvadmin" "dwalsh at redhat.com" "dirsrvadmin SELinux Policy documentation"
++++ b/man/man8/cupsd_config_selinux.8
+@@ -0,0 +1,188 @@
++.TH "cupsd_config_selinux" "8" "cupsd_config" "dwalsh at redhat.com" "cupsd_config SELinux Policy documentation"
+.SH "NAME"
-+dirsrvadmin_selinux \- Security Enhanced Linux Policy for the dirsrvadmin processes
++cupsd_config_selinux \- Security Enhanced Linux Policy for the cupsd_config processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dirsrvadmin processes via flexible mandatory access
++Security-Enhanced Linux secures the cupsd_config processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux dirsrvadmin policy is very flexible allowing users to setup their dirsrvadmin processes in as secure a method as possible.
-+.PP
-+The following file types are defined for dirsrvadmin:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cupsd_config_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B dirsrvadmin_config_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
-+
-+.EX
+.PP
-+.B dirsrvadmin_exec_t
-+.EE
-+
-+- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
++If you want to allow confined applications to run with kerberos for the cupsd_config_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B dirsrvadmin_lock_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux cupsd_config policy is very flexible allowing users to setup their cupsd_config processes in as secure a method as possible.
++.PP
++The following file types are defined for cupsd_config:
+
+
+.EX
+.PP
-+.B dirsrvadmin_tmp_t
++.B cupsd_config_exec_t
+.EE
+
-+- Set files with the dirsrvadmin_tmp_t type, if you want to store dirsrvadmin temporary files in the /tmp directories.
++- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
+.EX
+.PP
-+.B dirsrvadmin_unconfined_script_exec_t
++.B cupsd_config_var_run_t
+.EE
+
-+- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
++- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -13730,18 +16037,106 @@ index 0000000..8f4b784
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dirsrvadmin policy is very flexible allowing users to setup their dirsrvadmin processes in as secure a method as possible.
++SELinux cupsd_config policy is very flexible allowing users to setup their cupsd_config processes in as secure a method as possible.
+.PP
-+The following process types are defined for dirsrvadmin:
++The following process types are defined for cupsd_config:
+
+.EX
-+.B dirsrvadmin_unconfined_script_t, dirsrvadmin_t
++.B cupsd_config_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cupsd_config_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cupsd_config_var_run_t
++
++ /var/run/udev-configure-printer(/.*)?
++.br
++
++.br
++.B cupsd_etc_t
++
++ /etc/cups(/.*)?
++.br
++ /usr/share/cups(/.*)?
++.br
++
++.br
++.B cupsd_log_t
++
++ /var/log/cups(/.*)?
++.br
++ /usr/Brother/fax/.*\.log.*
++.br
++ /var/log/turboprint.*
++.br
++
++.br
++.B cupsd_rw_etc_t
++
++ /etc/printcap.*
++.br
++ /etc/cups/ppd(/.*)?
++.br
++ /usr/Brother/(.*/)?inf(/.*)?
++.br
++ /usr/Printer/(.*/)?inf(/.*)?
++.br
++ /usr/lib/bjlib(/.*)?
++.br
++ /var/cache/cups(/.*)?
++.br
++ /etc/cups/certs/.*
++.br
++ /etc/cups/lpoptions.*
++.br
++ /var/cache/foomatic(/.*)?
++.br
++ /etc/cups/cupsd\.conf.*
++.br
++ /var/lib/cups/certs/.*
++.br
++ /opt/gutenprint/ppds(/.*)?
++.br
++ /opt/brother/Printers(.*/)?inf(/.*)?
++.br
++ /etc/cups/classes\.conf.*
++.br
++ /etc/cups/printers\.conf.*
++.br
++ /etc/cups/subscriptions.*
++.br
++ /usr/local/linuxprinter/ppd(/.*)?
++.br
++ /var/cache/alchemist/printconf.*
++.br
++ /etc/alchemist/namespace/printconf(/.*)?
++.br
++ /etc/cups/certs
++.br
++ /etc/cups/ppds\.dat
++.br
++ /var/lib/cups/certs
++.br
++ /usr/share/foomatic/db/oldprinterids
++.br
++
++.br
++.B cupsd_tmp_t
++
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -13757,55 +16152,75 @@ index 0000000..8f4b784
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/disk_selinux.8 b/man/man8/disk_selinux.8
++selinux(8), cupsd_config(8), semanage(8), restorecon(8), chcon(1)
++, cupsd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/cupsd_lpd_selinux.8 b/man/man8/cupsd_lpd_selinux.8
new file mode 100644
-index 0000000..fd60eaf
+index 0000000..1e6a8d8
--- /dev/null
-+++ b/man/man8/disk_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "disk_selinux" "8" "disk" "dwalsh at redhat.com" "disk SELinux Policy documentation"
++++ b/man/man8/cupsd_lpd_selinux.8
+@@ -0,0 +1,116 @@
++.TH "cupsd_lpd_selinux" "8" "cupsd_lpd" "dwalsh at redhat.com" "cupsd_lpd SELinux Policy documentation"
+.SH "NAME"
-+disk_selinux \- Security Enhanced Linux Policy for the disk processes
++cupsd_lpd_selinux \- Security Enhanced Linux Policy for the cupsd_lpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the disk processes via flexible mandatory access
++Security-Enhanced Linux secures the cupsd_lpd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cupsd_lpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the cupsd_lpd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux disk policy is very flexible allowing users to setup their disk processes in as secure a method as possible.
++SELinux cupsd_lpd policy is very flexible allowing users to setup their cupsd_lpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for disk:
++The following file types are defined for cupsd_lpd:
+
+
+.EX
+.PP
-+.B disk_munin_plugin_exec_t
++.B cupsd_lpd_exec_t
+.EE
+
-+- Set files with the disk_munin_plugin_exec_t type, if you want to transition an executable to the disk_munin_plugin_t domain.
++- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/diskstat.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/df.*
+
+.EX
+.PP
-+.B disk_munin_plugin_tmp_t
++.B cupsd_lpd_tmp_t
+.EE
+
-+- Set files with the disk_munin_plugin_tmp_t type, if you want to store disk munin plugin temporary files in the /tmp directories.
++- Set files with the cupsd_lpd_tmp_t type, if you want to store cupsd lpd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B cupsd_lpd_var_run_t
++.EE
++
++- Set files with the cupsd_lpd_var_run_t type, if you want to store the cupsd lpd files under the /run directory.
+
+
+.PP
@@ -13821,18 +16236,30 @@ index 0000000..fd60eaf
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux disk policy is very flexible allowing users to setup their disk processes in as secure a method as possible.
++SELinux cupsd_lpd policy is very flexible allowing users to setup their cupsd_lpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for disk:
++The following process types are defined for cupsd_lpd:
+
+.EX
-+.B disk_munin_plugin_t
++.B cupsd_lpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cupsd_lpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cupsd_lpd_tmp_t
++
++
++.br
++.B cupsd_lpd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -13848,38 +16275,40 @@ index 0000000..fd60eaf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), disk(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dkim_selinux.8 b/man/man8/dkim_selinux.8
++selinux(8), cupsd_lpd(8), semanage(8), restorecon(8), chcon(1)
++, cupsd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/cupsd_selinux.8 b/man/man8/cupsd_selinux.8
new file mode 100644
-index 0000000..24d191c
+index 0000000..f75a68e
--- /dev/null
-+++ b/man/man8/dkim_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "dkim_selinux" "8" "dkim" "dwalsh at redhat.com" "dkim SELinux Policy documentation"
++++ b/man/man8/cupsd_selinux.8
+@@ -0,0 +1,388 @@
++.TH "cupsd_selinux" "8" "cupsd" "dwalsh at redhat.com" "cupsd SELinux Policy documentation"
+.SH "NAME"
-+dkim_selinux \- Security Enhanced Linux Policy for the dkim processes
++cupsd_selinux \- Security Enhanced Linux Policy for the cupsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dkim processes via flexible mandatory access
++Security-Enhanced Linux secures the cupsd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dkim_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dkim_milter_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cups_pdf_t, cupsd_config_t, cupsd_lpd_t, cupsd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -13888,141 +16317,150 @@ index 0000000..24d191c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dkim policy is very flexible allowing users to setup their dkim processes in as secure a method as possible.
++SELinux cupsd policy is very flexible allowing users to setup their cupsd processes in as secure a method as possible.
+.PP
-+The following file types are defined for dkim:
++The following file types are defined for cupsd:
+
+
+.EX
+.PP
-+.B dkim_milter_data_t
++.B cupsd_config_exec_t
+.EE
+
-+- Set files with the dkim_milter_data_t type, if you want to treat the files as dkim milter content.
++- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/dkim-milter(/.*)?, /var/run/dkim-milter(/.*)?
++/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
+.EX
+.PP
-+.B dkim_milter_exec_t
++.B cupsd_config_var_run_t
+.EE
+
-+- Set files with the dkim_milter_exec_t type, if you want to transition an executable to the dkim_milter_t domain.
++- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory.
+
+
+.EX
+.PP
-+.B dkim_milter_private_key_t
++.B cupsd_etc_t
+.EE
+
-+- Set files with the dkim_milter_private_key_t type, if you want to treat the files as dkim milter private key data.
++- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/usr/share/cups(/.*)?, /etc/cups(/.*)?
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B cupsd_exec_t
++.EE
++
++- Set files with the cupsd_exec_t type, if you want to transition an executable to the cupsd_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux dkim policy is very flexible allowing users to setup their dkim processes in as secure a method as possible.
-+.PP
-+The following process types are defined for dkim:
+
+.EX
-+.B dkim_milter_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B cupsd_initrc_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
++- Set files with the cupsd_initrc_exec_t type, if you want to transition an executable to the cupsd_initrc_t domain.
++
++
++.EX
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.B cupsd_interface_t
++.EE
++
++- Set files with the cupsd_interface_t type, if you want to treat the files as cupsd interface data.
++
++
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B cupsd_lock_t
++.EE
++
++- Set files with the cupsd_lock_t type, if you want to treat the files as cupsd lock data, stored under the /var/lock directory
++
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B cupsd_log_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory.
+
-+.SH "SEE ALSO"
-+selinux(8), dkim(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dlm_selinux.8 b/man/man8/dlm_selinux.8
-new file mode 100644
-index 0000000..8937eb5
---- /dev/null
-+++ b/man/man8/dlm_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "dlm_selinux" "8" "dlm" "dwalsh at redhat.com" "dlm SELinux Policy documentation"
-+.SH "NAME"
-+dlm_selinux \- Security Enhanced Linux Policy for the dlm processes
-+.SH "DESCRIPTION"
++.br
++.TP 5
++Paths:
++/var/log/cups(/.*)?, /var/log/turboprint.*, /usr/Brother/fax/.*\.log.*
+
-+Security-Enhanced Linux secures the dlm processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B cupsd_lpd_exec_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B cupsd_lpd_tmp_t
++.EE
++
++- Set files with the cupsd_lpd_tmp_t type, if you want to store cupsd lpd temporary files in the /tmp directories.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux dlm policy is very flexible allowing users to setup their dlm processes in as secure a method as possible.
-+.PP
-+The following file types are defined for dlm:
++.B cupsd_lpd_var_run_t
++.EE
++
++- Set files with the cupsd_lpd_var_run_t type, if you want to store the cupsd lpd files under the /run directory.
+
+
+.EX
+.PP
-+.B dlm_controld_exec_t
++.B cupsd_rw_etc_t
+.EE
+
-+- Set files with the dlm_controld_exec_t type, if you want to transition an executable to the dlm_controld_t domain.
++- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /usr/Brother/(.*/)?inf(/.*)?, /opt/brother/Printers(.*/)?inf(/.*)?, /etc/cups/subscriptions.*, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /etc/alchemist/namespace/printconf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /usr/Printer/(.*/)?inf(/.*)?, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids
+
+.EX
+.PP
-+.B dlm_controld_tmpfs_t
++.B cupsd_tmp_t
+.EE
+
-+- Set files with the dlm_controld_tmpfs_t type, if you want to store dlm controld files on a tmpfs file system.
++- Set files with the cupsd_tmp_t type, if you want to store cupsd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dlm_controld_var_log_t
++.B cupsd_unit_file_t
+.EE
+
-+- Set files with the dlm_controld_var_log_t type, if you want to treat the data as dlm controld var log data, usually stored under the /var/log directory.
++- Set files with the cupsd_unit_file_t type, if you want to treat the files as cupsd unit content.
+
+
+.EX
+.PP
-+.B dlm_controld_var_run_t
++.B cupsd_var_run_t
+.EE
+
-+- Set files with the dlm_controld_var_run_t type, if you want to store the dlm controld files under the /run directory.
++- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14037,18 +16475,186 @@ index 0000000..8937eb5
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dlm policy is very flexible allowing users to setup their dlm processes in as secure a method as possible.
++SELinux cupsd policy is very flexible allowing users to setup their cupsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for dlm:
++The following process types are defined for cupsd:
+
+.EX
-+.B dlm_controld_t
++.B cupsd_t, cupsd_config_t, cupsd_lpd_t, cups_pdf_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cupsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cupsd_interface_t
++
++ /etc/cups/interfaces(/.*)?
++.br
++
++.br
++.B cupsd_lock_t
++
++
++.br
++.B cupsd_log_t
++
++ /var/log/cups(/.*)?
++.br
++ /usr/Brother/fax/.*\.log.*
++.br
++ /var/log/turboprint.*
++.br
++
++.br
++.B cupsd_rw_etc_t
++
++ /etc/printcap.*
++.br
++ /etc/cups/ppd(/.*)?
++.br
++ /usr/Brother/(.*/)?inf(/.*)?
++.br
++ /usr/Printer/(.*/)?inf(/.*)?
++.br
++ /usr/lib/bjlib(/.*)?
++.br
++ /var/cache/cups(/.*)?
++.br
++ /etc/cups/certs/.*
++.br
++ /etc/cups/lpoptions.*
++.br
++ /var/cache/foomatic(/.*)?
++.br
++ /etc/cups/cupsd\.conf.*
++.br
++ /var/lib/cups/certs/.*
++.br
++ /opt/gutenprint/ppds(/.*)?
++.br
++ /opt/brother/Printers(.*/)?inf(/.*)?
++.br
++ /etc/cups/classes\.conf.*
++.br
++ /etc/cups/printers\.conf.*
++.br
++ /etc/cups/subscriptions.*
++.br
++ /usr/local/linuxprinter/ppd(/.*)?
++.br
++ /var/cache/alchemist/printconf.*
++.br
++ /etc/alchemist/namespace/printconf(/.*)?
++.br
++ /etc/cups/certs
++.br
++ /etc/cups/ppds\.dat
++.br
++ /var/lib/cups/certs
++.br
++ /usr/share/foomatic/db/oldprinterids
++.br
++
++.br
++.B cupsd_tmp_t
++
++
++.br
++.B cupsd_var_run_t
++
++ /var/ccpd(/.*)?
++.br
++ /var/ekpd(/.*)?
++.br
++ /var/run/cups(/.*)?
++.br
++ /var/turboprint(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B usbfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14064,59 +16670,115 @@ index 0000000..8937eb5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dlm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dmesg_selinux.8 b/man/man8/dmesg_selinux.8
++selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1)
++, cups_pdf_selinux(8), cupsd_config_selinux(8), cupsd_lpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/cvs_selinux.8 b/man/man8/cvs_selinux.8
new file mode 100644
-index 0000000..dfc5418
+index 0000000..6b0198f
--- /dev/null
-+++ b/man/man8/dmesg_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "dmesg_selinux" "8" "dmesg" "dwalsh at redhat.com" "dmesg SELinux Policy documentation"
++++ b/man/man8/cvs_selinux.8
+@@ -0,0 +1,220 @@
++.TH "cvs_selinux" "8" "cvs" "dwalsh at redhat.com" "cvs SELinux Policy documentation"
+.SH "NAME"
-+dmesg_selinux \- Security Enhanced Linux Policy for the dmesg processes
++cvs_selinux \- Security Enhanced Linux Policy for the cvs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dmesg processes via flexible mandatory access
++Security-Enhanced Linux secures the cvs processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. dmesg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dmesg with the tightest access possible.
++SELinux policy is customizable based on least access required. cvs policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cvs with the tightest access possible.
+
+
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++If you want to allow cvs daemon to read shadow, you must turn on the cvs_read_shadow boolean.
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B setsebool -P cvs_read_shadow 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cvs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the cvs_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dmesg policy is very flexible allowing users to setup their dmesg processes in as secure a method as possible.
++SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
+.PP
-+The following file types are defined for dmesg:
++The following file types are defined for cvs:
+
+
+.EX
+.PP
-+.B dmesg_exec_t
++.B cvs_data_t
+.EE
+
-+- Set files with the dmesg_exec_t type, if you want to transition an executable to the dmesg_t domain.
++- Set files with the cvs_data_t type, if you want to treat the files as cvs content.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/dmesg, /bin/dmesg
++/opt/cvs(/.*)?, /var/cvs(/.*)?
++
++.EX
++.PP
++.B cvs_exec_t
++.EE
++
++- Set files with the cvs_exec_t type, if you want to transition an executable to the cvs_t domain.
++
++
++.EX
++.PP
++.B cvs_initrc_exec_t
++.EE
++
++- Set files with the cvs_initrc_exec_t type, if you want to transition an executable to the cvs_initrc_t domain.
++
++
++.EX
++.PP
++.B cvs_keytab_t
++.EE
++
++- Set files with the cvs_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B cvs_tmp_t
++.EE
++
++- Set files with the cvs_tmp_t type, if you want to store cvs temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B cvs_var_run_t
++.EE
++
++- Set files with the cvs_var_run_t type, if you want to store the cvs files under the /run directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14125,24 +16787,95 @@ index 0000000..dfc5418
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
++.PP
++The following port types are defined for cvs:
++
++.EX
++.TP 5
++.B cvs_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 2401
++.EE
++udp 2401
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dmesg policy is very flexible allowing users to setup their dmesg processes in as secure a method as possible.
++SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible.
+.PP
-+The following process types are defined for dmesg:
++The following process types are defined for cvs:
+
+.EX
-+.B dmesg_t
++.B cvs_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cvs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cvs_data_t
++
++ /opt/cvs(/.*)?
++.br
++ /var/cvs(/.*)?
++.br
++
++.br
++.B cvs_tmp_t
++
++
++.br
++.B cvs_var_run_t
++
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14153,6 +16886,9 @@ index 0000000..dfc5418
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -14161,24 +16897,24 @@ index 0000000..dfc5418
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dmesg(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cvs(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/dmidecode_selinux.8 b/man/man8/dmidecode_selinux.8
+diff --git a/man/man8/cyphesis_selinux.8 b/man/man8/cyphesis_selinux.8
new file mode 100644
-index 0000000..b3c9617
+index 0000000..06be409
--- /dev/null
-+++ b/man/man8/dmidecode_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "dmidecode_selinux" "8" "dmidecode" "dwalsh at redhat.com" "dmidecode SELinux Policy documentation"
++++ b/man/man8/cyphesis_selinux.8
+@@ -0,0 +1,141 @@
++.TH "cyphesis_selinux" "8" "cyphesis" "dwalsh at redhat.com" "cyphesis SELinux Policy documentation"
+.SH "NAME"
-+dmidecode_selinux \- Security Enhanced Linux Policy for the dmidecode processes
++cyphesis_selinux \- Security Enhanced Linux Policy for the cyphesis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dmidecode processes via flexible mandatory access
++Security-Enhanced Linux secures the cyphesis processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -14189,22 +16925,42 @@ index 0000000..b3c9617
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dmidecode policy is very flexible allowing users to setup their dmidecode processes in as secure a method as possible.
++SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
+.PP
-+The following file types are defined for dmidecode:
++The following file types are defined for cyphesis:
+
+
+.EX
+.PP
-+.B dmidecode_exec_t
++.B cyphesis_exec_t
+.EE
+
-+- Set files with the dmidecode_exec_t type, if you want to transition an executable to the dmidecode_t domain.
++- Set files with the cyphesis_exec_t type, if you want to transition an executable to the cyphesis_t domain.
++
++
++.EX
++.PP
++.B cyphesis_log_t
++.EE
++
++- Set files with the cyphesis_log_t type, if you want to treat the data as cyphesis log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B cyphesis_tmp_t
++.EE
++
++- Set files with the cyphesis_tmp_t type, if you want to store cyphesis temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B cyphesis_var_run_t
++.EE
++
++- Set files with the cyphesis_var_run_t type, if you want to store the cyphesis files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/dmidecode, /usr/sbin/vpddecode, /usr/sbin/ownership
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14213,24 +16969,65 @@ index 0000000..b3c9617
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
++.PP
++The following port types are defined for cyphesis:
++
++.EX
++.TP 5
++.B cyphesis_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 6767,6769,6780-6799
++.EE
++udp 32771
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dmidecode policy is very flexible allowing users to setup their dmidecode processes in as secure a method as possible.
++SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible.
+.PP
-+The following process types are defined for dmidecode:
++The following process types are defined for cyphesis:
+
+.EX
-+.B dmidecode_t
++.B cyphesis_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cyphesis_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cyphesis_log_t
++
++ /var/log/cyphesis(/.*)?
++.br
++
++.br
++.B cyphesis_var_run_t
++
++ /var/run/cyphesis(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14241,43 +17038,46 @@ index 0000000..b3c9617
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dnsmasq_selinux.8 b/man/man8/dnsmasq_selinux.8
++selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/cyrus_selinux.8 b/man/man8/cyrus_selinux.8
new file mode 100644
-index 0000000..2326218
+index 0000000..8208a25
--- /dev/null
-+++ b/man/man8/dnsmasq_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "dnsmasq_selinux" "8" "dnsmasq" "dwalsh at redhat.com" "dnsmasq SELinux Policy documentation"
++++ b/man/man8/cyrus_selinux.8
+@@ -0,0 +1,165 @@
++.TH "cyrus_selinux" "8" "cyrus" "dwalsh at redhat.com" "cyrus SELinux Policy documentation"
+.SH "NAME"
-+dnsmasq_selinux \- Security Enhanced Linux Policy for the dnsmasq processes
++cyrus_selinux \- Security Enhanced Linux Policy for the cyrus processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dnsmasq processes via flexible mandatory access
++Security-Enhanced Linux secures the cyrus processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dnsmasq_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cyrus_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dnsmasq_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the cyrus_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -14286,74 +17086,66 @@ index 0000000..2326218
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dnsmasq policy is very flexible allowing users to setup their dnsmasq processes in as secure a method as possible.
++SELinux cyrus policy is very flexible allowing users to setup their cyrus processes in as secure a method as possible.
+.PP
-+The following file types are defined for dnsmasq:
++The following file types are defined for cyrus:
+
+
+.EX
+.PP
-+.B dnsmasq_etc_t
++.B cyrus_exec_t
+.EE
+
-+- Set files with the dnsmasq_etc_t type, if you want to store dnsmasq files in the /etc directories.
++- Set files with the cyrus_exec_t type, if you want to transition an executable to the cyrus_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/cyrus-imapd/cyrus-master, /usr/lib/cyrus/master
+
+.EX
+.PP
-+.B dnsmasq_exec_t
++.B cyrus_initrc_exec_t
+.EE
+
-+- Set files with the dnsmasq_exec_t type, if you want to transition an executable to the dnsmasq_t domain.
++- Set files with the cyrus_initrc_exec_t type, if you want to transition an executable to the cyrus_initrc_t domain.
+
+
+.EX
+.PP
-+.B dnsmasq_initrc_exec_t
++.B cyrus_keytab_t
+.EE
+
-+- Set files with the dnsmasq_initrc_exec_t type, if you want to transition an executable to the dnsmasq_initrc_t domain.
++- Set files with the cyrus_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B dnsmasq_lease_t
++.B cyrus_tmp_t
+.EE
+
-+- Set files with the dnsmasq_lease_t type, if you want to treat the files as dnsmasq lease data.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dnsmasq(/.*)?, /var/lib/misc/dnsmasq\.leases
-+
-+.EX
-+.PP
-+.B dnsmasq_unit_file_t
-+.EE
-+
-+- Set files with the dnsmasq_unit_file_t type, if you want to treat the files as dnsmasq unit content.
++- Set files with the cyrus_tmp_t type, if you want to store cyrus temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dnsmasq_var_log_t
++.B cyrus_var_lib_t
+.EE
+
-+- Set files with the dnsmasq_var_log_t type, if you want to treat the data as dnsmasq var log data, usually stored under the /var/log directory.
++- Set files with the cyrus_var_lib_t type, if you want to store the cyrus files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/imap(/.*)?, /var/lib/imap(/.*)?
+
+.EX
+.PP
-+.B dnsmasq_var_run_t
++.B cyrus_var_run_t
+.EE
+
-+- Set files with the dnsmasq_var_run_t type, if you want to store the dnsmasq files under the /run directory.
++- Set files with the cyrus_var_run_t type, if you want to store the cyrus files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/dnsmasq\.pid, /var/run/libvirt/network(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14368,18 +17160,48 @@ index 0000000..2326218
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dnsmasq policy is very flexible allowing users to setup their dnsmasq processes in as secure a method as possible.
++SELinux cyrus policy is very flexible allowing users to setup their cyrus processes in as secure a method as possible.
+.PP
-+The following process types are defined for dnsmasq:
++The following process types are defined for cyrus:
+
+.EX
-+.B dnsmasq_t
++.B cyrus_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type cyrus_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cyrus_tmp_t
++
++
++.br
++.B cyrus_var_lib_t
++
++ /var/imap(/.*)?
++.br
++ /var/lib/imap(/.*)?
++.br
++
++.br
++.B cyrus_var_run_t
++
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14395,112 +17217,190 @@ index 0000000..2326218
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dnssec_selinux.8 b/man/man8/dnssec_selinux.8
++selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dbadm_selinux.8 b/man/man8/dbadm_selinux.8
new file mode 100644
-index 0000000..6289e0e
+index 0000000..5d12181
--- /dev/null
-+++ b/man/man8/dnssec_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "dnssec_selinux" "8" "dnssec" "dwalsh at redhat.com" "dnssec SELinux Policy documentation"
++++ b/man/man8/dbadm_selinux.8
+@@ -0,0 +1,198 @@
++.TH "dbadm_selinux" "8" "dbadm" "mgrepl at redhat.com" "dbadm SELinux Policy documentation"
+.SH "NAME"
-+dnssec_selinux \- Security Enhanced Linux Policy for the dnssec processes
-+.SH "DESCRIPTION"
++dbadm_r \- \fBDatabase administrator role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the dnssec processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH NSSWITCH DOMAIN
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux dnssec policy is very flexible allowing users to setup their dnssec processes in as secure a method as possible.
-+.PP
-+The following file types are defined for dnssec:
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
+
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
+
-+.EX
-+.PP
-+.B dnssec_t
-+.EE
++The default type for the dbadm_r role is dbadm_t.
+
-+- Set files with the dnssec_t type, if you want to treat the files as dnssec data.
++The
++.B newrole
++program to transition directly to this role.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/unbound/.*\.key, /var/named/chroot/etc/rndc\.key, /etc/dnssec-trigger/dnssec_trigger_server\.key, /etc/rndc\.key
++.B newrole -r dbadm_r -t dbadm_t
+
-+.EX
-+.PP
-+.B dnssec_trigger_exec_t
-+.EE
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to dbadm_r by adding a similar line to the /etc/sudoers file.
+
-+- Set files with the dnssec_trigger_exec_t type, if you want to transition an executable to the dnssec_trigger_t domain.
++USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
+
++.br
++sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
+
-+.EX
-+.PP
-+.B dnssec_trigger_var_run_t
-+.EE
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach dbadm_r role.
+
-+- Set files with the dnssec_trigger_var_run_t type, if you want to store the dnssec trigger files under the /run directory.
++Execute the following to see all of the assigned SELinux roles:
+
++.B semanage user -l
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++You need to add dbadm_r to the staff_u user. You could setup the staff_u user to be able to use the dbadm_r role with a command like:
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++.B $ semanage user -m -R 'staff_r system_r dbadm_r' staff_u
++
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. dbadm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dbadm with the tightest access possible.
+
-+.B semanage port -l
+
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux dnssec policy is very flexible allowing users to setup their dnssec processes in as secure a method as possible.
-+.PP
-+The following port types are defined for dnssec:
++If you want to allow database admins to execute DML statement, you must turn on the sepgsql_unconfined_dbadm boolean.
+
+.EX
-+.TP 5
-+.B dnssec_port_t
-+.TP 10
++.B setsebool -P sepgsql_unconfined_dbadm 1
+.EE
+
++.PP
++If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
+
-+Default Defined Ports:
-+tcp 8955
++.EX
++.B setsebool -P dbadm_manage_user_files 1
+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux dnssec policy is very flexible allowing users to setup their dnssec processes in as secure a method as possible.
-+.PP
-+The following process types are defined for dnssec:
++If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
+
+.EX
-+.B dnssec_trigger_t
++.B setsebool -P dbadm_read_user_files 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type dbadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mysqld_db_t
++
++ /var/lib/mysql(/.*)?
++.br
++
++.br
++.B mysqld_etc_t
++
++ /etc/mysql(/.*)?
++.br
++ /etc/my\.cnf
++.br
++
++.br
++.B mysqld_home_t
++
++ /root/\.my\.cnf
++.br
++ /home/[^/]*/\.my\.cnf
++.br
++
++.br
++.B mysqld_log_t
++
++ /var/log/mysql.*
++.br
++
++.br
++.B mysqld_tmp_t
++
++
++.br
++.B mysqld_unit_file_t
++
++ /usr/lib/systemd/system/mysqld.*
++.br
++
++.br
++.B mysqld_var_run_t
++
++ /var/run/mysqld(/.*)?
++.br
++ /var/lib/mysql/mysql\.sock
++.br
++
++.br
++.B postgresql_db_t
++
++ /var/lib/pgsql(/.*)?
++.br
++ /var/lib/sepgsql(/.*)?
++.br
++ /var/lib/postgres(ql)?(/.*)?
++.br
++ /usr/share/jonas/pgsql(/.*)?
++.br
++ /usr/lib/pgsql/test/regress(/.*)?
++.br
++
++.br
++.B postgresql_etc_t
++
++ /etc/postgresql(/.*)?
++.br
++ /etc/sysconfig/pgsql(/.*)?
++.br
++
++.br
++.B postgresql_log_t
++
++ /var/lib/pgsql/.*\.log
++.br
++ /var/log/rhdb/rhdb(/.*)?
++.br
++ /var/log/postgresql(/.*)?
++.br
++ /var/log/postgres\.log.*
++.br
++ /var/lib/pgsql/logfile(/.*)?
++.br
++ /var/log/sepostgresql\.log.*
++.br
++ /var/lib/sepgsql/pgstartup\.log
++.br
++
++.br
++.B postgresql_tmp_t
++
++
++.br
++.B postgresql_var_run_t
++
++ /var/run/postgresql(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -14512,46 +17412,48 @@ index 0000000..6289e0e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dnssec(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dovecot_selinux.8 b/man/man8/dovecot_selinux.8
++selinux(8), dbadm(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/dbskkd_selinux.8 b/man/man8/dbskkd_selinux.8
new file mode 100644
-index 0000000..dd2065a
+index 0000000..702c0d6
--- /dev/null
-+++ b/man/man8/dovecot_selinux.8
-@@ -0,0 +1,223 @@
-+.TH "dovecot_selinux" "8" "dovecot" "dwalsh at redhat.com" "dovecot SELinux Policy documentation"
++++ b/man/man8/dbskkd_selinux.8
+@@ -0,0 +1,141 @@
++.TH "dbskkd_selinux" "8" "dbskkd" "dwalsh at redhat.com" "dbskkd SELinux Policy documentation"
+.SH "NAME"
-+dovecot_selinux \- Security Enhanced Linux Policy for the dovecot processes
++dbskkd_selinux \- Security Enhanced Linux Policy for the dbskkd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dovecot processes via flexible mandatory access
++Security-Enhanced Linux secures the dbskkd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dbskkd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dbskkd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -14560,153 +17462,184 @@ index 0000000..dd2065a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible.
++SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
+.PP
-+The following file types are defined for dovecot:
++The following file types are defined for dbskkd:
+
+
+.EX
+.PP
-+.B dovecot_auth_exec_t
++.B dbskkd_exec_t
+.EE
+
-+- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.
++- Set files with the dbskkd_exec_t type, if you want to transition an executable to the dbskkd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/auth, /usr/libexec/dovecot/dovecot-auth
+
+.EX
+.PP
-+.B dovecot_auth_tmp_t
++.B dbskkd_tmp_t
+.EE
+
-+- Set files with the dovecot_auth_tmp_t type, if you want to store dovecot auth temporary files in the /tmp directories.
++- Set files with the dbskkd_tmp_t type, if you want to store dbskkd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dovecot_cert_t
++.B dbskkd_var_run_t
+.EE
+
-+- Set files with the dovecot_cert_t type, if you want to treat the files as dovecot certificate data.
++- Set files with the dbskkd_var_run_t type, if you want to store the dbskkd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/ssl/certs/dovecot\.pem, /usr/share/ssl/private/dovecot\.pem, /etc/pki/dovecot(/.*)?
+
-+.EX
+.PP
-+.B dovecot_deliver_exec_t
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
++.B semanage port -l
+
-+.EX
+.PP
-+.B dovecot_deliver_tmp_t
++Policy governs the access confined processes have to these ports.
++SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
++.PP
++The following port types are defined for dbskkd:
++
++.EX
++.TP 5
++.B dbskkd_port_t
++.TP 10
+.EE
+
-+- Set files with the dovecot_deliver_tmp_t type, if you want to store dovecot deliver temporary files in the /tmp directories.
+
++Default Defined Ports:
++tcp 1178
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible.
++.PP
++The following process types are defined for dbskkd:
+
+.EX
-+.PP
-+.B dovecot_etc_t
++.B dbskkd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the dovecot_etc_t type, if you want to store dovecot files in the /etc directories.
++.SH "MANAGED FILES"
++
++The SELinux user type dbskkd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/etc/dovecot(/.*)?*, /etc/dovecot\.conf.*
++.B dbskkd_tmp_t
+
-+.EX
-+.PP
-+.B dovecot_exec_t
-+.EE
+
-+- Set files with the dovecot_exec_t type, if you want to transition an executable to the dovecot_t domain.
++.br
++.B dbskkd_var_run_t
+
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B dovecot_initrc_exec_t
-+.EE
-+
-+- Set files with the dovecot_initrc_exec_t type, if you want to transition an executable to the dovecot_initrc_t domain.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
+
-+.EX
+.PP
-+.B dovecot_keytab_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the dovecot_keytab_t type, if you want to treat the files as kerberos keytab files.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dcc_client_selinux.8 b/man/man8/dcc_client_selinux.8
+new file mode 100644
+index 0000000..98c2a6b
+--- /dev/null
++++ b/man/man8/dcc_client_selinux.8
+@@ -0,0 +1,137 @@
++.TH "dcc_client_selinux" "8" "dcc_client" "dwalsh at redhat.com" "dcc_client SELinux Policy documentation"
++.SH "NAME"
++dcc_client_selinux \- Security Enhanced Linux Policy for the dcc_client processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B dovecot_passwd_t
-+.EE
++Security-Enhanced Linux secures the dcc_client processes via flexible mandatory access
++control.
+
-+- Set files with the dovecot_passwd_t type, if you want to treat the files as dovecot passwd data.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dcc_client_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B dovecot_spool_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the dovecot_spool_t type, if you want to store the dovecot files under the /var/spool directory.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the dcc_client_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B dovecot_tmp_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the dovecot_tmp_t type, if you want to store dovecot temporary files in the /tmp directories.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux dcc_client policy is very flexible allowing users to setup their dcc_client processes in as secure a method as possible.
++.PP
++The following file types are defined for dcc_client:
+
+
+.EX
+.PP
-+.B dovecot_var_lib_t
++.B dcc_client_exec_t
+.EE
+
-+- Set files with the dovecot_var_lib_t type, if you want to store the dovecot files under the /var/lib directory.
++- Set files with the dcc_client_exec_t type, if you want to transition an executable to the dcc_client_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/dovecot/login/ssl-parameters.dat, /var/lib/dovecot(/.*)?
+
+.EX
+.PP
-+.B dovecot_var_log_t
++.B dcc_client_map_t
+.EE
+
-+- Set files with the dovecot_var_log_t type, if you want to treat the data as dovecot var log data, usually stored under the /var/log directory.
++- Set files with the dcc_client_map_t type, if you want to treat the files as dcc client map data.
+
+.br
+.TP 5
+Paths:
-+/var/log/dovecot\.log.*, /var/log/dovecot(/.*)?
++/var/lib/dcc/map, /etc/dcc/map, /var/run/dcc/map, /var/dcc/map
+
+.EX
+.PP
-+.B dovecot_var_run_t
++.B dcc_client_tmp_t
+.EE
+
-+- Set files with the dovecot_var_run_t type, if you want to store the dovecot files under the /run directory.
++- Set files with the dcc_client_tmp_t type, if you want to store dcc client temporary files in the /tmp directories.
+
+
+.PP
@@ -14722,18 +17655,48 @@ index 0000000..dd2065a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible.
++SELinux dcc_client policy is very flexible allowing users to setup their dcc_client processes in as secure a method as possible.
+.PP
-+The following process types are defined for dovecot:
++The following process types are defined for dcc_client:
+
+.EX
-+.B dovecot_deliver_t, dovecot_auth_t, dovecot_t
++.B dcc_client_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dcc_client_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
++.br
++.B dcc_client_tmp_t
++
++
++.br
++.B dcc_var_t
++
++ /etc/dcc(/.*)?
++.br
++ /var/dcc(/.*)?
++.br
++ /var/lib/dcc(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14749,63 +17712,65 @@ index 0000000..dd2065a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/drbd_selinux.8 b/man/man8/drbd_selinux.8
++selinux(8), dcc_client(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dcc_dbclean_selinux.8 b/man/man8/dcc_dbclean_selinux.8
new file mode 100644
-index 0000000..d38f112
+index 0000000..cbbceb2
--- /dev/null
-+++ b/man/man8/drbd_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "drbd_selinux" "8" "drbd" "dwalsh at redhat.com" "drbd SELinux Policy documentation"
++++ b/man/man8/dcc_dbclean_selinux.8
+@@ -0,0 +1,125 @@
++.TH "dcc_dbclean_selinux" "8" "dcc_dbclean" "dwalsh at redhat.com" "dcc_dbclean SELinux Policy documentation"
+.SH "NAME"
-+drbd_selinux \- Security Enhanced Linux Policy for the drbd processes
++dcc_dbclean_selinux \- Security Enhanced Linux Policy for the dcc_dbclean processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the drbd processes via flexible mandatory access
++Security-Enhanced Linux secures the dcc_dbclean processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dcc_dbclean_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dcc_dbclean_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux drbd policy is very flexible allowing users to setup their drbd processes in as secure a method as possible.
++SELinux dcc_dbclean policy is very flexible allowing users to setup their dcc_dbclean processes in as secure a method as possible.
+.PP
-+The following file types are defined for drbd:
-+
-+
-+.EX
-+.PP
-+.B drbd_exec_t
-+.EE
-+
-+- Set files with the drbd_exec_t type, if you want to transition an executable to the drbd_t domain.
++The following file types are defined for dcc_dbclean:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/drbdadm, /sbin/drbdadm, /usr/lib/ocf/resource.\d/linbit/drbd, /usr/sbin/drbdsetup, /sbin/drbdsetup
+
+.EX
+.PP
-+.B drbd_lock_t
++.B dcc_dbclean_exec_t
+.EE
+
-+- Set files with the drbd_lock_t type, if you want to treat the files as drbd lock data, stored under the /var/lock directory
++- Set files with the dcc_dbclean_exec_t type, if you want to transition an executable to the dcc_dbclean_t domain.
+
+
+.EX
+.PP
-+.B drbd_var_lib_t
++.B dcc_dbclean_tmp_t
+.EE
+
-+- Set files with the drbd_var_lib_t type, if you want to store the drbd files under the /var/lib directory.
++- Set files with the dcc_dbclean_tmp_t type, if you want to store dcc dbclean temporary files in the /tmp directories.
+
+
+.PP
@@ -14821,18 +17786,48 @@ index 0000000..d38f112
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux drbd policy is very flexible allowing users to setup their drbd processes in as secure a method as possible.
++SELinux dcc_dbclean policy is very flexible allowing users to setup their dcc_dbclean processes in as secure a method as possible.
+.PP
-+The following process types are defined for drbd:
++The following process types are defined for dcc_dbclean:
+
+.EX
-+.B drbd_t
++.B dcc_dbclean_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dcc_dbclean_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
++.br
++.B dcc_dbclean_tmp_t
++
++
++.br
++.B dcc_var_t
++
++ /etc/dcc(/.*)?
++.br
++ /var/dcc(/.*)?
++.br
++ /var/lib/dcc(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14848,38 +17843,38 @@ index 0000000..d38f112
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/dspam_selinux.8 b/man/man8/dspam_selinux.8
++selinux(8), dcc_dbclean(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dccd_selinux.8 b/man/man8/dccd_selinux.8
new file mode 100644
-index 0000000..981857d
+index 0000000..8d23c5b
--- /dev/null
-+++ b/man/man8/dspam_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "dspam_selinux" "8" "dspam" "dwalsh at redhat.com" "dspam SELinux Policy documentation"
++++ b/man/man8/dccd_selinux.8
+@@ -0,0 +1,177 @@
++.TH "dccd_selinux" "8" "dccd" "dwalsh at redhat.com" "dccd SELinux Policy documentation"
+.SH "NAME"
-+dspam_selinux \- Security Enhanced Linux Policy for the dspam processes
++dccd_selinux \- Security Enhanced Linux Policy for the dccd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dspam processes via flexible mandatory access
++Security-Enhanced Linux secures the dccd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dspam_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the dspam_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dccifd_t, dccm_t, dcc_client_t, dcc_dbclean_t, dccd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -14888,84 +17883,130 @@ index 0000000..981857d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux dspam policy is very flexible allowing users to setup their dspam processes in as secure a method as possible.
++SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
+.PP
-+The following file types are defined for dspam:
++The following file types are defined for dccd:
+
+
+.EX
+.PP
-+.B dspam_exec_t
++.B dccd_exec_t
+.EE
+
-+- Set files with the dspam_exec_t type, if you want to transition an executable to the dspam_t domain.
++- Set files with the dccd_exec_t type, if you want to transition an executable to the dccd_t domain.
+
+
+.EX
+.PP
-+.B dspam_initrc_exec_t
++.B dccd_tmp_t
+.EE
+
-+- Set files with the dspam_initrc_exec_t type, if you want to transition an executable to the dspam_initrc_t domain.
++- Set files with the dccd_tmp_t type, if you want to store dccd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B dspam_log_t
++.B dccd_var_run_t
+.EE
+
-+- Set files with the dspam_log_t type, if you want to treat the data as dspam log data, usually stored under the /var/log directory.
++- Set files with the dccd_var_run_t type, if you want to store the dccd files under the /run directory.
+
+
-+.EX
+.PP
-+.B dspam_tmp_t
-+.EE
-+
-+- Set files with the dspam_tmp_t type, if you want to store dspam temporary files in the /tmp directories.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B dspam_var_lib_t
-+.EE
++You can see the types associated with a port by using the following command:
+
-+- Set files with the dspam_var_lib_t type, if you want to store the dspam files under the /var/lib directory.
++.B semanage port -l
+
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
++.PP
++The following port types are defined for dccd:
+
+.EX
-+.PP
-+.B dspam_var_run_t
++.TP 5
++.B dcc_port_t
++.TP 10
+.EE
+
-+- Set files with the dspam_var_run_t type, if you want to store the dspam files under the /run directory.
+
++Default Defined Ports:
++udp 6276,6277
++.EE
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.EX
++.TP 5
++.B dccm_port_t
++.TP 10
++.EE
+
++
++Default Defined Ports:
++tcp 5679
++.EE
++udp 5679
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux dspam policy is very flexible allowing users to setup their dspam processes in as secure a method as possible.
++SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible.
+.PP
-+The following process types are defined for dspam:
++The following process types are defined for dccd:
+
+.EX
-+.B dspam_t
++.B dccm_t, dcc_client_t, dcc_dbclean_t, dccifd_t, dccd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dccd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
++.br
++.B dcc_var_t
++
++ /etc/dcc(/.*)?
++.br
++ /var/dcc(/.*)?
++.br
++ /var/lib/dcc(/.*)?
++.br
++
++.br
++.B dccd_tmp_t
++
++
++.br
++.B dccd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -14976,54 +18017,48 @@ index 0000000..981857d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/entropyd_selinux.8 b/man/man8/entropyd_selinux.8
++selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1)
++, dcc_client_selinux(8), dcc_dbclean_selinux(8), dccifd_selinux(8), dccm_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dccifd_selinux.8 b/man/man8/dccifd_selinux.8
new file mode 100644
-index 0000000..0ce9c6d
+index 0000000..03586d8
--- /dev/null
-+++ b/man/man8/entropyd_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "entropyd_selinux" "8" "entropyd" "dwalsh at redhat.com" "entropyd SELinux Policy documentation"
++++ b/man/man8/dccifd_selinux.8
+@@ -0,0 +1,145 @@
++.TH "dccifd_selinux" "8" "dccifd" "dwalsh at redhat.com" "dccifd SELinux Policy documentation"
+.SH "NAME"
-+entropyd_selinux \- Security Enhanced Linux Policy for the entropyd processes
++dccifd_selinux \- Security Enhanced Linux Policy for the dccifd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the entropyd processes via flexible mandatory access
++Security-Enhanced Linux secures the dccifd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. entropyd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run entropyd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow the use of the audio devices as the source for the entropy feeds, you must turn on the entropyd_use_audio boolean.
-+
-+.EX
-+.B setsebool -P entropyd_use_audio 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the entropyd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccifd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the entropyd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dccifd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -15032,34 +18067,38 @@ index 0000000..0ce9c6d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux entropyd policy is very flexible allowing users to setup their entropyd processes in as secure a method as possible.
++SELinux dccifd policy is very flexible allowing users to setup their dccifd processes in as secure a method as possible.
+.PP
-+The following file types are defined for entropyd:
++The following file types are defined for dccifd:
+
+
+.EX
+.PP
-+.B entropyd_exec_t
++.B dccifd_exec_t
+.EE
+
-+- Set files with the entropyd_exec_t type, if you want to transition an executable to the entropyd_t domain.
++- Set files with the dccifd_exec_t type, if you want to transition an executable to the dccifd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/audio-entropyd, /usr/sbin/haveged
+
+.EX
+.PP
-+.B entropyd_var_run_t
++.B dccifd_tmp_t
+.EE
+
-+- Set files with the entropyd_var_run_t type, if you want to store the entropyd files under the /run directory.
++- Set files with the dccifd_tmp_t type, if you want to store dccifd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B dccifd_var_run_t
++.EE
++
++- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/audio-entropyd\.pid, /var/run/haveged\.pid
++/etc/dcc/dccifd, /var/run/dcc/dccifd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15074,18 +18113,56 @@ index 0000000..0ce9c6d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux entropyd policy is very flexible allowing users to setup their entropyd processes in as secure a method as possible.
++SELinux dccifd policy is very flexible allowing users to setup their dccifd processes in as secure a method as possible.
+.PP
-+The following process types are defined for entropyd:
++The following process types are defined for dccifd:
+
+.EX
-+.B entropyd_t
++.B dccifd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dccifd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
++.br
++.B dcc_var_t
++
++ /etc/dcc(/.*)?
++.br
++ /var/dcc(/.*)?
++.br
++ /var/lib/dcc(/.*)?
++.br
++
++.br
++.B dccifd_tmp_t
++
++
++.br
++.B dccifd_var_run_t
++
++ /etc/dcc/dccifd
++.br
++ /var/run/dcc/dccifd
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15096,77 +18173,78 @@ index 0000000..0ce9c6d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), entropyd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/eventlogd_selinux.8 b/man/man8/eventlogd_selinux.8
++selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dccm_selinux.8 b/man/man8/dccm_selinux.8
new file mode 100644
-index 0000000..77d6098
+index 0000000..21fd91f
--- /dev/null
-+++ b/man/man8/eventlogd_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "eventlogd_selinux" "8" "eventlogd" "dwalsh at redhat.com" "eventlogd SELinux Policy documentation"
++++ b/man/man8/dccm_selinux.8
+@@ -0,0 +1,165 @@
++.TH "dccm_selinux" "8" "dccm" "dwalsh at redhat.com" "dccm SELinux Policy documentation"
+.SH "NAME"
-+eventlogd_selinux \- Security Enhanced Linux Policy for the eventlogd processes
++dccm_selinux \- Security Enhanced Linux Policy for the dccm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the eventlogd processes via flexible mandatory access
++Security-Enhanced Linux secures the dccm processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dccm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dccm_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux eventlogd policy is very flexible allowing users to setup their eventlogd processes in as secure a method as possible.
++SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
+.PP
-+The following file types are defined for eventlogd:
-+
-+
-+.EX
-+.PP
-+.B eventlogd_exec_t
-+.EE
-+
-+- Set files with the eventlogd_exec_t type, if you want to transition an executable to the eventlogd_t domain.
++The following file types are defined for dccm:
+
+
+.EX
+.PP
-+.B eventlogd_var_lib_t
++.B dccm_exec_t
+.EE
+
-+- Set files with the eventlogd_var_lib_t type, if you want to store the eventlogd files under the /var/lib directory.
++- Set files with the dccm_exec_t type, if you want to transition an executable to the dccm_t domain.
+
+
+.EX
+.PP
-+.B eventlogd_var_run_t
++.B dccm_tmp_t
+.EE
+
-+- Set files with the eventlogd_var_run_t type, if you want to store the eventlogd files under the /run directory.
++- Set files with the dccm_tmp_t type, if you want to store dccm temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B eventlogd_var_socket_t
++.B dccm_var_run_t
+.EE
+
-+- Set files with the eventlogd_var_socket_t type, if you want to treat the files as eventlogd var socket data.
++- Set files with the dccm_var_run_t type, if you want to store the dccm files under the /run directory.
+
+
+.PP
@@ -15176,24 +18254,83 @@ index 0000000..77d6098
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
++.PP
++The following port types are defined for dccm:
++
++.EX
++.TP 5
++.B dccm_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5679
++.EE
++udp 5679
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux eventlogd policy is very flexible allowing users to setup their eventlogd processes in as secure a method as possible.
++SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible.
+.PP
-+The following process types are defined for eventlogd:
++The following process types are defined for dccm:
+
+.EX
-+.B eventlogd_t
++.B dccm_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dccm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcc_client_map_t
++
++ /etc/dcc/map
++.br
++ /var/dcc/map
++.br
++ /var/lib/dcc/map
++.br
++ /var/run/dcc/map
++.br
++
++.br
++.B dcc_var_t
++
++ /etc/dcc(/.*)?
++.br
++ /var/dcc(/.*)?
++.br
++ /var/lib/dcc(/.*)?
++.br
++
++.br
++.B dccm_tmp_t
++
++
++.br
++.B dccm_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15204,27 +18341,30 @@ index 0000000..77d6098
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/evtchnd_selinux.8 b/man/man8/evtchnd_selinux.8
++selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dcerpcd_selinux.8 b/man/man8/dcerpcd_selinux.8
new file mode 100644
-index 0000000..28b3a31
+index 0000000..c9ee53a
--- /dev/null
-+++ b/man/man8/evtchnd_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "evtchnd_selinux" "8" "evtchnd" "dwalsh at redhat.com" "evtchnd SELinux Policy documentation"
++++ b/man/man8/dcerpcd_selinux.8
+@@ -0,0 +1,111 @@
++.TH "dcerpcd_selinux" "8" "dcerpcd" "dwalsh at redhat.com" "dcerpcd SELinux Policy documentation"
+.SH "NAME"
-+evtchnd_selinux \- Security Enhanced Linux Policy for the evtchnd processes
++dcerpcd_selinux \- Security Enhanced Linux Policy for the dcerpcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the evtchnd processes via flexible mandatory access
++Security-Enhanced Linux secures the dcerpcd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -15235,38 +18375,42 @@ index 0000000..28b3a31
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux evtchnd policy is very flexible allowing users to setup their evtchnd processes in as secure a method as possible.
++SELinux dcerpcd policy is very flexible allowing users to setup their dcerpcd processes in as secure a method as possible.
+.PP
-+The following file types are defined for evtchnd:
++The following file types are defined for dcerpcd:
+
+
+.EX
+.PP
-+.B evtchnd_exec_t
++.B dcerpcd_exec_t
+.EE
+
-+- Set files with the evtchnd_exec_t type, if you want to transition an executable to the evtchnd_t domain.
++- Set files with the dcerpcd_exec_t type, if you want to transition an executable to the dcerpcd_t domain.
+
+
+.EX
+.PP
-+.B evtchnd_var_log_t
++.B dcerpcd_var_lib_t
+.EE
+
-+- Set files with the evtchnd_var_log_t type, if you want to treat the data as evtchnd var log data, usually stored under the /var/log directory.
++- Set files with the dcerpcd_var_lib_t type, if you want to store the dcerpcd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B evtchnd_var_run_t
++.B dcerpcd_var_run_t
+.EE
+
-+- Set files with the evtchnd_var_run_t type, if you want to store the evtchnd files under the /run directory.
++- Set files with the dcerpcd_var_run_t type, if you want to store the dcerpcd files under the /run directory.
++
++
++.EX
++.PP
++.B dcerpcd_var_socket_t
++.EE
++
++- Set files with the dcerpcd_var_socket_t type, if you want to treat the files as dcerpcd var socket data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/evtchnd, /var/run/evtchnd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15281,18 +18425,32 @@ index 0000000..28b3a31
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux evtchnd policy is very flexible allowing users to setup their evtchnd processes in as secure a method as possible.
++SELinux dcerpcd policy is very flexible allowing users to setup their dcerpcd processes in as secure a method as possible.
+.PP
-+The following process types are defined for evtchnd:
++The following process types are defined for dcerpcd:
+
+.EX
-+.B evtchnd_t
++.B dcerpcd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dcerpcd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dcerpcd_var_lib_t
++
++ /var/lib/likewise-open/run/rpcdep.dat
++.br
++
++.br
++.B dcerpcd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15308,134 +18466,111 @@ index 0000000..28b3a31
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/exim_selinux.8 b/man/man8/exim_selinux.8
++selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ddclient_selinux.8 b/man/man8/ddclient_selinux.8
new file mode 100644
-index 0000000..4d6add4
+index 0000000..325522c
--- /dev/null
-+++ b/man/man8/exim_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "exim_selinux" "8" "exim" "dwalsh at redhat.com" "exim SELinux Policy documentation"
++++ b/man/man8/ddclient_selinux.8
+@@ -0,0 +1,175 @@
++.TH "ddclient_selinux" "8" "ddclient" "dwalsh at redhat.com" "ddclient SELinux Policy documentation"
+.SH "NAME"
-+exim_selinux \- Security Enhanced Linux Policy for the exim processes
++ddclient_selinux \- Security Enhanced Linux Policy for the ddclient processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the exim processes via flexible mandatory access
++Security-Enhanced Linux secures the ddclient processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. exim policy is extremely flexible and has several booleans that allow you to manipulate the policy and run exim with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
-+
-+.EX
-+.B setsebool -P exim_read_user_files 1
-+.EE
-+
-+.PP
-+If you want to allow exim to connect to databases (postgres, mysql), you must turn on the exim_can_connect_db boolean.
-+
-+.EX
-+.B setsebool -P exim_can_connect_db 1
-+.EE
-+
-+.PP
-+If you want to allow exim to create, read, write, and delete unprivileged user files, you must turn on the exim_manage_user_files boolean.
-+
-+.EX
-+.B setsebool -P exim_manage_user_files 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the exim_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the exim_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux exim policy is very flexible allowing users to setup their exim processes in as secure a method as possible.
++SELinux ddclient policy is very flexible allowing users to setup their ddclient processes in as secure a method as possible.
+.PP
-+The following file types are defined for exim:
++The following file types are defined for ddclient:
+
+
+.EX
+.PP
-+.B exim_exec_t
++.B ddclient_etc_t
+.EE
+
-+- Set files with the exim_exec_t type, if you want to transition an executable to the exim_t domain.
++- Set files with the ddclient_etc_t type, if you want to store ddclient files in the /etc directories.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/exim_tidydb, /usr/sbin/exim[0-9]?
++/etc/ddclient\.conf, /etc/ddtcd\.conf
+
+.EX
+.PP
-+.B exim_initrc_exec_t
++.B ddclient_exec_t
+.EE
+
-+- Set files with the exim_initrc_exec_t type, if you want to transition an executable to the exim_initrc_t domain.
++- Set files with the ddclient_exec_t type, if you want to transition an executable to the ddclient_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/ddclient, /usr/sbin/ddtcd
+
+.EX
+.PP
-+.B exim_keytab_t
++.B ddclient_initrc_exec_t
+.EE
+
-+- Set files with the exim_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the ddclient_initrc_exec_t type, if you want to transition an executable to the ddclient_initrc_t domain.
+
+
+.EX
+.PP
-+.B exim_log_t
++.B ddclient_log_t
+.EE
+
-+- Set files with the exim_log_t type, if you want to treat the data as exim log data, usually stored under the /var/log directory.
++- Set files with the ddclient_log_t type, if you want to treat the data as ddclient log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B exim_spool_t
++.B ddclient_tmp_t
+.EE
+
-+- Set files with the exim_spool_t type, if you want to store the exim files under the /var/spool directory.
++- Set files with the ddclient_tmp_t type, if you want to store ddclient temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B exim_tmp_t
++.B ddclient_var_lib_t
+.EE
+
-+- Set files with the exim_tmp_t type, if you want to store exim temporary files in the /tmp directories.
++- Set files with the ddclient_var_lib_t type, if you want to store the ddclient files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B exim_var_run_t
++.B ddclient_var_run_t
+.EE
+
-+- Set files with the exim_var_run_t type, if you want to store the exim files under the /run directory.
++- Set files with the ddclient_var_run_t type, if you want to store the ddclient files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/ddtcd\.pid, /var/run/ddclient\.pid
++
++.EX
++.PP
++.B ddclient_var_t
++.EE
++
++- Set files with the ddclient_var_t type, if you want to store the ddcl files under the /var directory.
+
+
+.PP
@@ -15451,18 +18586,52 @@ index 0000000..4d6add4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux exim policy is very flexible allowing users to setup their exim processes in as secure a method as possible.
++SELinux ddclient policy is very flexible allowing users to setup their ddclient processes in as secure a method as possible.
+.PP
-+The following process types are defined for exim:
++The following process types are defined for ddclient:
+
+.EX
-+.B exim_t
++.B ddclient_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ddclient_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ddclient_log_t
++
++ /var/log/ddtcd\.log.*
++.br
++
++.br
++.B ddclient_tmp_t
++
++
++.br
++.B ddclient_var_lib_t
++
++ /var/lib/ddt-client(/.*)?
++.br
++
++.br
++.B ddclient_var_run_t
++
++ /var/run/ddtcd\.pid
++.br
++ /var/run/ddclient\.pid
++.br
++
++.br
++.B ddclient_var_t
++
++ /var/cache/ddclient(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15473,48 +18642,43 @@ index 0000000..4d6add4
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), exim(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/fail2ban_selinux.8 b/man/man8/fail2ban_selinux.8
++selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/deltacloudd_selinux.8 b/man/man8/deltacloudd_selinux.8
new file mode 100644
-index 0000000..c627231
+index 0000000..65625b3
--- /dev/null
-+++ b/man/man8/fail2ban_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "fail2ban_selinux" "8" "fail2ban" "dwalsh at redhat.com" "fail2ban SELinux Policy documentation"
++++ b/man/man8/deltacloudd_selinux.8
+@@ -0,0 +1,129 @@
++.TH "deltacloudd_selinux" "8" "deltacloudd" "dwalsh at redhat.com" "deltacloudd SELinux Policy documentation"
+.SH "NAME"
-+fail2ban_selinux \- Security Enhanced Linux Policy for the fail2ban processes
++deltacloudd_selinux \- Security Enhanced Linux Policy for the deltacloudd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fail2ban processes via flexible mandatory access
++Security-Enhanced Linux secures the deltacloudd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fail2ban_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the deltacloudd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the fail2ban_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the deltacloudd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -15523,69 +18687,41 @@ index 0000000..c627231
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible.
++SELinux deltacloudd policy is very flexible allowing users to setup their deltacloudd processes in as secure a method as possible.
+.PP
-+The following file types are defined for fail2ban:
-+
-+
-+.EX
-+.PP
-+.B fail2ban_client_exec_t
-+.EE
-+
-+- Set files with the fail2ban_client_exec_t type, if you want to transition an executable to the fail2ban_client_t domain.
-+
-+
-+.EX
-+.PP
-+.B fail2ban_exec_t
-+.EE
-+
-+- Set files with the fail2ban_exec_t type, if you want to transition an executable to the fail2ban_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/fail2ban-server, /usr/bin/fail2ban
-+
-+.EX
-+.PP
-+.B fail2ban_initrc_exec_t
-+.EE
-+
-+- Set files with the fail2ban_initrc_exec_t type, if you want to transition an executable to the fail2ban_initrc_t domain.
++The following file types are defined for deltacloudd:
+
+
+.EX
+.PP
-+.B fail2ban_log_t
++.B deltacloudd_exec_t
+.EE
+
-+- Set files with the fail2ban_log_t type, if you want to treat the data as fail2ban log data, usually stored under the /var/log directory.
++- Set files with the deltacloudd_exec_t type, if you want to transition an executable to the deltacloudd_t domain.
+
+
+.EX
+.PP
-+.B fail2ban_tmp_t
++.B deltacloudd_log_t
+.EE
+
-+- Set files with the fail2ban_tmp_t type, if you want to store fail2ban temporary files in the /tmp directories.
++- Set files with the deltacloudd_log_t type, if you want to treat the data as deltacloudd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B fail2ban_var_lib_t
++.B deltacloudd_tmp_t
+.EE
+
-+- Set files with the fail2ban_var_lib_t type, if you want to store the fail2ban files under the /var/lib directory.
++- Set files with the deltacloudd_tmp_t type, if you want to store deltacloudd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B fail2ban_var_run_t
++.B deltacloudd_var_run_t
+.EE
+
-+- Set files with the fail2ban_var_run_t type, if you want to store the fail2ban files under the /run directory.
++- Set files with the deltacloudd_var_run_t type, if you want to store the deltacloudd files under the /run directory.
+
+
+.PP
@@ -15601,108 +18737,35 @@ index 0000000..c627231
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible.
++SELinux deltacloudd policy is very flexible allowing users to setup their deltacloudd processes in as secure a method as possible.
+.PP
-+The following process types are defined for fail2ban:
++The following process types are defined for deltacloudd:
+
+.EX
-+.B fail2ban_client_t, fail2ban_t
++.B deltacloudd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fcoemon_selinux.8 b/man/man8/fcoemon_selinux.8
-new file mode 100644
-index 0000000..2fa85bd
---- /dev/null
-+++ b/man/man8/fcoemon_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "fcoemon_selinux" "8" "fcoemon" "dwalsh at redhat.com" "fcoemon SELinux Policy documentation"
-+.SH "NAME"
-+fcoemon_selinux \- Security Enhanced Linux Policy for the fcoemon processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the fcoemon processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux fcoemon policy is very flexible allowing users to setup their fcoemon processes in as secure a method as possible.
-+.PP
-+The following file types are defined for fcoemon:
-+
-+
-+.EX
-+.PP
-+.B fcoemon_exec_t
-+.EE
-+
-+- Set files with the fcoemon_exec_t type, if you want to transition an executable to the fcoemon_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type deltacloudd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B fcoemon_var_run_t
-+.EE
++.br
++.B deltacloudd_log_t
+
-+- Set files with the fcoemon_var_run_t type, if you want to store the fcoemon files under the /run directory.
++ /var/log/deltacloud-core(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/var/run/fcm(/.*)?, /var/run/fcoemon\.pid
++.B deltacloudd_tmp_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux fcoemon policy is very flexible allowing users to setup their fcoemon processes in as secure a method as possible.
-+.PP
-+The following process types are defined for fcoemon:
++.br
++.B deltacloudd_var_run_t
+
-+.EX
-+.B fcoemon_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -15719,56 +18782,38 @@ index 0000000..2fa85bd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fenced_selinux.8 b/man/man8/fenced_selinux.8
++selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/denyhosts_selinux.8 b/man/man8/denyhosts_selinux.8
new file mode 100644
-index 0000000..91c14a1
+index 0000000..1fbd4a1
--- /dev/null
-+++ b/man/man8/fenced_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "fenced_selinux" "8" "fenced" "dwalsh at redhat.com" "fenced SELinux Policy documentation"
++++ b/man/man8/denyhosts_selinux.8
+@@ -0,0 +1,161 @@
++.TH "denyhosts_selinux" "8" "denyhosts" "dwalsh at redhat.com" "denyhosts SELinux Policy documentation"
+.SH "NAME"
-+fenced_selinux \- Security Enhanced Linux Policy for the fenced processes
++denyhosts_selinux \- Security Enhanced Linux Policy for the denyhosts processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fenced processes via flexible mandatory access
++Security-Enhanced Linux secures the denyhosts processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. fenced policy is extremely flexible and has several booleans that allow you to manipulate the policy and run fenced with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
-+
-+.EX
-+.B setsebool -P fenced_can_ssh 1
-+.EE
-+
-+.PP
-+If you want to allow fenced domain to connect to the network using TCP, you must turn on the fenced_can_network_connect boolean.
-+
-+.EX
-+.B setsebool -P fenced_can_network_connect 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fenced_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the denyhosts_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the fenced_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the denyhosts_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -15777,66 +18822,50 @@ index 0000000..91c14a1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fenced policy is very flexible allowing users to setup their fenced processes in as secure a method as possible.
++SELinux denyhosts policy is very flexible allowing users to setup their denyhosts processes in as secure a method as possible.
+.PP
-+The following file types are defined for fenced:
-+
-+
-+.EX
-+.PP
-+.B fenced_exec_t
-+.EE
-+
-+- Set files with the fenced_exec_t type, if you want to transition an executable to the fenced_t domain.
++The following file types are defined for denyhosts:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/fence_tool, /usr/sbin/fence_node, /usr/sbin/fenced
+
+.EX
+.PP
-+.B fenced_lock_t
++.B denyhosts_exec_t
+.EE
+
-+- Set files with the fenced_lock_t type, if you want to treat the files as fenced lock data, stored under the /var/lock directory
++- Set files with the denyhosts_exec_t type, if you want to transition an executable to the denyhosts_t domain.
+
+
+.EX
+.PP
-+.B fenced_tmp_t
++.B denyhosts_initrc_exec_t
+.EE
+
-+- Set files with the fenced_tmp_t type, if you want to store fenced temporary files in the /tmp directories.
++- Set files with the denyhosts_initrc_exec_t type, if you want to transition an executable to the denyhosts_initrc_t domain.
+
+
+.EX
+.PP
-+.B fenced_tmpfs_t
++.B denyhosts_var_lib_t
+.EE
+
-+- Set files with the fenced_tmpfs_t type, if you want to store fenced files on a tmpfs file system.
++- Set files with the denyhosts_var_lib_t type, if you want to store the denyhosts files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B fenced_var_log_t
++.B denyhosts_var_lock_t
+.EE
+
-+- Set files with the fenced_var_log_t type, if you want to treat the data as fenced var log data, usually stored under the /var/log directory.
++- Set files with the denyhosts_var_lock_t type, if you want to treat the files as denyhosts var lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B fenced_var_run_t
++.B denyhosts_var_log_t
+.EE
+
-+- Set files with the fenced_var_run_t type, if you want to store the fenced files under the /run directory.
++- Set files with the denyhosts_var_log_t type, if you want to treat the data as denyhosts var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cluster/fenced_override, /var/run/cluster/fence_scsi.*, /var/run/fenced\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15851,18 +18880,60 @@ index 0000000..91c14a1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fenced policy is very flexible allowing users to setup their fenced processes in as secure a method as possible.
++SELinux denyhosts policy is very flexible allowing users to setup their denyhosts processes in as secure a method as possible.
+.PP
-+The following process types are defined for fenced:
++The following process types are defined for denyhosts:
+
+.EX
-+.B fenced_t
++.B denyhosts_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type denyhosts_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B denyhosts_var_lib_t
++
++ /var/lib/denyhosts(/.*)?
++.br
++
++.br
++.B denyhosts_var_lock_t
++
++ /var/lock/subsys/denyhosts
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15873,32 +18944,27 @@ index 0000000..91c14a1
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fenced(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/fetchmail_selinux.8 b/man/man8/fetchmail_selinux.8
++selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/depmod_selinux.8 b/man/man8/depmod_selinux.8
new file mode 100644
-index 0000000..c5b118c
+index 0000000..fd4ae1c
--- /dev/null
-+++ b/man/man8/fetchmail_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "fetchmail_selinux" "8" "fetchmail" "dwalsh at redhat.com" "fetchmail SELinux Policy documentation"
++++ b/man/man8/depmod_selinux.8
+@@ -0,0 +1,97 @@
++.TH "depmod_selinux" "8" "depmod" "dwalsh at redhat.com" "depmod SELinux Policy documentation"
+.SH "NAME"
-+fetchmail_selinux \- Security Enhanced Linux Policy for the fetchmail processes
++depmod_selinux \- Security Enhanced Linux Policy for the depmod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fetchmail processes via flexible mandatory access
++Security-Enhanced Linux secures the depmod processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -15909,54 +18975,22 @@ index 0000000..c5b118c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fetchmail policy is very flexible allowing users to setup their fetchmail processes in as secure a method as possible.
++SELinux depmod policy is very flexible allowing users to setup their depmod processes in as secure a method as possible.
+.PP
-+The following file types are defined for fetchmail:
-+
-+
-+.EX
-+.PP
-+.B fetchmail_etc_t
-+.EE
-+
-+- Set files with the fetchmail_etc_t type, if you want to store fetchmail files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B fetchmail_exec_t
-+.EE
-+
-+- Set files with the fetchmail_exec_t type, if you want to transition an executable to the fetchmail_t domain.
-+
-+
-+.EX
-+.PP
-+.B fetchmail_home_t
-+.EE
-+
-+- Set files with the fetchmail_home_t type, if you want to store fetchmail files in the users home directory.
++The following file types are defined for depmod:
+
+
+.EX
+.PP
-+.B fetchmail_uidl_cache_t
++.B depmod_exec_t
+.EE
+
-+- Set files with the fetchmail_uidl_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the depmod_exec_t type, if you want to transition an executable to the depmod_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/fetchmail(/.*)?, /var/mail/\.fetchmail-UIDL-cache
-+
-+.EX
-+.PP
-+.B fetchmail_var_run_t
-+.EE
-+
-+- Set files with the fetchmail_var_run_t type, if you want to store the fetchmail files under the /run directory.
-+
++/sbin/depmod.*, /usr/sbin/depmod.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15971,18 +19005,38 @@ index 0000000..c5b118c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fetchmail policy is very flexible allowing users to setup their fetchmail processes in as secure a method as possible.
++SELinux depmod policy is very flexible allowing users to setup their depmod processes in as secure a method as possible.
+.PP
-+The following process types are defined for fetchmail:
++The following process types are defined for depmod:
+
+.EX
-+.B fetchmail_t
++.B depmod_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type depmod_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B modules_dep_t
++
++ /lib/modules/[^/]+/modules\..+
++.br
++
++.br
++.B rpm_script_tmp_t
++
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -15998,38 +19052,38 @@ index 0000000..c5b118c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fingerd_selinux.8 b/man/man8/fingerd_selinux.8
++selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/devicekit_disk_selinux.8 b/man/man8/devicekit_disk_selinux.8
new file mode 100644
-index 0000000..a2d9656
+index 0000000..85ad4ca
--- /dev/null
-+++ b/man/man8/fingerd_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "fingerd_selinux" "8" "fingerd" "dwalsh at redhat.com" "fingerd SELinux Policy documentation"
++++ b/man/man8/devicekit_disk_selinux.8
+@@ -0,0 +1,154 @@
++.TH "devicekit_disk_selinux" "8" "devicekit_disk" "dwalsh at redhat.com" "devicekit_disk SELinux Policy documentation"
+.SH "NAME"
-+fingerd_selinux \- Security Enhanced Linux Policy for the fingerd processes
++devicekit_disk_selinux \- Security Enhanced Linux Policy for the devicekit_disk processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fingerd processes via flexible mandatory access
++Security-Enhanced Linux secures the devicekit_disk processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fingerd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the devicekit_disk_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the fingerd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the devicekit_disk_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -16038,46 +19092,22 @@ index 0000000..a2d9656
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
++SELinux devicekit_disk policy is very flexible allowing users to setup their devicekit_disk processes in as secure a method as possible.
+.PP
-+The following file types are defined for fingerd:
-+
-+
-+.EX
-+.PP
-+.B fingerd_etc_t
-+.EE
-+
-+- Set files with the fingerd_etc_t type, if you want to store fingerd files in the /etc directories.
++The following file types are defined for devicekit_disk:
+
+
+.EX
+.PP
-+.B fingerd_exec_t
++.B devicekit_disk_exec_t
+.EE
+
-+- Set files with the fingerd_exec_t type, if you want to transition an executable to the fingerd_t domain.
++- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/cron\.weekly/(c)?fingerd, /usr/sbin/[cef]fingerd, /usr/sbin/in\.fingerd
-+
-+.EX
-+.PP
-+.B fingerd_log_t
-+.EE
-+
-+- Set files with the fingerd_log_t type, if you want to treat the data as fingerd log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B fingerd_var_run_t
-+.EE
-+
-+- Set files with the fingerd_var_run_t type, if you want to store the fingerd files under the /run directory.
-+
++/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16086,47 +19116,86 @@ index 0000000..a2d9656
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for fingerd:
-+
-+.EX
-+.TP 5
-+.B fingerd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 79
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
++SELinux devicekit_disk policy is very flexible allowing users to setup their devicekit_disk processes in as secure a method as possible.
+.PP
-+The following process types are defined for fingerd:
++The following process types are defined for devicekit_disk:
+
+.EX
-+.B fingerd_t
++.B devicekit_disk_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type devicekit_disk_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B device_t
++
++ /dev/.*
++.br
++ /lib/udev/devices(/.*)?
++.br
++ /usr/lib/udev/devices(/.*)?
++.br
++ /dev
++.br
++ /etc/udev/devices
++.br
++ /var/named/chroot/dev
++.br
++ /var/spool/postfix/dev
++.br
++
++.br
++.B devicekit_tmp_t
++
++
++.br
++.B devicekit_var_lib_t
++
++ /var/lib/udisks.*
++.br
++ /var/lib/upower(/.*)?
++.br
++ /var/lib/DeviceKit-.*
++.br
++
++.br
++.B devicekit_var_run_t
++
++ /var/run/udisks.*
++.br
++ /var/run/devkit(/.*)?
++.br
++ /var/run/upower(/.*)?
++.br
++ /var/run/pm-utils(/.*)?
++.br
++ /var/run/DeviceKit-disks(/.*)?
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B virt_image_type
++
++ all virtual image files
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16137,46 +19206,45 @@ index 0000000..a2d9656
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/firewalld_selinux.8 b/man/man8/firewalld_selinux.8
++selinux(8), devicekit_disk(8), semanage(8), restorecon(8), chcon(1)
++, devicekit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/devicekit_power_selinux.8 b/man/man8/devicekit_power_selinux.8
new file mode 100644
-index 0000000..e15374d
+index 0000000..67dd44e
--- /dev/null
-+++ b/man/man8/firewalld_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "firewalld_selinux" "8" "firewalld" "dwalsh at redhat.com" "firewalld SELinux Policy documentation"
++++ b/man/man8/devicekit_power_selinux.8
+@@ -0,0 +1,168 @@
++.TH "devicekit_power_selinux" "8" "devicekit_power" "dwalsh at redhat.com" "devicekit_power SELinux Policy documentation"
+.SH "NAME"
-+firewalld_selinux \- Security Enhanced Linux Policy for the firewalld processes
++devicekit_power_selinux \- Security Enhanced Linux Policy for the devicekit_power processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the firewalld processes via flexible mandatory access
++Security-Enhanced Linux secures the devicekit_power processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the firewallgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the devicekit_power_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the firewallgui_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the devicekit_power_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -16185,62 +19253,22 @@ index 0000000..e15374d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux firewalld policy is very flexible allowing users to setup their firewalld processes in as secure a method as possible.
++SELinux devicekit_power policy is very flexible allowing users to setup their devicekit_power processes in as secure a method as possible.
+.PP
-+The following file types are defined for firewalld:
-+
-+
-+.EX
-+.PP
-+.B firewalld_etc_rw_t
-+.EE
-+
-+- Set files with the firewalld_etc_rw_t type, if you want to treat the files as firewalld etc read/write content.
-+
-+
-+.EX
-+.PP
-+.B firewalld_exec_t
-+.EE
-+
-+- Set files with the firewalld_exec_t type, if you want to transition an executable to the firewalld_t domain.
-+
-+
-+.EX
-+.PP
-+.B firewalld_initrc_exec_t
-+.EE
-+
-+- Set files with the firewalld_initrc_exec_t type, if you want to transition an executable to the firewalld_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B firewalld_unit_file_t
-+.EE
-+
-+- Set files with the firewalld_unit_file_t type, if you want to treat the files as firewalld unit content.
-+
-+
-+.EX
-+.PP
-+.B firewalld_var_log_t
-+.EE
-+
-+- Set files with the firewalld_var_log_t type, if you want to treat the data as firewalld var log data, usually stored under the /var/log directory.
++The following file types are defined for devicekit_power:
+
+
+.EX
+.PP
-+.B firewalld_var_run_t
++.B devicekit_power_exec_t
+.EE
+
-+- Set files with the firewalld_var_run_t type, if you want to store the firewalld files under the /run directory.
++- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/firewalld\.pid, /var/run/firewalld(/.*)?
++/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16255,18 +19283,94 @@ index 0000000..e15374d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux firewalld policy is very flexible allowing users to setup their firewalld processes in as secure a method as possible.
++SELinux devicekit_power policy is very flexible allowing users to setup their devicekit_power processes in as secure a method as possible.
+.PP
-+The following process types are defined for firewalld:
++The following process types are defined for devicekit_power:
+
+.EX
-+.B firewallgui_t, firewalld_t
++.B devicekit_power_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type devicekit_power_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B config_home_t
++
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
++
++.br
++.B devicekit_tmp_t
++
++
++.br
++.B devicekit_var_lib_t
++
++ /var/lib/udisks.*
++.br
++ /var/lib/upower(/.*)?
++.br
++ /var/lib/DeviceKit-.*
++.br
++
++.br
++.B devicekit_var_log_t
++
++ /var/log/pm-suspend\.log.*
++.br
++ /var/log/pm-powersave\.log.*
++.br
++
++.br
++.B devicekit_var_run_t
++
++ /var/run/udisks.*
++.br
++ /var/run/devkit(/.*)?
++.br
++ /var/run/upower(/.*)?
++.br
++ /var/run/pm-utils(/.*)?
++.br
++ /var/run/DeviceKit-disks(/.*)?
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16282,38 +19386,40 @@ index 0000000..e15374d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/firewallgui_selinux.8 b/man/man8/firewallgui_selinux.8
++selinux(8), devicekit_power(8), semanage(8), restorecon(8), chcon(1)
++, devicekit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/devicekit_selinux.8 b/man/man8/devicekit_selinux.8
new file mode 100644
-index 0000000..38b6b12
+index 0000000..06f38c6
--- /dev/null
-+++ b/man/man8/firewallgui_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "firewallgui_selinux" "8" "firewallgui" "dwalsh at redhat.com" "firewallgui SELinux Policy documentation"
++++ b/man/man8/devicekit_selinux.8
+@@ -0,0 +1,174 @@
++.TH "devicekit_selinux" "8" "devicekit" "dwalsh at redhat.com" "devicekit SELinux Policy documentation"
+.SH "NAME"
-+firewallgui_selinux \- Security Enhanced Linux Policy for the firewallgui processes
++devicekit_selinux \- Security Enhanced Linux Policy for the devicekit processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the firewallgui processes via flexible mandatory access
++Security-Enhanced Linux secures the devicekit processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the firewallgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the devicekit_disk_t, devicekit_power_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the firewallgui_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the devicekit_disk_t, devicekit_power_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -16322,117 +19428,86 @@ index 0000000..38b6b12
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux firewallgui policy is very flexible allowing users to setup their firewallgui processes in as secure a method as possible.
++SELinux devicekit policy is very flexible allowing users to setup their devicekit processes in as secure a method as possible.
+.PP
-+The following file types are defined for firewallgui:
++The following file types are defined for devicekit:
+
+
+.EX
+.PP
-+.B firewallgui_exec_t
++.B devicekit_disk_exec_t
+.EE
+
-+- Set files with the firewallgui_exec_t type, if you want to transition an executable to the firewallgui_t domain.
++- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
+
+.EX
+.PP
-+.B firewallgui_tmp_t
++.B devicekit_exec_t
+.EE
+
-+- Set files with the firewallgui_tmp_t type, if you want to store firewallgui temporary files in the /tmp directories.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the devicekit_exec_t type, if you want to transition an executable to the devicekit_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux firewallgui policy is very flexible allowing users to setup their firewallgui processes in as secure a method as possible.
-+.PP
-+The following process types are defined for firewallgui:
+
+.EX
-+.B firewallgui_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B devicekit_power_exec_t
++.EE
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.TP 5
++Paths:
++/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon
+
-+.SH "SEE ALSO"
-+selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/firstboot_selinux.8 b/man/man8/firstboot_selinux.8
-new file mode 100644
-index 0000000..264d99f
---- /dev/null
-+++ b/man/man8/firstboot_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "firstboot_selinux" "8" "firstboot" "dwalsh at redhat.com" "firstboot SELinux Policy documentation"
-+.SH "NAME"
-+firstboot_selinux \- Security Enhanced Linux Policy for the firstboot processes
-+.SH "DESCRIPTION"
++.EX
++.PP
++.B devicekit_tmp_t
++.EE
+
-+Security-Enhanced Linux secures the firstboot processes via flexible mandatory access
-+control.
++- Set files with the devicekit_tmp_t type, if you want to store devicekit temporary files in the /tmp directories.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux firstboot policy is very flexible allowing users to setup their firstboot processes in as secure a method as possible.
-+.PP
-+The following file types are defined for firstboot:
++.B devicekit_var_lib_t
++.EE
++
++- Set files with the devicekit_var_lib_t type, if you want to store the devicekit files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/udisks.*, /var/lib/DeviceKit-.*, /var/lib/upower(/.*)?
+
+.EX
+.PP
-+.B firstboot_etc_t
++.B devicekit_var_log_t
+.EE
+
-+- Set files with the firstboot_etc_t type, if you want to store firstboot files in the /etc directories.
++- Set files with the devicekit_var_log_t type, if you want to treat the data as devicekit var log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/pm-suspend\.log.*, /var/log/pm-powersave\.log.*
+
+.EX
+.PP
-+.B firstboot_exec_t
++.B devicekit_var_run_t
+.EE
+
-+- Set files with the firstboot_exec_t type, if you want to transition an executable to the firstboot_t domain.
++- Set files with the devicekit_var_run_t type, if you want to store the devicekit files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/share/firstboot/firstboot\.py, /usr/sbin/firstboot
++/var/run/upower(/.*)?, /var/run/udisks.*, /var/run/devkit(/.*)?, /var/run/DeviceKit-disks(/.*)?, /var/run/pm-utils(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16447,18 +19522,36 @@ index 0000000..264d99f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux firstboot policy is very flexible allowing users to setup their firstboot processes in as secure a method as possible.
++SELinux devicekit policy is very flexible allowing users to setup their devicekit processes in as secure a method as possible.
+.PP
-+The following process types are defined for firstboot:
++The following process types are defined for devicekit:
+
+.EX
-+.B firstboot_t
++.B devicekit_power_t, devicekit_disk_t, devicekit_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type devicekit_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B devicekit_var_run_t
++
++ /var/run/udisks.*
++.br
++ /var/run/devkit(/.*)?
++.br
++ /var/run/upower(/.*)?
++.br
++ /var/run/pm-utils(/.*)?
++.br
++ /var/run/DeviceKit-disks(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16474,68 +19567,115 @@ index 0000000..264d99f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/foghorn_selinux.8 b/man/man8/foghorn_selinux.8
++selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1)
++, devicekit_disk_selinux(8), devicekit_power_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dhcpc_selinux.8 b/man/man8/dhcpc_selinux.8
new file mode 100644
-index 0000000..8b3fea3
+index 0000000..e06b4c5
--- /dev/null
-+++ b/man/man8/foghorn_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "foghorn_selinux" "8" "foghorn" "dwalsh at redhat.com" "foghorn SELinux Policy documentation"
++++ b/man/man8/dhcpc_selinux.8
+@@ -0,0 +1,248 @@
++.TH "dhcpc_selinux" "8" "dhcpc" "dwalsh at redhat.com" "dhcpc SELinux Policy documentation"
+.SH "NAME"
-+foghorn_selinux \- Security Enhanced Linux Policy for the foghorn processes
++dhcpc_selinux \- Security Enhanced Linux Policy for the dhcpc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the foghorn processes via flexible mandatory access
++Security-Enhanced Linux secures the dhcpc processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. dhcpc policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpc with the tightest access possible.
++
++
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dhcpc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dhcpc_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux foghorn policy is very flexible allowing users to setup their foghorn processes in as secure a method as possible.
++SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
+.PP
-+The following file types are defined for foghorn:
++The following file types are defined for dhcpc:
+
+
+.EX
+.PP
-+.B foghorn_exec_t
++.B dhcpc_exec_t
+.EE
+
-+- Set files with the foghorn_exec_t type, if you want to transition an executable to the foghorn_t domain.
++- Set files with the dhcpc_exec_t type, if you want to transition an executable to the dhcpc_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/dhcpcd, /sbin/dhcpcd, /usr/sbin/pump, /sbin/dhclient.*, /usr/sbin/dhclient.*, /sbin/pump, /usr/sbin/dhcdbd, /sbin/dhcdbd
++
++.EX
++.PP
++.B dhcpc_helper_exec_t
++.EE
++
++- Set files with the dhcpc_helper_exec_t type, if you want to transition an executable to the dhcpc_helper_t domain.
+
+
+.EX
+.PP
-+.B foghorn_tmpfs_t
++.B dhcpc_state_t
+.EE
+
-+- Set files with the foghorn_tmpfs_t type, if you want to store foghorn files on a tmpfs file system.
++- Set files with the dhcpc_state_t type, if you want to treat the files as dhcpc state data.
+
++.br
++.TP 5
++Paths:
++/var/lib/dhclient(/.*)?, /var/lib/dhcp3?/dhclient.*, /var/lib/wifiroamd(/.*)?, /var/lib/dhcpcd(/.*)?
+
+.EX
+.PP
-+.B foghorn_var_log_t
++.B dhcpc_tmp_t
+.EE
+
-+- Set files with the foghorn_var_log_t type, if you want to treat the data as foghorn var log data, usually stored under the /var/log directory.
++- Set files with the dhcpc_tmp_t type, if you want to store dhcpc temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B foghorn_var_run_t
++.B dhcpc_var_run_t
+.EE
+
-+- Set files with the foghorn_var_run_t type, if you want to store the foghorn files under the /run directory.
++- Set files with the dhcpc_var_run_t type, if you want to store the dhcpc files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/dhclient.*, /var/run/dhcpcd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16544,24 +19684,123 @@ index 0000000..8b3fea3
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
++.PP
++The following port types are defined for dhcpc:
++
++.EX
++.TP 5
++.B dhcpc_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 68,546
++.EE
++udp 68,546
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux foghorn policy is very flexible allowing users to setup their foghorn processes in as secure a method as possible.
++SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible.
+.PP
-+The following process types are defined for foghorn:
++The following process types are defined for dhcpc:
+
+.EX
-+.B foghorn_t
++.B dhcpc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dhcpc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dhcpc_state_t
++
++ /var/lib/dhcp3?/dhclient.*
++.br
++ /var/lib/dhcpcd(/.*)?
++.br
++ /var/lib/dhclient(/.*)?
++.br
++ /var/lib/wifiroamd(/.*)?
++.br
++
++.br
++.B dhcpc_tmp_t
++
++
++.br
++.B dhcpc_var_run_t
++
++ /var/run/dhcpcd(/.*)?
++.br
++ /var/run/dhclient.*
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16572,43 +19811,69 @@ index 0000000..8b3fea3
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fprintd_selinux.8 b/man/man8/fprintd_selinux.8
++selinux(8), dhcpc(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/dhcpd_selinux.8 b/man/man8/dhcpd_selinux.8
new file mode 100644
-index 0000000..182329d
+index 0000000..8630347
--- /dev/null
-+++ b/man/man8/fprintd_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "fprintd_selinux" "8" "fprintd" "dwalsh at redhat.com" "fprintd SELinux Policy documentation"
++++ b/man/man8/dhcpd_selinux.8
+@@ -0,0 +1,216 @@
++.TH "dhcpd_selinux" "8" "dhcpd" "dwalsh at redhat.com" "dhcpd SELinux Policy documentation"
+.SH "NAME"
-+fprintd_selinux \- Security Enhanced Linux Policy for the fprintd processes
++dhcpd_selinux \- Security Enhanced Linux Policy for the dhcpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fprintd processes via flexible mandatory access
++Security-Enhanced Linux secures the dhcpd processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. dhcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpd with the tightest access possible.
++
++
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
++.PP
++If you want to allow DHCP daemon to use LDAP backends, you must turn on the dhcpd_use_ldap boolean.
++
++.EX
++.B setsebool -P dhcpd_use_ldap 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fprintd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dhcpd_t, dhcpc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the fprintd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dhcpd_t, dhcpc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -16617,25 +19882,61 @@ index 0000000..182329d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fprintd policy is very flexible allowing users to setup their fprintd processes in as secure a method as possible.
++SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for fprintd:
++The following file types are defined for dhcpd:
+
+
+.EX
+.PP
-+.B fprintd_exec_t
++.B dhcpd_exec_t
+.EE
+
-+- Set files with the fprintd_exec_t type, if you want to transition an executable to the fprintd_t domain.
++- Set files with the dhcpd_exec_t type, if you want to transition an executable to the dhcpd_t domain.
+
+
+.EX
+.PP
-+.B fprintd_var_lib_t
++.B dhcpd_initrc_exec_t
+.EE
+
-+- Set files with the fprintd_var_lib_t type, if you want to store the fprintd files under the /var/lib directory.
++- Set files with the dhcpd_initrc_exec_t type, if you want to transition an executable to the dhcpd_initrc_t domain.
++
++
++.EX
++.PP
++.B dhcpd_state_t
++.EE
++
++- Set files with the dhcpd_state_t type, if you want to treat the files as dhcpd state data.
++
++.br
++.TP 5
++Paths:
++/var/lib/dhcp(3)?/dhcpd\.leases.*, /var/lib/dhcpd(/.*)?
++
++.EX
++.PP
++.B dhcpd_tmp_t
++.EE
++
++- Set files with the dhcpd_tmp_t type, if you want to store dhcpd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B dhcpd_unit_file_t
++.EE
++
++- Set files with the dhcpd_unit_file_t type, if you want to treat the files as dhcpd unit content.
++
++
++.EX
++.PP
++.B dhcpd_var_run_t
++.EE
++
++- Set files with the dhcpd_var_run_t type, if you want to store the dhcpd files under the /run directory.
+
+
+.PP
@@ -16645,24 +19946,84 @@ index 0000000..182329d
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
++.PP
++The following port types are defined for dhcpd:
++
++.EX
++.TP 5
++.B dhcpc_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 68,546
++.EE
++udp 68,546
++.EE
++
++.EX
++.TP 5
++.B dhcpd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 547,548,647,847,7911
++.EE
++udp 67,547,548,647,847
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fprintd policy is very flexible allowing users to setup their fprintd processes in as secure a method as possible.
++SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for fprintd:
++The following process types are defined for dhcpd:
+
+.EX
-+.B fprintd_t
++.B dhcpc_t, dhcpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dhcpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dhcpd_state_t
++
++ /var/lib/dhcp(3)?/dhcpd\.leases.*
++.br
++ /var/lib/dhcpd(/.*)?
++.br
++
++.br
++.B dhcpd_tmp_t
++
++
++.br
++.B dhcpd_var_run_t
++
++ /var/run/dhcpd(6)?\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16673,43 +20034,51 @@ index 0000000..182329d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/freshclam_selinux.8 b/man/man8/freshclam_selinux.8
++selinux(8), dhcpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), dhcpc_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dictd_selinux.8 b/man/man8/dictd_selinux.8
new file mode 100644
-index 0000000..53bd4b3
+index 0000000..d726f8d
--- /dev/null
-+++ b/man/man8/freshclam_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "freshclam_selinux" "8" "freshclam" "dwalsh at redhat.com" "freshclam SELinux Policy documentation"
++++ b/man/man8/dictd_selinux.8
+@@ -0,0 +1,139 @@
++.TH "dictd_selinux" "8" "dictd" "dwalsh at redhat.com" "dictd SELinux Policy documentation"
+.SH "NAME"
-+freshclam_selinux \- Security Enhanced Linux Policy for the freshclam processes
++dictd_selinux \- Security Enhanced Linux Policy for the dictd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the freshclam processes via flexible mandatory access
++Security-Enhanced Linux secures the dictd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the freshclam_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dictd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the freshclam_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dictd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -16718,30 +20087,34 @@ index 0000000..53bd4b3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux freshclam policy is very flexible allowing users to setup their freshclam processes in as secure a method as possible.
++SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
+.PP
-+The following file types are defined for freshclam:
++The following file types are defined for dictd:
+
+
+.EX
+.PP
-+.B freshclam_exec_t
++.B dictd_exec_t
+.EE
+
-+- Set files with the freshclam_exec_t type, if you want to transition an executable to the freshclam_t domain.
++- Set files with the dictd_exec_t type, if you want to transition an executable to the dictd_t domain.
+
+
+.EX
+.PP
-+.B freshclam_var_log_t
++.B dictd_unit_file_t
+.EE
+
-+- Set files with the freshclam_var_log_t type, if you want to treat the data as freshclam var log data, usually stored under the /var/log directory.
++- Set files with the dictd_unit_file_t type, if you want to treat the files as dictd unit content.
++
++
++.EX
++.PP
++.B dictd_var_run_t
++.EE
++
++- Set files with the dictd_var_run_t type, if you want to store the dictd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/clamav/freshclam.*, /var/log/freshclam.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16750,24 +20123,57 @@ index 0000000..53bd4b3
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
++.PP
++The following port types are defined for dictd:
++
++.EX
++.TP 5
++.B dict_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 2628
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux freshclam policy is very flexible allowing users to setup their freshclam processes in as secure a method as possible.
++SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible.
+.PP
-+The following process types are defined for freshclam:
++The following process types are defined for dictd:
+
+.EX
-+.B freshclam_t
++.B dictd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dictd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dictd_var_run_t
++
++ /var/run/dictd.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16778,69 +20184,206 @@ index 0000000..53bd4b3
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fsadm_selinux.8 b/man/man8/fsadm_selinux.8
++selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dirsrv_selinux.8 b/man/man8/dirsrv_selinux.8
new file mode 100644
-index 0000000..52c7f19
+index 0000000..9cc9487
--- /dev/null
-+++ b/man/man8/fsadm_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "fsadm_selinux" "8" "fsadm" "dwalsh at redhat.com" "fsadm SELinux Policy documentation"
++++ b/man/man8/dirsrv_selinux.8
+@@ -0,0 +1,330 @@
++.TH "dirsrv_selinux" "8" "dirsrv" "dwalsh at redhat.com" "dirsrv SELinux Policy documentation"
+.SH "NAME"
-+fsadm_selinux \- Security Enhanced Linux Policy for the fsadm processes
++dirsrv_selinux \- Security Enhanced Linux Policy for the dirsrv processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fsadm processes via flexible mandatory access
++Security-Enhanced Linux secures the dirsrv processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dirsrv_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dirsrv_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fsadm policy is very flexible allowing users to setup their fsadm processes in as secure a method as possible.
++SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible.
+.PP
-+The following file types are defined for fsadm:
++The following file types are defined for dirsrv:
+
+
+.EX
+.PP
-+.B fsadm_exec_t
++.B dirsrv_config_t
+.EE
+
-+- Set files with the fsadm_exec_t type, if you want to transition an executable to the fsadm_t domain.
++- Set files with the dirsrv_config_t type, if you want to treat the files as dirsrv configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B dirsrv_exec_t
++.EE
++
++- Set files with the dirsrv_exec_t type, if you want to transition an executable to the dirsrv_t domain.
++
++
++.EX
++.PP
++.B dirsrv_share_t
++.EE
++
++- Set files with the dirsrv_share_t type, if you want to treat the files as dirsrv share data.
++
++
++.EX
++.PP
++.B dirsrv_snmp_exec_t
++.EE
++
++- Set files with the dirsrv_snmp_exec_t type, if you want to transition an executable to the dirsrv_snmp_t domain.
++
++
++.EX
++.PP
++.B dirsrv_snmp_var_log_t
++.EE
++
++- Set files with the dirsrv_snmp_var_log_t type, if you want to treat the data as dirsrv snmp var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B dirsrv_snmp_var_run_t
++.EE
++
++- Set files with the dirsrv_snmp_var_run_t type, if you want to store the dirsrv snmp files under the /run directory.
++
++
++.EX
++.PP
++.B dirsrv_tmp_t
++.EE
++
++- Set files with the dirsrv_tmp_t type, if you want to store dirsrv temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B dirsrv_tmpfs_t
++.EE
++
++- Set files with the dirsrv_tmpfs_t type, if you want to store dirsrv files on a tmpfs file system.
++
++
++.EX
++.PP
++.B dirsrv_var_lib_t
++.EE
++
++- Set files with the dirsrv_var_lib_t type, if you want to store the dirsrv files under the /var/lib directory.
++
++
++.EX
++.PP
++.B dirsrv_var_lock_t
++.EE
++
++- Set files with the dirsrv_var_lock_t type, if you want to treat the files as dirsrv var lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B dirsrv_var_log_t
++.EE
++
++- Set files with the dirsrv_var_log_t type, if you want to treat the data as dirsrv var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B dirsrv_var_run_t
++.EE
++
++- Set files with the dirsrv_var_run_t type, if you want to store the dirsrv files under the /run directory.
++
++
++.EX
++.PP
++.B dirsrvadmin_config_t
++.EE
++
++- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
+
+.br
+.TP 5
+Paths:
-+/sbin/partx, /usr/sbin/fdisk, /sbin/mkfs.*, /sbin/blockdev, /usr/sbin/sfdisk, /sbin/dumpe2fs, /sbin/mkdosfs, /usr/sbin/mke2fs, /sbin/mke2fs, /sbin/e4fsck, /usr/sbin/dosfsck, /usr/sbin/blockdev, /sbin/dosfsck, /usr/sbin/lsraid, /usr/bin/partition_uuid, /sbin/raidautorun, /usr/sbin/findfs, /usr/sbin/scsi_info, /sbin/resize.*fs, /usr/sbin/raidstart, /sbin/mkreiserfs, /sbin/sfdisk, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/sbin/partx, /usr/sbin/resize.*fs, /usr/sbin/fsck.*, /usr/sbin/dumpe2fs, /sbin/tune2fs, /usr/sbin/mkdosfs, /sbin/blkid, /usr/sbin/hdparm, /sbin/make_reiser4, /sbin/dump, /sbin/swapon.*, /usr/sbin/jfs_.*, /usr/bin/scsi_unique_id, /sbin/findfs, /usr/sbin/smartctl, /usr/bin/syslinux, /usr/sbin/blkid, /sbin/losetup.*, /usr/sbin/tune2fs, /usr/lib/systemd/systemd-fsck, /sbin/parted, /sbin/partprobe, /usr/sbin/mkfs.*, /sbin/e2label, /usr/sbin/reiserfs(ck|tune), /sbin/mkraid, /sbin/install-mbr, /sbin/scsi_info, /sbin/fsck.*, /usr/sbin/install-mbr, /usr/sbin/
clubufflush, /sbin/jfs_.*, /usr/sbin/mke4fs, /sbin/raidstart, /sbin/lsraid, /usr/sbin/losetup.*, /usr/sbin/mkreiserfs, /usr/sbin/swapon.*, /usr/sbin/e2fsck, /sbin/reiserfs(ck|tune), /usr/sbin/e4fsck, /usr/sbin/dump, /usr/sbin/partprobe, /sbin/fdisk, /sbin/e2fsck, /usr/sbin/e2label, /usr/sbin/parted, /usr/bin/raw, /sbin/mke4fs, /usr/sbin/cfdisk, /sbin/cfdisk, /usr/sbin/mkraid, /sbin/hdparm
++/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
+
+.EX
+.PP
-+.B fsadm_log_t
++.B dirsrvadmin_exec_t
+.EE
+
-+- Set files with the fsadm_log_t type, if you want to treat the data as fsadm log data, usually stored under the /var/log directory.
++- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
+
+.EX
+.PP
-+.B fsadm_tmp_t
++.B dirsrvadmin_lock_t
+.EE
+
-+- Set files with the fsadm_tmp_t type, if you want to store fsadm temporary files in the /tmp directories.
++- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B dirsrvadmin_tmp_t
++.EE
++
++- Set files with the dirsrvadmin_tmp_t type, if you want to store dirsrvadmin temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B dirsrvadmin_unconfined_script_exec_t
++.EE
++
++- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16855,18 +20398,120 @@ index 0000000..52c7f19
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fsadm policy is very flexible allowing users to setup their fsadm processes in as secure a method as possible.
++SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible.
+.PP
-+The following process types are defined for fsadm:
++The following process types are defined for dirsrv:
+
+.EX
-+.B fsadm_t
++.B dirsrvadmin_unconfined_script_t, dirsrv_snmp_t, dirsrvadmin_t, dirsrv_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dirsrv_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dirsrv_config_t
++
++ /etc/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_tmp_t
++
++
++.br
++.B dirsrv_tmpfs_t
++
++
++.br
++.B dirsrv_var_lib_t
++
++ /var/lib/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_lock_t
++
++ /var/lock/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_log_t
++
++ /var/log/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_run_t
++
++ /var/run/dirsrv(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16882,22 +20527,24 @@ index 0000000..52c7f19
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/fsdaemon_selinux.8 b/man/man8/fsdaemon_selinux.8
++selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1)
++, dirsrv_snmp_selinux(8), dirsrvadmin_selinux(8), dirsrvadmin_unconfined_script_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dirsrv_snmp_selinux.8 b/man/man8/dirsrv_snmp_selinux.8
new file mode 100644
-index 0000000..ba27b25
+index 0000000..ba29534
--- /dev/null
-+++ b/man/man8/fsdaemon_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "fsdaemon_selinux" "8" "fsdaemon" "dwalsh at redhat.com" "fsdaemon SELinux Policy documentation"
++++ b/man/man8/dirsrv_snmp_selinux.8
+@@ -0,0 +1,124 @@
++.TH "dirsrv_snmp_selinux" "8" "dirsrv_snmp" "dwalsh at redhat.com" "dirsrv_snmp SELinux Policy documentation"
+.SH "NAME"
-+fsdaemon_selinux \- Security Enhanced Linux Policy for the fsdaemon processes
++dirsrv_snmp_selinux \- Security Enhanced Linux Policy for the dirsrv_snmp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fsdaemon processes via flexible mandatory access
++Security-Enhanced Linux secures the dirsrv_snmp processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -16908,41 +20555,33 @@ index 0000000..ba27b25
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux fsdaemon policy is very flexible allowing users to setup their fsdaemon processes in as secure a method as possible.
++SELinux dirsrv_snmp policy is very flexible allowing users to setup their dirsrv_snmp processes in as secure a method as possible.
+.PP
-+The following file types are defined for fsdaemon:
-+
-+
-+.EX
-+.PP
-+.B fsdaemon_exec_t
-+.EE
-+
-+- Set files with the fsdaemon_exec_t type, if you want to transition an executable to the fsdaemon_t domain.
++The following file types are defined for dirsrv_snmp:
+
+
+.EX
+.PP
-+.B fsdaemon_initrc_exec_t
++.B dirsrv_snmp_exec_t
+.EE
+
-+- Set files with the fsdaemon_initrc_exec_t type, if you want to transition an executable to the fsdaemon_initrc_t domain.
++- Set files with the dirsrv_snmp_exec_t type, if you want to transition an executable to the dirsrv_snmp_t domain.
+
+
+.EX
+.PP
-+.B fsdaemon_tmp_t
++.B dirsrv_snmp_var_log_t
+.EE
+
-+- Set files with the fsdaemon_tmp_t type, if you want to store fsdaemon temporary files in the /tmp directories.
++- Set files with the dirsrv_snmp_var_log_t type, if you want to treat the data as dirsrv snmp var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B fsdaemon_var_run_t
++.B dirsrv_snmp_var_run_t
+.EE
+
-+- Set files with the fsdaemon_var_run_t type, if you want to store the fsdaemon files under the /run directory.
++- Set files with the dirsrv_snmp_var_run_t type, if you want to store the dirsrv snmp files under the /run directory.
+
+
+.PP
@@ -16958,18 +20597,52 @@ index 0000000..ba27b25
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux fsdaemon policy is very flexible allowing users to setup their fsdaemon processes in as secure a method as possible.
++SELinux dirsrv_snmp policy is very flexible allowing users to setup their dirsrv_snmp processes in as secure a method as possible.
+.PP
-+The following process types are defined for fsdaemon:
++The following process types are defined for dirsrv_snmp:
+
+.EX
-+.B fsdaemon_t
++.B dirsrv_snmp_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dirsrv_snmp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dirsrv_snmp_var_log_t
++
++ /var/log/dirsrv/ldap-agent.log.*
++.br
++
++.br
++.B dirsrv_snmp_var_run_t
++
++ /var/run/ldap-agent\.pid
++.br
++
++.br
++.B dirsrv_tmpfs_t
++
++
++.br
++.B snmpd_var_lib_t
++
++ /var/agentx(/.*)?
++.br
++ /var/lib/snmp(/.*)?
++.br
++ /var/net-snmp(/.*)?
++.br
++ /var/lib/net-snmp(/.*)?
++.br
++ /usr/share/snmp/mibs/\.index
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -16985,209 +20658,160 @@ index 0000000..ba27b25
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
-index 5bebd82..fd2036b 100644
---- a/man/man8/ftpd_selinux.8
-+++ b/man/man8/ftpd_selinux.8
-@@ -1,65 +1,346 @@
--.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd SELinux policy documentation"
-+.TH "ftpd_selinux" "8" "ftpd" "dwalsh at redhat.com" "ftpd SELinux Policy documentation"
- .SH "NAME"
--.PP
--ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons.
-+ftpd_selinux \- Security Enhanced Linux Policy for the ftpd processes
- .SH "DESCRIPTION"
++selinux(8), dirsrv_snmp(8), semanage(8), restorecon(8), chcon(1)
++, dirsrv_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dirsrvadmin_selinux.8 b/man/man8/dirsrvadmin_selinux.8
+new file mode 100644
+index 0000000..7e02f77
+--- /dev/null
++++ b/man/man8/dirsrvadmin_selinux.8
+@@ -0,0 +1,126 @@
++.TH "dirsrvadmin_selinux" "8" "dirsrvadmin" "dwalsh at redhat.com" "dirsrvadmin SELinux Policy documentation"
++.SH "NAME"
++dirsrvadmin_selinux \- Security Enhanced Linux Policy for the dirsrvadmin processes
++.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ftpd processes via flexible mandatory access
++Security-Enhanced Linux secures the dirsrvadmin processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. ftpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ftpd with the tightest access possible.
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux dirsrvadmin policy is very flexible allowing users to setup their dirsrvadmin processes in as secure a method as possible.
++.PP
++The following file types are defined for dirsrvadmin:
+
- .PP
--Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
--.SH FILE_CONTEXTS
-+If you want to allow ftp to read and write files in the user home directories, you must turn on the ftp_home_dir boolean.
+
+.EX
-+.B setsebool -P ftp_home_dir 1
++.PP
++.B dirsrvadmin_config_t
+.EE
+
- .PP
--SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files.
--.TP
--Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
-+If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the ftpd_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P ftpd_use_cifs 1
-+.EE
++- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
+
- .PP
--.B
--semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
--.TP
--.B
--restorecon -F -R -v /var/ftp
--.TP
--Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set.
-+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++.br
++.TP 5
++Paths:
++/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
+
+.EX
-+.B setsebool -P sftpd_write_ssh_home 1
++.PP
++.B dirsrvadmin_exec_t
+.EE
+
- .PP
--.B
--semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
--.TP
--.B
--restorecon -F -R -v /var/ftp/incoming
-+If you want to allow ftp servers to connect to mysql database ports, you must turn on the ftpd_connect_db boolean.
++- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
+
-+.EX
-+.B setsebool -P ftpd_connect_db 1
-+.EE
-
--.SH BOOLEANS
- .PP
--SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
--.TP
--Allow ftp servers to read and write files with the public_content_rw_t file type.
-+If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the ftpd_full_access boolean.
++.br
++.TP 5
++Paths:
++/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
+
+.EX
-+.B setsebool -P ftpd_full_access 1
++.PP
++.B dirsrvadmin_lock_t
+.EE
+
- .PP
--.B
--setsebool -P allow_ftpd_anon_write on
--.TP
--Allow ftp servers to read or write files in the user home directories.
-+If you want to allow sftp-internal to read and write files in the user home directories, you must turn on the sftpd_enable_homedirs boolean.
-+
-+.EX
-+.B setsebool -P sftpd_enable_homedirs 1
-+.EE
++- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory
+
- .PP
--.B
--setsebool -P ftp_home_dir on
--.TP
--Allow ftp servers to read or write all files on the system.
-+If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
+
+.EX
-+.B setsebool -P httpd_can_connect_ftp 1
++.PP
++.B dirsrvadmin_tmp_t
+.EE
+
- .PP
--.B
--setsebool -P allow_ftpd_full_access on
-+If you want to allow ftp servers to use bind to all unreserved ports for passive mode, you must turn on the ftpd_use_passive_mode boolean.
-+
-+.EX
-+.B setsebool -P ftpd_use_passive_mode 1
-+.EE
++- Set files with the dirsrvadmin_tmp_t type, if you want to store dirsrvadmin temporary files in the /tmp directories.
+
-+.PP
-+If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.B setsebool -P ftpd_use_nfs 1
-+.EE
-+
+.PP
-+If you want to allow sftp-internal to login to local users and read/write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean.
-+
-+.EX
-+.B setsebool -P sftpd_full_access 1
++.B dirsrvadmin_unconfined_script_exec_t
+.EE
+
-+.PP
-+If you want to allow ftp servers to connect to all ports > 1023, you must turn on the ftpd_connect_all_unreserved boolean.
++- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
-+.EX
-+.B setsebool -P ftpd_connect_all_unreserved 1
-+.EE
++.br
++.TP 5
++Paths:
++/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
-+If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
-+
-+.EX
-+.B setsebool -P httpd_enable_ftp_server 1
-+.EE
-+
-+.SH NSSWITCH DOMAIN
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ftpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux dirsrvadmin policy is very flexible allowing users to setup their dirsrvadmin processes in as secure a method as possible.
++.PP
++The following process types are defined for dirsrvadmin:
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B dirsrvadmin_unconfined_script_t, dirsrvadmin_t
+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the ftpd_t, you must turn on the kerberos_enabled boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.SH "MANAGED FILES"
++
++The SELinux user type dirsrvadmin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
- .TP
--Allow ftp servers to use cifs for public file transfer services.
-+Allow ftpd servers to read the /var/ftpd directory by adding the public_content_t file type to the directory and by restoring the file type.
- .PP
- .B
--setsebool -P allow_ftpd_use_cifs on
-+semanage fcontext -a -t public_content_t "/var/ftpd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/ftpd
-+.pp
- .TP
--Allow ftp servers to use nfs for public file transfer services.
-+Allow ftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpdd_anon_write boolean to be set.
- .PP
- .B
--setsebool -P allow_ftpd_use_nfs on
--.TP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
--.SH AUTHOR
-+semanage fcontext -a -t public_content_rw_t "/var/ftpd/incoming(/.*)?"
+.br
-+.B restorecon -F -R -v /var/ftpd/incoming
++.B dirsrvadmin_tmp_t
+
+
- .PP
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
-
--.SH "SEE ALSO"
-+.EX
-+.B setsebool -P tftp_anon_write 1
-+.EE
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+If you want to allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the ftpd_anon_write boolean.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.EX
-+.B setsebool -P ftpd_anon_write 1
-+.EE
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.PP
-+If you want to allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean.
++.SH "SEE ALSO"
++selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1)
++, dirsrv_selinux(8), dirsrvadmin_unconfined_script_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dirsrvadmin_unconfined_script_selinux.8 b/man/man8/dirsrvadmin_unconfined_script_selinux.8
+new file mode 100644
+index 0000000..d40a836
+--- /dev/null
++++ b/man/man8/dirsrvadmin_unconfined_script_selinux.8
+@@ -0,0 +1,118 @@
++.TH "dirsrvadmin_unconfined_script_selinux" "8" "dirsrvadmin_unconfined_script" "dwalsh at redhat.com" "dirsrvadmin_unconfined_script SELinux Policy documentation"
++.SH "NAME"
++dirsrvadmin_unconfined_script_selinux \- Security Enhanced Linux Policy for the dirsrvadmin_unconfined_script processes
++.SH "DESCRIPTION"
+
-+.EX
-+.B setsebool -P sftpd_anon_write 1
-+.EE
++Security-Enhanced Linux secures the dirsrvadmin_unconfined_script processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -17195,105 +20819,154 @@ index 5bebd82..fd2036b 100644
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
++SELinux dirsrvadmin_unconfined_script policy is very flexible allowing users to setup their dirsrvadmin_unconfined_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for ftpd:
++The following file types are defined for dirsrvadmin_unconfined_script:
+
+
+.EX
+.PP
-+.B ftpd_etc_t
-+.EE
-+
-+- Set files with the ftpd_etc_t type, if you want to store ftpd files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B ftpd_exec_t
++.B dirsrvadmin_unconfined_script_exec_t
+.EE
+
-+- Set files with the ftpd_exec_t type, if you want to transition an executable to the ftpd_t domain.
++- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/ftpwho, /etc/cron\.monthly/proftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/kerberos/sbin/ftpd, /usr/sbin/muddleftpd, /usr/sbin/vsftpd
++/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
-+.EX
+.PP
-+.B ftpd_initrc_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux dirsrvadmin_unconfined_script policy is very flexible allowing users to setup their dirsrvadmin_unconfined_script processes in as secure a method as possible.
++.PP
++The following process types are defined for dirsrvadmin_unconfined_script:
++
++.EX
++.B dirsrvadmin_unconfined_script_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the ftpd_initrc_exec_t type, if you want to transition an executable to the ftpd_initrc_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type dirsrvadmin_unconfined_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/vsftpd
++.B dirsrv_config_t
+
-+.EX
-+.PP
-+.B ftpd_keytab_t
-+.EE
++ /etc/dirsrv(/.*)?
++.br
+
-+- Set files with the ftpd_keytab_t type, if you want to treat the files as kerberos keytab files.
++.br
++.B dirsrv_var_lib_t
++
++ /var/lib/dirsrv(/.*)?
++.br
+
++.br
++.B dirsrv_var_log_t
+
-+.EX
-+.PP
-+.B ftpd_lock_t
-+.EE
++ /var/log/dirsrv(/.*)?
++.br
+
-+- Set files with the ftpd_lock_t type, if you want to treat the files as ftpd lock data, stored under the /var/lock directory
++.br
++.B dirsrv_var_run_t
+
++ /var/run/dirsrv(/.*)?
++.br
+
-+.EX
-+.PP
-+.B ftpd_tmp_t
-+.EE
++.br
++.B dirsrvadmin_config_t
+
-+- Set files with the ftpd_tmp_t type, if you want to store ftpd temporary files in the /tmp directories.
++ /etc/dirsrv/dsgw(/.*)?
++.br
++ /etc/dirsrv/admin-serv(/.*)?
++.br
+
++.br
++.B dirsrvadmin_tmp_t
+
-+.EX
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B ftpd_tmpfs_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the ftpd_tmpfs_t type, if you want to store ftpd files on a tmpfs file system.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B ftpd_unit_file_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), dirsrvadmin_unconfined_script(8), semanage(8), restorecon(8), chcon(1)
++, dirsrv_selinux(8), dirsrvadmin_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/disk_munin_plugin_selinux.8 b/man/man8/disk_munin_plugin_selinux.8
+new file mode 100644
+index 0000000..51d11b3
+--- /dev/null
++++ b/man/man8/disk_munin_plugin_selinux.8
+@@ -0,0 +1,105 @@
++.TH "disk_munin_plugin_selinux" "8" "disk_munin_plugin" "dwalsh at redhat.com" "disk_munin_plugin SELinux Policy documentation"
++.SH "NAME"
++disk_munin_plugin_selinux \- Security Enhanced Linux Policy for the disk_munin_plugin processes
++.SH "DESCRIPTION"
+
-+- Set files with the ftpd_unit_file_t type, if you want to treat the files as ftpd unit content.
++Security-Enhanced Linux secures the disk_munin_plugin processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B ftpd_var_run_t
-+.EE
-+
-+- Set files with the ftpd_var_run_t type, if you want to store the ftpd files under the /run directory.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux disk_munin_plugin policy is very flexible allowing users to setup their disk_munin_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for disk_munin_plugin:
+
+
+.EX
+.PP
-+.B ftpdctl_exec_t
++.B disk_munin_plugin_exec_t
+.EE
+
-+- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain.
++- Set files with the disk_munin_plugin_exec_t type, if you want to transition an executable to the disk_munin_plugin_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/share/munin/plugins/diskstat.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/df.*
+
+.EX
+.PP
-+.B ftpdctl_tmp_t
++.B disk_munin_plugin_tmp_t
+.EE
+
-+- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories.
++- Set files with the disk_munin_plugin_tmp_t type, if you want to store disk munin plugin temporary files in the /tmp directories.
+
+
+.PP
@@ -17303,61 +20976,44 @@ index 5bebd82..fd2036b 100644
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
- .PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ftpd:
-+
-+.EX
-+.TP 5
-+.B ftp_data_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 20
-+.EE
-
--selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
-+.EX
-+.TP 5
-+.B ftp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 21,990
-+.EE
-+udp 990
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
++SELinux disk_munin_plugin policy is very flexible allowing users to setup their disk_munin_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for ftpd:
++The following process types are defined for disk_munin_plugin:
+
+.EX
-+.B ftpd_t, ftpdctl_t
++.B disk_munin_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type disk_munin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B disk_munin_plugin_tmp_t
++
++
++.br
++.B munin_plugin_state_t
++
++ /var/lib/munin/plugin-state(/.*)?
++.br
++
++.br
++.B munin_var_lib_t
++
++ /var/lib/munin(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17368,64 +21024,82 @@ index 5bebd82..fd2036b 100644
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ftpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/ftpdctl_selinux.8 b/man/man8/ftpdctl_selinux.8
++selinux(8), disk_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dkim_milter_selinux.8 b/man/man8/dkim_milter_selinux.8
new file mode 100644
-index 0000000..de1008c
+index 0000000..e58ec1a
--- /dev/null
-+++ b/man/man8/ftpdctl_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "ftpdctl_selinux" "8" "ftpdctl" "dwalsh at redhat.com" "ftpdctl SELinux Policy documentation"
++++ b/man/man8/dkim_milter_selinux.8
+@@ -0,0 +1,119 @@
++.TH "dkim_milter_selinux" "8" "dkim_milter" "dwalsh at redhat.com" "dkim_milter SELinux Policy documentation"
+.SH "NAME"
-+ftpdctl_selinux \- Security Enhanced Linux Policy for the ftpdctl processes
++dkim_milter_selinux \- Security Enhanced Linux Policy for the dkim_milter processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ftpdctl processes via flexible mandatory access
++Security-Enhanced Linux secures the dkim_milter processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dkim_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dkim_milter_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ftpdctl policy is very flexible allowing users to setup their ftpdctl processes in as secure a method as possible.
++SELinux dkim_milter policy is very flexible allowing users to setup their dkim_milter processes in as secure a method as possible.
+.PP
-+The following file types are defined for ftpdctl:
++The following file types are defined for dkim_milter:
+
+
+.EX
+.PP
-+.B ftpdctl_exec_t
++.B dkim_milter_data_t
+.EE
+
-+- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain.
++- Set files with the dkim_milter_data_t type, if you want to treat the files as dkim milter content.
+
++.br
++.TP 5
++Paths:
++/var/lib/dkim-milter(/.*)?, /var/run/dkim-milter(/.*)?
+
+.EX
+.PP
-+.B ftpdctl_tmp_t
++.B dkim_milter_exec_t
+.EE
+
-+- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories.
++- Set files with the dkim_milter_exec_t type, if you want to transition an executable to the dkim_milter_t domain.
++
++
++.EX
++.PP
++.B dkim_milter_private_key_t
++.EE
++
++- Set files with the dkim_milter_private_key_t type, if you want to treat the files as dkim milter private key data.
+
+
+.PP
@@ -17441,18 +21115,30 @@ index 0000000..de1008c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ftpdctl policy is very flexible allowing users to setup their ftpdctl processes in as secure a method as possible.
++SELinux dkim_milter policy is very flexible allowing users to setup their dkim_milter processes in as secure a method as possible.
+.PP
-+The following process types are defined for ftpdctl:
++The following process types are defined for dkim_milter:
+
+.EX
-+.B ftpdctl_t
++.B dkim_milter_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dkim_milter_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dkim_milter_data_t
++
++ /var/lib/dkim-milter(/.*)?
++.br
++ /var/run/dkim-milter(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17468,22 +21154,22 @@ index 0000000..de1008c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/games_selinux.8 b/man/man8/games_selinux.8
++selinux(8), dkim_milter(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dlm_controld_selinux.8 b/man/man8/dlm_controld_selinux.8
new file mode 100644
-index 0000000..30f96ce
+index 0000000..00d1d0b
--- /dev/null
-+++ b/man/man8/games_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "games_selinux" "8" "games" "dwalsh at redhat.com" "games SELinux Policy documentation"
++++ b/man/man8/dlm_controld_selinux.8
+@@ -0,0 +1,141 @@
++.TH "dlm_controld_selinux" "8" "dlm_controld" "dwalsh at redhat.com" "dlm_controld SELinux Policy documentation"
+.SH "NAME"
-+games_selinux \- Security Enhanced Linux Policy for the games processes
++dlm_controld_selinux \- Security Enhanced Linux Policy for the dlm_controld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the games processes via flexible mandatory access
++Security-Enhanced Linux secures the dlm_controld processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -17494,57 +21180,41 @@ index 0000000..30f96ce
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux games policy is very flexible allowing users to setup their games processes in as secure a method as possible.
++SELinux dlm_controld policy is very flexible allowing users to setup their dlm_controld processes in as secure a method as possible.
+.PP
-+The following file types are defined for games:
-+
-+
-+.EX
-+.PP
-+.B games_data_t
-+.EE
++The following file types are defined for dlm_controld:
+
-+- Set files with the games_data_t type, if you want to treat the files as games content.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/games(/.*)?, /var/lib/games(/.*)?
+
+.EX
+.PP
-+.B games_exec_t
++.B dlm_controld_exec_t
+.EE
+
-+- Set files with the games_exec_t type, if you want to transition an executable to the games_t domain.
++- Set files with the dlm_controld_exec_t type, if you want to transition an executable to the dlm_controld_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/sol, /usr/bin/blackjack, /usr/bin/micq, /usr/bin/gnotski, /usr/bin/kshisen, /usr/bin/klickety, /usr/bin/lskat, /usr/bin/atlantik, /usr/bin/ksame, /usr/bin/kgoldrunner, /usr/bin/lskatproc, /usr/bin/gataxx, /usr/bin/katomic, /usr/bin/Maelstrom, /usr/bin/ksmiletris, /usr/bin/gnotravex, /usr/bin/ksirtet, /usr/bin/kbattleship, /usr/bin/ktuberling, /usr/bin/kenolaba, /usr/bin/kmahjongg, /usr/bin/ksnake, /usr/games/.*, /usr/bin/gnobots2, /usr/bin/civserver.*, /usr/bin/civclient.*, /usr/bin/kbounce, /usr/bin/kwin4, /usr/bin/ktron, /usr/bin/mahjongg, /usr/bin/kbackgammon, /usr/bin/kblackbox, /usr/bin/kjumpingcube, /usr/bin/gnomine, /usr/bin/gnect, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/ksokoban, /usr/bin/kolf, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/kpoker, /usr/lib/games(/.*)?, /usr/bin/glines, /usr/bin/kfouleggs, /usr/bin/kmines, /usr/bin/gnibbles, /usr/bin/kspaceduel, /usr/bin/kpat, /usr/bin/iagno, /usr/bin/gtali, /usr/bin/klines, /usr/bin/kwin4proc, /
usr/bin/gnome-stones
+
+.EX
+.PP
-+.B games_srv_var_run_t
++.B dlm_controld_tmpfs_t
+.EE
+
-+- Set files with the games_srv_var_run_t type, if you want to store the games srv files under the /run directory.
++- Set files with the dlm_controld_tmpfs_t type, if you want to store dlm controld files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B games_tmp_t
++.B dlm_controld_var_log_t
+.EE
+
-+- Set files with the games_tmp_t type, if you want to store games temporary files in the /tmp directories.
++- Set files with the dlm_controld_var_log_t type, if you want to treat the data as dlm controld var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B games_tmpfs_t
++.B dlm_controld_var_run_t
+.EE
+
-+- Set files with the games_tmpfs_t type, if you want to store games files on a tmpfs file system.
++- Set files with the dlm_controld_var_run_t type, if you want to store the dlm controld files under the /run directory.
+
+
+.PP
@@ -17560,18 +21230,62 @@ index 0000000..30f96ce
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux games policy is very flexible allowing users to setup their games processes in as secure a method as possible.
++SELinux dlm_controld policy is very flexible allowing users to setup their dlm_controld processes in as secure a method as possible.
+.PP
-+The following process types are defined for games:
++The following process types are defined for dlm_controld:
+
+.EX
-+.B games_t, games_srv_t
++.B dlm_controld_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dlm_controld_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_var_lib_t
++
++ /var/lib/cluster(/.*)?
++.br
++
++.br
++.B configfs_t
++
++
++.br
++.B corosync_tmpfs_t
++
++
++.br
++.B dlm_controld_tmpfs_t
++
++
++.br
++.B dlm_controld_var_log_t
++
++ /var/log/cluster/dlm_controld\.log.*
++.br
++
++.br
++.B dlm_controld_var_run_t
++
++ /var/run/dlm_controld\.pid
++.br
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17587,24 +21301,35 @@ index 0000000..30f96ce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), games(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gconfd_selinux.8 b/man/man8/gconfd_selinux.8
++selinux(8), dlm_controld(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dmesg_selinux.8 b/man/man8/dmesg_selinux.8
new file mode 100644
-index 0000000..7162430
+index 0000000..3cf8142
--- /dev/null
-+++ b/man/man8/gconfd_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "gconfd_selinux" "8" "gconfd" "dwalsh at redhat.com" "gconfd SELinux Policy documentation"
++++ b/man/man8/dmesg_selinux.8
+@@ -0,0 +1,158 @@
++.TH "dmesg_selinux" "8" "dmesg" "dwalsh at redhat.com" "dmesg SELinux Policy documentation"
+.SH "NAME"
-+gconfd_selinux \- Security Enhanced Linux Policy for the gconfd processes
++dmesg_selinux \- Security Enhanced Linux Policy for the dmesg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gconfd processes via flexible mandatory access
++Security-Enhanced Linux secures the dmesg processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. dmesg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dmesg with the tightest access possible.
++
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -17613,26 +21338,22 @@ index 0000000..7162430
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gconfd policy is very flexible allowing users to setup their gconfd processes in as secure a method as possible.
++SELinux dmesg policy is very flexible allowing users to setup their dmesg processes in as secure a method as possible.
+.PP
-+The following file types are defined for gconfd:
-+
-+
-+.EX
-+.PP
-+.B gconfd_exec_t
-+.EE
-+
-+- Set files with the gconfd_exec_t type, if you want to transition an executable to the gconfd_t domain.
++The following file types are defined for dmesg:
+
+
+.EX
+.PP
-+.B gconfdefaultsm_exec_t
++.B dmesg_exec_t
+.EE
+
-+- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain.
++- Set files with the dmesg_exec_t type, if you want to transition an executable to the dmesg_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/dmesg, /bin/dmesg
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -17647,18 +21368,84 @@ index 0000000..7162430
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gconfd policy is very flexible allowing users to setup their gconfd processes in as secure a method as possible.
++SELinux dmesg policy is very flexible allowing users to setup their dmesg processes in as secure a method as possible.
+.PP
-+The following process types are defined for gconfd:
++The following process types are defined for dmesg:
+
+.EX
-+.B gconfdefaultsm_t, gconfd_t
++.B dmesg_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dmesg_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B abrt_var_run_t
++
++ /var/run/abrt(/.*)?
++.br
++ /var/run/abrtd?\.lock
++.br
++ /var/run/abrtd?\.socket
++.br
++ /var/run/abrt\.pid
++.br
++
++.br
++.B var_log_t
++
++ /var/log/.*
++.br
++ /nsr/logs(/.*)?
++.br
++ /var/webmin(/.*)?
++.br
++ /var/log/cron[^/]*
++.br
++ /var/log/secure[^/]*
++.br
++ /opt/zimbra/log(/.*)?
++.br
++ /var/log/maillog[^/]*
++.br
++ /var/log/spooler[^/]*
++.br
++ /var/log/messages[^/]*
++.br
++ /usr/centreon/log(/.*)?
++.br
++ /var/spool/rsyslog(/.*)?
++.br
++ /var/axfrdns/log/main(/.*)?
++.br
++ /var/spool/bacula/log(/.*)?
++.br
++ /var/tinydns/log/main(/.*)?
++.br
++ /var/dnscache/log/main(/.*)?
++.br
++ /var/stockmaniac/templates_cache(/.*)?
++.br
++ /opt/Symantec/scspagent/IDS/system(/.*)?
++.br
++ /var/log
++.br
++ /var/log/dmesg
++.br
++ /var/log/syslog
++.br
++ /var/log/boot\.log
++.br
++ /var/named/chroot/var/log
++.br
++ /var/spool/plymouth/boot\.log
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17669,27 +21456,32 @@ index 0000000..7162430
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gconfdefaultsm_selinux.8 b/man/man8/gconfdefaultsm_selinux.8
++selinux(8), dmesg(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/dmidecode_selinux.8 b/man/man8/dmidecode_selinux.8
new file mode 100644
-index 0000000..64fecad
+index 0000000..997162d
--- /dev/null
-+++ b/man/man8/gconfdefaultsm_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "gconfdefaultsm_selinux" "8" "gconfdefaultsm" "dwalsh at redhat.com" "gconfdefaultsm SELinux Policy documentation"
++++ b/man/man8/dmidecode_selinux.8
+@@ -0,0 +1,81 @@
++.TH "dmidecode_selinux" "8" "dmidecode" "dwalsh at redhat.com" "dmidecode SELinux Policy documentation"
+.SH "NAME"
-+gconfdefaultsm_selinux \- Security Enhanced Linux Policy for the gconfdefaultsm processes
++dmidecode_selinux \- Security Enhanced Linux Policy for the dmidecode processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gconfdefaultsm processes via flexible mandatory access
++Security-Enhanced Linux secures the dmidecode processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -17700,18 +21492,22 @@ index 0000000..64fecad
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gconfdefaultsm policy is very flexible allowing users to setup their gconfdefaultsm processes in as secure a method as possible.
++SELinux dmidecode policy is very flexible allowing users to setup their dmidecode processes in as secure a method as possible.
+.PP
-+The following file types are defined for gconfdefaultsm:
++The following file types are defined for dmidecode:
+
+
+.EX
+.PP
-+.B gconfdefaultsm_exec_t
++.B dmidecode_exec_t
+.EE
+
-+- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain.
++- Set files with the dmidecode_exec_t type, if you want to transition an executable to the dmidecode_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/dmidecode, /usr/sbin/vpddecode, /usr/sbin/ownership
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -17726,18 +21522,22 @@ index 0000000..64fecad
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gconfdefaultsm policy is very flexible allowing users to setup their gconfdefaultsm processes in as secure a method as possible.
++SELinux dmidecode policy is very flexible allowing users to setup their dmidecode processes in as secure a method as possible.
+.PP
-+The following process types are defined for gconfdefaultsm:
++The following process types are defined for dmidecode:
+
+.EX
-+.B gconfdefaultsm_t
++.B dmidecode_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dmidecode_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17753,38 +21553,38 @@ index 0000000..64fecad
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/getty_selinux.8 b/man/man8/getty_selinux.8
++selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dnsmasq_selinux.8 b/man/man8/dnsmasq_selinux.8
new file mode 100644
-index 0000000..26e8219
+index 0000000..7936a77
--- /dev/null
-+++ b/man/man8/getty_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "getty_selinux" "8" "getty" "dwalsh at redhat.com" "getty SELinux Policy documentation"
++++ b/man/man8/dnsmasq_selinux.8
+@@ -0,0 +1,195 @@
++.TH "dnsmasq_selinux" "8" "dnsmasq" "dwalsh at redhat.com" "dnsmasq SELinux Policy documentation"
+.SH "NAME"
-+getty_selinux \- Security Enhanced Linux Policy for the getty processes
++dnsmasq_selinux \- Security Enhanced Linux Policy for the dnsmasq processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the getty processes via flexible mandatory access
++Security-Enhanced Linux secures the dnsmasq processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the getty_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dnsmasq_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the getty_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dnsmasq_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -17793,70 +21593,74 @@ index 0000000..26e8219
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux getty policy is very flexible allowing users to setup their getty processes in as secure a method as possible.
++SELinux dnsmasq policy is very flexible allowing users to setup their dnsmasq processes in as secure a method as possible.
+.PP
-+The following file types are defined for getty:
++The following file types are defined for dnsmasq:
+
+
+.EX
+.PP
-+.B getty_etc_t
++.B dnsmasq_etc_t
+.EE
+
-+- Set files with the getty_etc_t type, if you want to store getty files in the /etc directories.
++- Set files with the dnsmasq_etc_t type, if you want to store dnsmasq files in the /etc directories.
+
+
+.EX
+.PP
-+.B getty_exec_t
++.B dnsmasq_exec_t
+.EE
+
-+- Set files with the getty_exec_t type, if you want to transition an executable to the getty_t domain.
++- Set files with the dnsmasq_exec_t type, if you want to transition an executable to the dnsmasq_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/.*getty, /sbin/.*getty
+
+.EX
+.PP
-+.B getty_lock_t
++.B dnsmasq_initrc_exec_t
+.EE
+
-+- Set files with the getty_lock_t type, if you want to treat the files as getty lock data, stored under the /var/lock directory
++- Set files with the dnsmasq_initrc_exec_t type, if you want to transition an executable to the dnsmasq_initrc_t domain.
+
+
+.EX
+.PP
-+.B getty_log_t
++.B dnsmasq_lease_t
+.EE
+
-+- Set files with the getty_log_t type, if you want to treat the data as getty log data, usually stored under the /var/log directory.
++- Set files with the dnsmasq_lease_t type, if you want to treat the files as dnsmasq lease data.
+
+.br
+.TP 5
+Paths:
-+/var/log/mgetty\.log.*, /var/log/vgetty\.log\..*
++/var/lib/dnsmasq(/.*)?, /var/lib/misc/dnsmasq\.leases
+
+.EX
+.PP
-+.B getty_tmp_t
++.B dnsmasq_unit_file_t
+.EE
+
-+- Set files with the getty_tmp_t type, if you want to store getty temporary files in the /tmp directories.
++- Set files with the dnsmasq_unit_file_t type, if you want to treat the files as dnsmasq unit content.
+
+
+.EX
+.PP
-+.B getty_var_run_t
++.B dnsmasq_var_log_t
+.EE
+
-+- Set files with the getty_var_run_t type, if you want to store the getty files under the /run directory.
++- Set files with the dnsmasq_var_log_t type, if you want to treat the data as dnsmasq var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B dnsmasq_var_run_t
++.EE
++
++- Set files with the dnsmasq_var_run_t type, if you want to store the dnsmasq files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/spool/voice(/.*)?, /var/spool/fax(/.*)?, /var/run/mgetty\.pid.*
++/var/run/dnsmasq\.pid, /var/run/libvirt/network(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -17871,49 +21675,101 @@ index 0000000..26e8219
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux getty policy is very flexible allowing users to setup their getty processes in as secure a method as possible.
++SELinux dnsmasq policy is very flexible allowing users to setup their dnsmasq processes in as secure a method as possible.
+.PP
-+The following process types are defined for getty:
++The following process types are defined for dnsmasq:
+
+.EX
-+.B getty_t
++.B dnsmasq_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
++The SELinux user type dnsmasq_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B crond_var_run_t
++
++ /var/run/.*cron.*
++.br
++ /var/run/crond?\.pid
++.br
++ /var/run/crond?\.reboot
++.br
++ /var/run/atd\.pid
++.br
++ /var/run/fcron\.pid
++.br
++ /var/run/fcron\.fifo
++.br
++ /var/run/anacron\.pid
++.br
++
++.br
++.B dnsmasq_lease_t
++
++ /var/lib/dnsmasq(/.*)?
++.br
++ /var/lib/misc/dnsmasq\.leases
++.br
++
++.br
++.B dnsmasq_var_log_t
++
++ /var/log/dnsmasq.*
++.br
++
++.br
++.B dnsmasq_var_run_t
++
++ /var/run/libvirt/network(/.*)?
++.br
++ /var/run/dnsmasq\.pid
++.br
++
++.br
++.B virt_var_lib_t
++
++ /var/lib/oz(/.*)?
++.br
++ /var/lib/libvirt(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), getty(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gfs_selinux.8 b/man/man8/gfs_selinux.8
++selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dnssec_trigger_selinux.8 b/man/man8/dnssec_trigger_selinux.8
new file mode 100644
-index 0000000..5987bae
+index 0000000..5b194fb
--- /dev/null
-+++ b/man/man8/gfs_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "gfs_selinux" "8" "gfs" "dwalsh at redhat.com" "gfs SELinux Policy documentation"
++++ b/man/man8/dnssec_trigger_selinux.8
+@@ -0,0 +1,117 @@
++.TH "dnssec_trigger_selinux" "8" "dnssec_trigger" "dwalsh at redhat.com" "dnssec_trigger SELinux Policy documentation"
+.SH "NAME"
-+gfs_selinux \- Security Enhanced Linux Policy for the gfs processes
++dnssec_trigger_selinux \- Security Enhanced Linux Policy for the dnssec_trigger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gfs processes via flexible mandatory access
++Security-Enhanced Linux secures the dnssec_trigger processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -17924,41 +21780,25 @@ index 0000000..5987bae
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gfs policy is very flexible allowing users to setup their gfs processes in as secure a method as possible.
++SELinux dnssec_trigger policy is very flexible allowing users to setup their dnssec_trigger processes in as secure a method as possible.
+.PP
-+The following file types are defined for gfs:
-+
-+
-+.EX
-+.PP
-+.B gfs_controld_exec_t
-+.EE
-+
-+- Set files with the gfs_controld_exec_t type, if you want to transition an executable to the gfs_controld_t domain.
-+
-+
-+.EX
-+.PP
-+.B gfs_controld_tmpfs_t
-+.EE
-+
-+- Set files with the gfs_controld_tmpfs_t type, if you want to store gfs controld files on a tmpfs file system.
++The following file types are defined for dnssec_trigger:
+
+
+.EX
+.PP
-+.B gfs_controld_var_log_t
++.B dnssec_trigger_exec_t
+.EE
+
-+- Set files with the gfs_controld_var_log_t type, if you want to treat the data as gfs controld var log data, usually stored under the /var/log directory.
++- Set files with the dnssec_trigger_exec_t type, if you want to transition an executable to the dnssec_trigger_t domain.
+
+
+.EX
+.PP
-+.B gfs_controld_var_run_t
++.B dnssec_trigger_var_run_t
+.EE
+
-+- Set files with the gfs_controld_var_run_t type, if you want to store the gfs controld files under the /run directory.
++- Set files with the dnssec_trigger_var_run_t type, if you want to store the dnssec trigger files under the /run directory.
+
+
+.PP
@@ -17974,18 +21814,54 @@ index 0000000..5987bae
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gfs policy is very flexible allowing users to setup their gfs processes in as secure a method as possible.
++SELinux dnssec_trigger policy is very flexible allowing users to setup their dnssec_trigger processes in as secure a method as possible.
+.PP
-+The following process types are defined for gfs:
++The following process types are defined for dnssec_trigger:
+
+.EX
-+.B gfs_controld_t
++.B dnssec_trigger_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dnssec_trigger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dnssec_trigger_var_run_t
++
++ /var/run/dnssec.*
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -18001,225 +21877,192 @@ index 0000000..5987bae
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gfs(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/git_shell_selinux.8 b/man/man8/git_shell_selinux.8
++selinux(8), dnssec_trigger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dovecot_auth_selinux.8 b/man/man8/dovecot_auth_selinux.8
new file mode 100644
-index 0000000..6031c31
+index 0000000..0a678bd
--- /dev/null
-+++ b/man/man8/git_shell_selinux.8
-@@ -0,0 +1,183 @@
-+.TH "git_shell_selinux" "8" "git_shell" "mgrepl at redhat.com" "git_shell SELinux Policy documentation"
++++ b/man/man8/dovecot_auth_selinux.8
+@@ -0,0 +1,146 @@
++.TH "dovecot_auth_selinux" "8" "dovecot_auth" "dwalsh at redhat.com" "dovecot_auth SELinux Policy documentation"
+.SH "NAME"
-+git_shell_u \- \fBgit_shell user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBgit_shell_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBgit_shell_r\fP. The
-+default role has a default type, \fBgit_shell_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B git_shell_u:git_shell_r:git_shell_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
-+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
-+
-+You can list all Linux User to SELinux user mapping using:
-+
-+.B semanage login -l
-+
-+If you wanted to change the default user mapping to use the git_shell_u user, you would execute:
-+
-+.B semanage login -m -s git_shell_u __default__
-+
-+
-+.SH USER DESCRIPTION
-+
-+The SELinux user git_shell_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
-+
-+.SH SUDO
-+
-+The SELinux type git_shell_t is not allowed to execute sudo.
-+
-+.SH X WINDOWS LOGIN
-+
-+The SELinux user git_shell_u is not able to X Windows login.
-+
-+.SH TERMINAL LOGIN
-+
-+The SELinux user git_shell_u is not able to terminal login.
-+
-+.SH NETWORK
-+
-+.TP
-+The SELinux user git_shell_u is able to connect to the following tcp ports.
-+
-+.B dns_port_t: 53
-+
-+.B ocsp_port_t: 9080
-+
-+.B kerberos_port_t: 88,750,4444
++dovecot_auth_selinux \- Security Enhanced Linux Policy for the dovecot_auth processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. git_shell_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run git_shell_t with the tightest access possible.
++Security-Enhanced Linux secures the dovecot_auth processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dovecot_auth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P allow_user_mysql_connect 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++If you want to allow confined applications to run with kerberos for the dovecot_auth_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P user_ping 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
-+
-+.EX
-+.B setsebool -P user_ttyfile_stat 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
-+
-+.EX
-+.B setsebool -P user_share_music 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux dovecot_auth policy is very flexible allowing users to setup their dovecot_auth processes in as secure a method as possible.
++.PP
++The following file types are defined for dovecot_auth:
+
-+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
+
+.EX
-+.B setsebool -P user_direct_dri 1
-+.EE
-+
+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
-+
-+.EX
-+.B setsebool -P user_rw_noexattrfile 1
++.B dovecot_auth_exec_t
+.EE
+
-+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
-+
-+.EX
-+.B setsebool -P user_tcp_server 1
-+.EE
++- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.
+
-+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++.br
++.TP 5
++Paths:
++/usr/libexec/dovecot/dovecot-auth, /usr/libexec/dovecot/auth
+
+.EX
-+.B setsebool -P user_direct_mouse 1
++.PP
++.B dovecot_auth_tmp_t
+.EE
+
-+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++- Set files with the dovecot_auth_tmp_t type, if you want to store dovecot auth temporary files in the /tmp directories.
+
-+.EX
-+.B setsebool -P user_setrlimit 1
-+.EE
+
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
-+
-+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux dovecot_auth policy is very flexible allowing users to setup their dovecot_auth processes in as secure a method as possible.
++.PP
++The following process types are defined for dovecot_auth:
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B dovecot_auth_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH HOME_EXEC
-+
-+The SELinux user git_shell_u is able execute home content files.
-+
-+.SH TRANSITIONS
-+
-+Three things can happen when git_shell_t attempts to execute a program.
-+
-+\fB1.\fP SELinux Policy can deny git_shell_t from executing the program.
++.SH "MANAGED FILES"
+
-+.TP
++The SELinux user type dovecot_auth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+\fB2.\fP SELinux Policy can allow git_shell_t to execute the program in the current user type.
++.br
++.B dovecot_auth_tmp_t
+
-+Execute the following to see the types that the SELinux user git_shell_t can execute without transitioning:
+
-+.B sesearch -A -s git_shell_t -c file -p execute_no_trans
++.br
++.B faillog_t
+
-+.TP
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
+
-+\fB3.\fP SELinux can allow git_shell_t to execute the program and transition to a new type.
++.br
++.B initrc_var_run_t
+
-+Execute the following to see the types that the SELinux user git_shell_t can execute and transition:
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
-+.B $ sesearch -A -s git_shell_t -c process -p transition
++.br
++.B pcscd_var_run_t
+
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
-+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/gitosis_selinux.8 b/man/man8/gitosis_selinux.8
++selinux(8), dovecot_auth(8), semanage(8), restorecon(8), chcon(1)
++, dovecot_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/dovecot_deliver_selinux.8 b/man/man8/dovecot_deliver_selinux.8
new file mode 100644
-index 0000000..f5ebde4
+index 0000000..9f179d5
--- /dev/null
-+++ b/man/man8/gitosis_selinux.8
-@@ -0,0 +1,104 @@
-+.TH "gitosis_selinux" "8" "gitosis" "dwalsh at redhat.com" "gitosis SELinux Policy documentation"
++++ b/man/man8/dovecot_deliver_selinux.8
+@@ -0,0 +1,140 @@
++.TH "dovecot_deliver_selinux" "8" "dovecot_deliver" "dwalsh at redhat.com" "dovecot_deliver SELinux Policy documentation"
+.SH "NAME"
-+gitosis_selinux \- Security Enhanced Linux Policy for the gitosis processes
++dovecot_deliver_selinux \- Security Enhanced Linux Policy for the dovecot_deliver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gitosis processes via flexible mandatory access
++Security-Enhanced Linux secures the dovecot_deliver processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. gitosis policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gitosis with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dovecot_deliver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P gitosis_can_sendmail 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH NSSWITCH DOMAIN
++.PP
++If you want to allow confined applications to run with kerberos for the dovecot_deliver_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -18227,34 +22070,30 @@ index 0000000..f5ebde4
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gitosis policy is very flexible allowing users to setup their gitosis processes in as secure a method as possible.
++SELinux dovecot_deliver policy is very flexible allowing users to setup their dovecot_deliver processes in as secure a method as possible.
+.PP
-+The following file types are defined for gitosis:
++The following file types are defined for dovecot_deliver:
+
+
+.EX
+.PP
-+.B gitosis_exec_t
++.B dovecot_deliver_exec_t
+.EE
+
-+- Set files with the gitosis_exec_t type, if you want to transition an executable to the gitosis_t domain.
++- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/gitosis-serve, /usr/bin/gl-auth-command
++/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
+
+.EX
+.PP
-+.B gitosis_var_lib_t
++.B dovecot_deliver_tmp_t
+.EE
+
-+- Set files with the gitosis_var_lib_t type, if you want to store the gitosis files under the /var/lib directory.
++- Set files with the dovecot_deliver_tmp_t type, if you want to store dovecot deliver temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/gitolite(/.*)?, /var/lib/gitosis(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -18269,18 +22108,58 @@ index 0000000..f5ebde4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gitosis policy is very flexible allowing users to setup their gitosis processes in as secure a method as possible.
++SELinux dovecot_deliver policy is very flexible allowing users to setup their dovecot_deliver processes in as secure a method as possible.
+.PP
-+The following process types are defined for gitosis:
++The following process types are defined for dovecot_deliver:
+
+.EX
-+.B gitosis_t
++.B dovecot_deliver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dovecot_deliver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B data_home_t
++
++ /root/\.local/share(/.*)?
++.br
++ /home/[^/]*/\.local/share(/.*)?
++.br
++
++.br
++.B dovecot_deliver_tmp_t
++
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -18291,316 +22170,392 @@ index 0000000..f5ebde4
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gitosis(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), dovecot_deliver(8), semanage(8), restorecon(8), chcon(1)
++, dovecot_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/glance_selinux.8 b/man/man8/glance_selinux.8
+diff --git a/man/man8/dovecot_selinux.8 b/man/man8/dovecot_selinux.8
new file mode 100644
-index 0000000..284b994
+index 0000000..99cd625
--- /dev/null
-+++ b/man/man8/glance_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "glance_selinux" "8" "glance" "dwalsh at redhat.com" "glance SELinux Policy documentation"
++++ b/man/man8/dovecot_selinux.8
+@@ -0,0 +1,314 @@
++.TH "dovecot_selinux" "8" "dovecot" "dwalsh at redhat.com" "dovecot SELinux Policy documentation"
+.SH "NAME"
-+glance_selinux \- Security Enhanced Linux Policy for the glance processes
++dovecot_selinux \- Security Enhanced Linux Policy for the dovecot processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the glance processes via flexible mandatory access
++Security-Enhanced Linux secures the dovecot processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the dovecot_auth_t, dovecot_t, dovecot_deliver_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux glance policy is very flexible allowing users to setup their glance processes in as secure a method as possible.
++SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible.
+.PP
-+The following file types are defined for glance:
++The following file types are defined for dovecot:
+
+
+.EX
+.PP
-+.B glance_api_exec_t
++.B dovecot_auth_exec_t
+.EE
+
-+- Set files with the glance_api_exec_t type, if you want to transition an executable to the glance_api_t domain.
++- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/libexec/dovecot/dovecot-auth, /usr/libexec/dovecot/auth
+
+.EX
+.PP
-+.B glance_api_initrc_exec_t
++.B dovecot_auth_tmp_t
+.EE
+
-+- Set files with the glance_api_initrc_exec_t type, if you want to transition an executable to the glance_api_initrc_t domain.
++- Set files with the dovecot_auth_tmp_t type, if you want to store dovecot auth temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B glance_log_t
++.B dovecot_cert_t
+.EE
+
-+- Set files with the glance_log_t type, if you want to treat the data as glance log data, usually stored under the /var/log directory.
++- Set files with the dovecot_cert_t type, if you want to treat the files as dovecot certificate data.
+
++.br
++.TP 5
++Paths:
++/usr/share/ssl/certs/dovecot\.pem, /usr/share/ssl/private/dovecot\.pem, /etc/pki/dovecot(/.*)?
+
+.EX
+.PP
-+.B glance_registry_exec_t
++.B dovecot_deliver_exec_t
+.EE
+
-+- Set files with the glance_registry_exec_t type, if you want to transition an executable to the glance_registry_t domain.
++- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
+
+.EX
+.PP
-+.B glance_registry_initrc_exec_t
++.B dovecot_deliver_tmp_t
+.EE
+
-+- Set files with the glance_registry_initrc_exec_t type, if you want to transition an executable to the glance_registry_initrc_t domain.
++- Set files with the dovecot_deliver_tmp_t type, if you want to store dovecot deliver temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B glance_registry_tmp_t
++.B dovecot_etc_t
+.EE
+
-+- Set files with the glance_registry_tmp_t type, if you want to store glance registry temporary files in the /tmp directories.
++- Set files with the dovecot_etc_t type, if you want to store dovecot files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/etc/dovecot\.conf.*, /etc/dovecot(/.*)?
+
+.EX
+.PP
-+.B glance_tmp_t
++.B dovecot_exec_t
+.EE
+
-+- Set files with the glance_tmp_t type, if you want to store glance temporary files in the /tmp directories.
++- Set files with the dovecot_exec_t type, if you want to transition an executable to the dovecot_t domain.
+
+
+.EX
+.PP
-+.B glance_var_lib_t
++.B dovecot_initrc_exec_t
+.EE
+
-+- Set files with the glance_var_lib_t type, if you want to store the glance files under the /var/lib directory.
++- Set files with the dovecot_initrc_exec_t type, if you want to transition an executable to the dovecot_initrc_t domain.
+
+
+.EX
+.PP
-+.B glance_var_run_t
++.B dovecot_passwd_t
+.EE
+
-+- Set files with the glance_var_run_t type, if you want to store the glance files under the /run directory.
++- Set files with the dovecot_passwd_t type, if you want to treat the files as dovecot passwd data.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B dovecot_spool_t
++.EE
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++- Set files with the dovecot_spool_t type, if you want to store the dovecot files under the /var/spool directory.
+
-+.B semanage port -l
+
++.EX
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux glance policy is very flexible allowing users to setup their glance processes in as secure a method as possible.
-+.PP
-+The following port types are defined for glance:
++.B dovecot_t_keytab_t
++.EE
++
++- Set files with the dovecot_t_keytab_t type, if you want to treat the files as kerberos keytab files.
++
+
+.EX
-+.TP 5
-+.B glance_port_t
-+.TP 10
++.PP
++.B dovecot_tmp_t
+.EE
+
++- Set files with the dovecot_tmp_t type, if you want to store dovecot temporary files in the /tmp directories.
+
-+Default Defined Ports:
-+tcp 9292
-+.EE
-+udp 9292
-+.EE
+
+.EX
-+.TP 5
-+.B glance_registry_port_t
-+.TP 10
++.PP
++.B dovecot_var_lib_t
+.EE
+
++- Set files with the dovecot_var_lib_t type, if you want to store the dovecot files under the /var/lib directory.
+
-+Default Defined Ports:
-+tcp 9191
++.br
++.TP 5
++Paths:
++/var/run/dovecot/login/ssl-parameters.dat, /var/lib/dovecot(/.*)?
++
++.EX
++.PP
++.B dovecot_var_log_t
+.EE
-+udp 9191
++
++- Set files with the dovecot_var_log_t type, if you want to treat the data as dovecot var log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/dovecot\.log.*, /var/log/dovecot(/.*)?
++
++.EX
++.PP
++.B dovecot_var_run_t
+.EE
++
++- Set files with the dovecot_var_run_t type, if you want to store the dovecot files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux glance policy is very flexible allowing users to setup their glance processes in as secure a method as possible.
++SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible.
+.PP
-+The following process types are defined for glance:
++The following process types are defined for dovecot:
+
+.EX
-+.B glance_registry_t, glance_api_t
++.B dovecot_deliver_t, dovecot_auth_t, dovecot_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++The SELinux user type dovecot_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B data_home_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++ /root/\.local/share(/.*)?
++.br
++ /home/[^/]*/\.local/share(/.*)?
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), glance(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/glusterd_selinux.8 b/man/man8/glusterd_selinux.8
-new file mode 100644
-index 0000000..1255b93
---- /dev/null
-+++ b/man/man8/glusterd_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "glusterd_selinux" "8" "glusterd" "dwalsh at redhat.com" "glusterd SELinux Policy documentation"
-+.SH "NAME"
-+glusterd_selinux \- Security Enhanced Linux Policy for the glusterd processes
-+.SH "DESCRIPTION"
++.br
++.B dovecot_spool_t
+
-+Security-Enhanced Linux secures the glusterd processes via flexible mandatory access
-+control.
++ /var/spool/dovecot(/.*)?
++.br
+
-+.SH NSSWITCH DOMAIN
++.br
++.B dovecot_tmp_t
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the glusterd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.br
++.B dovecot_var_lib_t
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the glusterd_t, you must turn on the kerberos_enabled boolean.
++ /var/lib/dovecot(/.*)?
++.br
++ /var/run/dovecot/login/ssl-parameters.dat
++.br
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.br
++.B dovecot_var_log_t
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux glusterd policy is very flexible allowing users to setup their glusterd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for glusterd:
++ /var/log/dovecot(/.*)?
++.br
++ /var/log/dovecot\.log.*
++.br
+
++.br
++.B dovecot_var_run_t
+
-+.EX
-+.PP
-+.B glusterd_etc_t
-+.EE
++ /var/run/dovecot(-login)?(/.*)?
++.br
+
-+- Set files with the glusterd_etc_t type, if you want to store glusterd files in the /etc directories.
++.br
++.B krb5_host_rcache_t
+
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
+.br
-+.TP 5
-+Paths:
-+/etc/glusterfs(/.*)?, /etc/glusterd(/.*)?
+
-+.EX
-+.PP
-+.B glusterd_exec_t
-+.EE
++.br
++.B mail_home_rw_t
+
-+- Set files with the glusterd_exec_t type, if you want to transition an executable to the glusterd_t domain.
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/opt/glusterfs/[^/]+/sbin/glusterfsd, /usr/sbin/glusterfsd
++.B mail_spool_t
+
-+.EX
-+.PP
-+.B glusterd_initrc_exec_t
-+.EE
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
+
-+- Set files with the glusterd_initrc_exec_t type, if you want to transition an executable to the glusterd_initrc_t domain.
++.br
++.B user_home_t
+
++ /home/[^/]*/.+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/glusterd, /etc/rc\.d/init\.d/glusterd
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B glusterd_log_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the glusterd_log_t type, if you want to treat the data as glusterd log data, usually stored under the /var/log directory.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1)
++, dovecot_auth_selinux(8), dovecot_deliver_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/drbd_selinux.8 b/man/man8/drbd_selinux.8
+new file mode 100644
+index 0000000..37020af
+--- /dev/null
++++ b/man/man8/drbd_selinux.8
+@@ -0,0 +1,107 @@
++.TH "drbd_selinux" "8" "drbd" "dwalsh at redhat.com" "drbd SELinux Policy documentation"
++.SH "NAME"
++drbd_selinux \- Security Enhanced Linux Policy for the drbd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the drbd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux drbd policy is very flexible allowing users to setup their drbd processes in as secure a method as possible.
++.PP
++The following file types are defined for drbd:
+
+
+.EX
+.PP
-+.B glusterd_tmp_t
++.B drbd_exec_t
+.EE
+
-+- Set files with the glusterd_tmp_t type, if you want to store glusterd temporary files in the /tmp directories.
++- Set files with the drbd_exec_t type, if you want to transition an executable to the drbd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/drbdadm, /sbin/drbdsetup, /sbin/drbdadm, /usr/lib/ocf/resource.\d/linbit/drbd, /usr/sbin/drbdsetup
+
+.EX
+.PP
-+.B glusterd_var_lib_t
++.B drbd_lock_t
+.EE
+
-+- Set files with the glusterd_var_lib_t type, if you want to store the glusterd files under the /var/lib directory.
++- Set files with the drbd_lock_t type, if you want to treat the files as drbd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B glusterd_var_run_t
++.B drbd_var_lib_t
+.EE
+
-+- Set files with the glusterd_var_run_t type, if you want to store the glusterd files under the /run directory.
++- Set files with the drbd_var_lib_t type, if you want to store the drbd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/glusterd\.pid, /var/run/glusterd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -18615,18 +22570,32 @@ index 0000000..1255b93
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux glusterd policy is very flexible allowing users to setup their glusterd processes in as secure a method as possible.
++SELinux drbd policy is very flexible allowing users to setup their drbd processes in as secure a method as possible.
+.PP
-+The following process types are defined for glusterd:
++The following process types are defined for drbd:
+
+.EX
-+.B glusterd_t
++.B drbd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type drbd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B drbd_lock_t
++
++
++.br
++.B drbd_var_lib_t
++
++ /var/lib/drbd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -18642,38 +22611,38 @@ index 0000000..1255b93
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), glusterd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gnomeclock_selinux.8 b/man/man8/gnomeclock_selinux.8
++selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dspam_selinux.8 b/man/man8/dspam_selinux.8
new file mode 100644
-index 0000000..57d1458
+index 0000000..7407c94
--- /dev/null
-+++ b/man/man8/gnomeclock_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "gnomeclock_selinux" "8" "gnomeclock" "dwalsh at redhat.com" "gnomeclock SELinux Policy documentation"
++++ b/man/man8/dspam_selinux.8
+@@ -0,0 +1,153 @@
++.TH "dspam_selinux" "8" "dspam" "dwalsh at redhat.com" "dspam SELinux Policy documentation"
+.SH "NAME"
-+gnomeclock_selinux \- Security Enhanced Linux Policy for the gnomeclock processes
++dspam_selinux \- Security Enhanced Linux Policy for the dspam processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gnomeclock processes via flexible mandatory access
++Security-Enhanced Linux secures the dspam processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gnomeclock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the dspam_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the gnomeclock_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the dspam_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -18682,105 +22651,58 @@ index 0000000..57d1458
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gnomeclock policy is very flexible allowing users to setup their gnomeclock processes in as secure a method as possible.
++SELinux dspam policy is very flexible allowing users to setup their dspam processes in as secure a method as possible.
+.PP
-+The following file types are defined for gnomeclock:
++The following file types are defined for dspam:
+
+
+.EX
+.PP
-+.B gnomeclock_exec_t
++.B dspam_exec_t
+.EE
+
-+- Set files with the gnomeclock_exec_t type, if you want to transition an executable to the gnomeclock_t domain.
++- Set files with the dspam_exec_t type, if you want to transition an executable to the dspam_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B dspam_initrc_exec_t
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux gnomeclock policy is very flexible allowing users to setup their gnomeclock processes in as secure a method as possible.
-+.PP
-+The following process types are defined for gnomeclock:
++- Set files with the dspam_initrc_exec_t type, if you want to transition an executable to the dspam_initrc_t domain.
+
-+.EX
-+.B gnomeclock_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B dspam_log_t
++.EE
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++- Set files with the dspam_log_t type, if you want to treat the data as dspam log data, usually stored under the /var/log directory.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
+
-+.SH "SEE ALSO"
-+selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gnomesystemmm_selinux.8 b/man/man8/gnomesystemmm_selinux.8
-new file mode 100644
-index 0000000..ef13ae9
---- /dev/null
-+++ b/man/man8/gnomesystemmm_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "gnomesystemmm_selinux" "8" "gnomesystemmm" "dwalsh at redhat.com" "gnomesystemmm SELinux Policy documentation"
-+.SH "NAME"
-+gnomesystemmm_selinux \- Security Enhanced Linux Policy for the gnomesystemmm processes
-+.SH "DESCRIPTION"
++.EX
++.PP
++.B dspam_tmp_t
++.EE
+
-+Security-Enhanced Linux secures the gnomesystemmm processes via flexible mandatory access
-+control.
++- Set files with the dspam_tmp_t type, if you want to store dspam temporary files in the /tmp directories.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux gnomesystemmm policy is very flexible allowing users to setup their gnomesystemmm processes in as secure a method as possible.
-+.PP
-+The following file types are defined for gnomesystemmm:
++.B dspam_var_lib_t
++.EE
++
++- Set files with the dspam_var_lib_t type, if you want to store the dspam files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B gnomesystemmm_exec_t
++.B dspam_var_run_t
+.EE
+
-+- Set files with the gnomesystemmm_exec_t type, if you want to transition an executable to the gnomesystemmm_t domain.
++- Set files with the dspam_var_run_t type, if you want to store the dspam files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper, /usr/libexec/gnome-system-monitor-mechanism
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -18795,18 +22717,44 @@ index 0000000..ef13ae9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gnomesystemmm policy is very flexible allowing users to setup their gnomesystemmm processes in as secure a method as possible.
++SELinux dspam policy is very flexible allowing users to setup their dspam processes in as secure a method as possible.
+.PP
-+The following process types are defined for gnomesystemmm:
++The following process types are defined for dspam:
+
+.EX
-+.B gnomesystemmm_t
++.B dspam_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type dspam_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dspam_log_t
++
++ /var/log/dspam(/.*)?
++.br
++
++.br
++.B dspam_var_lib_t
++
++ /var/lib/dspam(/.*)?
++.br
++
++.br
++.B dspam_var_run_t
++
++ /var/run/dspam(/.*)?
++.br
++
++.br
++.B httpd_dspam_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -18822,82 +22770,49 @@ index 0000000..ef13ae9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gpg_selinux.8 b/man/man8/gpg_selinux.8
++selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/entropyd_selinux.8 b/man/man8/entropyd_selinux.8
new file mode 100644
-index 0000000..0baaa29
+index 0000000..55c691d
--- /dev/null
-+++ b/man/man8/gpg_selinux.8
-@@ -0,0 +1,187 @@
-+.TH "gpg_selinux" "8" "gpg" "dwalsh at redhat.com" "gpg SELinux Policy documentation"
++++ b/man/man8/entropyd_selinux.8
+@@ -0,0 +1,130 @@
++.TH "entropyd_selinux" "8" "entropyd" "dwalsh at redhat.com" "entropyd SELinux Policy documentation"
+.SH "NAME"
-+gpg_selinux \- Security Enhanced Linux Policy for the gpg processes
++entropyd_selinux \- Security Enhanced Linux Policy for the entropyd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpg processes via flexible mandatory access
++Security-Enhanced Linux secures the entropyd processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. gpg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gpg with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
++SELinux policy is customizable based on least access required. entropyd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run entropyd with the tightest access possible.
+
-+.EX
-+.B setsebool -P gpg_agent_env_file 1
-+.EE
+
+.PP
-+If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
++If you want to allow the use of the audio devices as the source for the entropy feeds, you must turn on the entropyd_use_audio boolean.
+
+.EX
-+.B setsebool -P httpd_use_gpg 1
++.B setsebool -P entropyd_use_audio 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gpg_t, gpg_helper_t, gpg_pinentry_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the gpg_t, gpg_helper_t, gpg_pinentry_t, you must turn on the kerberos_enabled boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the entropyd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow gpg servers to read the /var/gpg directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/gpg(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/gpg
-+.pp
-+.TP
-+Allow gpg servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_gpgd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/gpg/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/gpg/incoming
-+
-+
+.PP
-+If you want to allow gpg web domain to modify public files used for public file transfer services., you must turn on the gpg_web_anon_write boolean.
++If you want to allow confined applications to run with kerberos for the entropyd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P gpg_web_anon_write 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -18906,70 +22821,34 @@ index 0000000..0baaa29
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gpg policy is very flexible allowing users to setup their gpg processes in as secure a method as possible.
++SELinux entropyd policy is very flexible allowing users to setup their entropyd processes in as secure a method as possible.
+.PP
-+The following file types are defined for gpg:
-+
-+
-+.EX
-+.PP
-+.B gpg_agent_exec_t
-+.EE
-+
-+- Set files with the gpg_agent_exec_t type, if you want to transition an executable to the gpg_agent_t domain.
-+
-+
-+.EX
-+.PP
-+.B gpg_agent_tmp_t
-+.EE
-+
-+- Set files with the gpg_agent_tmp_t type, if you want to store gpg agent temporary files in the /tmp directories.
++The following file types are defined for entropyd:
+
+
+.EX
+.PP
-+.B gpg_exec_t
++.B entropyd_exec_t
+.EE
+
-+- Set files with the gpg_exec_t type, if you want to transition an executable to the gpg_t domain.
++- Set files with the entropyd_exec_t type, if you want to transition an executable to the entropyd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/gpgsm, /usr/bin/gpg(2)?, /usr/bin/kgpg, /usr/lib/gnupg/.*
-+
-+.EX
-+.PP
-+.B gpg_helper_exec_t
-+.EE
-+
-+- Set files with the gpg_helper_exec_t type, if you want to transition an executable to the gpg_helper_t domain.
-+
-+
-+.EX
-+.PP
-+.B gpg_pinentry_tmp_t
-+.EE
-+
-+- Set files with the gpg_pinentry_tmp_t type, if you want to store gpg pinentry temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B gpg_pinentry_tmpfs_t
-+.EE
-+
-+- Set files with the gpg_pinentry_tmpfs_t type, if you want to store gpg pinentry files on a tmpfs file system.
-+
++/usr/sbin/audio-entropyd, /usr/sbin/haveged
+
+.EX
+.PP
-+.B gpg_secret_t
++.B entropyd_var_run_t
+.EE
+
-+- Set files with the gpg_secret_t type, if you want to treat the files as gpg se secret data.
++- Set files with the entropyd_var_run_t type, if you want to store the entropyd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/audio-entropyd\.pid, /var/run/haveged\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -18984,18 +22863,30 @@ index 0000000..0baaa29
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gpg policy is very flexible allowing users to setup their gpg processes in as secure a method as possible.
++SELinux entropyd policy is very flexible allowing users to setup their entropyd processes in as secure a method as possible.
+.PP
-+The following process types are defined for gpg:
++The following process types are defined for entropyd:
+
+.EX
-+.B gpg_t, gpg_pinentry_t, gpg_helper_t, gpg_web_t, gpg_agent_t
++.B entropyd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type entropyd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B entropyd_var_run_t
++
++ /var/run/haveged\.pid
++.br
++ /var/run/audio-entropyd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19014,24 +22905,24 @@ index 0000000..0baaa29
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gpg(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), entropyd(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/gpm_selinux.8 b/man/man8/gpm_selinux.8
+diff --git a/man/man8/eventlogd_selinux.8 b/man/man8/eventlogd_selinux.8
new file mode 100644
-index 0000000..a399e8a
+index 0000000..4d05864
--- /dev/null
-+++ b/man/man8/gpm_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "gpm_selinux" "8" "gpm" "dwalsh at redhat.com" "gpm SELinux Policy documentation"
++++ b/man/man8/eventlogd_selinux.8
+@@ -0,0 +1,113 @@
++.TH "eventlogd_selinux" "8" "eventlogd" "dwalsh at redhat.com" "eventlogd SELinux Policy documentation"
+.SH "NAME"
-+gpm_selinux \- Security Enhanced Linux Policy for the gpm processes
++eventlogd_selinux \- Security Enhanced Linux Policy for the eventlogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpm processes via flexible mandatory access
++Security-Enhanced Linux secures the eventlogd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -19042,54 +22933,42 @@ index 0000000..a399e8a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gpm policy is very flexible allowing users to setup their gpm processes in as secure a method as possible.
++SELinux eventlogd policy is very flexible allowing users to setup their eventlogd processes in as secure a method as possible.
+.PP
-+The following file types are defined for gpm:
-+
-+
-+.EX
-+.PP
-+.B gpm_conf_t
-+.EE
-+
-+- Set files with the gpm_conf_t type, if you want to treat the files as gpm configuration data, usually stored under the /etc directory.
++The following file types are defined for eventlogd:
+
+
+.EX
+.PP
-+.B gpm_exec_t
++.B eventlogd_exec_t
+.EE
+
-+- Set files with the gpm_exec_t type, if you want to transition an executable to the gpm_t domain.
++- Set files with the eventlogd_exec_t type, if you want to transition an executable to the eventlogd_t domain.
+
+
+.EX
+.PP
-+.B gpm_tmp_t
++.B eventlogd_var_lib_t
+.EE
+
-+- Set files with the gpm_tmp_t type, if you want to store gpm temporary files in the /tmp directories.
++- Set files with the eventlogd_var_lib_t type, if you want to store the eventlogd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B gpm_var_run_t
++.B eventlogd_var_run_t
+.EE
+
-+- Set files with the gpm_var_run_t type, if you want to store the gpm files under the /run directory.
++- Set files with the eventlogd_var_run_t type, if you want to store the eventlogd files under the /run directory.
+
+
+.EX
+.PP
-+.B gpmctl_t
++.B eventlogd_var_socket_t
+.EE
+
-+- Set files with the gpmctl_t type, if you want to treat the files as gpmctl data.
++- Set files with the eventlogd_var_socket_t type, if you want to treat the files as eventlogd var socket data.
+
-+.br
-+.TP 5
-+Paths:
-+/dev/gpmctl, /dev/gpmdata
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -19104,18 +22983,34 @@ index 0000000..a399e8a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gpm policy is very flexible allowing users to setup their gpm processes in as secure a method as possible.
++SELinux eventlogd policy is very flexible allowing users to setup their eventlogd processes in as secure a method as possible.
+.PP
-+The following process types are defined for gpm:
++The following process types are defined for eventlogd:
+
+.EX
-+.B gpm_t
++.B eventlogd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type eventlogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B eventlogd_var_lib_t
++
++ /var/lib/likewise-open/db/lwi_events.db
++.br
++
++.br
++.B eventlogd_var_run_t
++
++ /var/run/eventlogd.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19131,86 +23026,64 @@ index 0000000..a399e8a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gpsd_selinux.8 b/man/man8/gpsd_selinux.8
++selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/evtchnd_selinux.8 b/man/man8/evtchnd_selinux.8
new file mode 100644
-index 0000000..b1feb7f
+index 0000000..6109cfb
--- /dev/null
-+++ b/man/man8/gpsd_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "gpsd_selinux" "8" "gpsd" "dwalsh at redhat.com" "gpsd SELinux Policy documentation"
++++ b/man/man8/evtchnd_selinux.8
+@@ -0,0 +1,111 @@
++.TH "evtchnd_selinux" "8" "evtchnd" "dwalsh at redhat.com" "evtchnd SELinux Policy documentation"
+.SH "NAME"
-+gpsd_selinux \- Security Enhanced Linux Policy for the gpsd processes
++evtchnd_selinux \- Security Enhanced Linux Policy for the evtchnd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpsd processes via flexible mandatory access
++Security-Enhanced Linux secures the evtchnd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gpsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the gpsd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
++SELinux evtchnd policy is very flexible allowing users to setup their evtchnd processes in as secure a method as possible.
+.PP
-+The following file types are defined for gpsd:
-+
-+
-+.EX
-+.PP
-+.B gpsd_exec_t
-+.EE
-+
-+- Set files with the gpsd_exec_t type, if you want to transition an executable to the gpsd_t domain.
++The following file types are defined for evtchnd:
+
+
+.EX
+.PP
-+.B gpsd_initrc_exec_t
++.B evtchnd_exec_t
+.EE
+
-+- Set files with the gpsd_initrc_exec_t type, if you want to transition an executable to the gpsd_initrc_t domain.
++- Set files with the evtchnd_exec_t type, if you want to transition an executable to the evtchnd_t domain.
+
+
+.EX
+.PP
-+.B gpsd_tmpfs_t
++.B evtchnd_var_log_t
+.EE
+
-+- Set files with the gpsd_tmpfs_t type, if you want to store gpsd files on a tmpfs file system.
++- Set files with the evtchnd_var_log_t type, if you want to treat the data as evtchnd var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B gpsd_var_run_t
++.B evtchnd_var_run_t
+.EE
+
-+- Set files with the gpsd_var_run_t type, if you want to store the gpsd files under the /run directory.
++- Set files with the evtchnd_var_run_t type, if you want to store the evtchnd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/gpsd\.sock, /var/run/gpsd\.pid
++/var/run/evtchnd, /var/run/evtchnd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -19219,47 +23092,42 @@ index 0000000..b1feb7f
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for gpsd:
-+
-+.EX
-+.TP 5
-+.B gpsd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 2947
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
++SELinux evtchnd policy is very flexible allowing users to setup their evtchnd processes in as secure a method as possible.
+.PP
-+The following process types are defined for gpsd:
++The following process types are defined for evtchnd:
+
+.EX
-+.B gpsd_t
++.B evtchnd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type evtchnd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B evtchnd_var_log_t
++
++ /var/log/evtchnd\.log.*
++.br
++
++.br
++.B evtchnd_var_run_t
++
++ /var/run/evtchnd
++.br
++ /var/run/evtchnd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19270,46 +23138,68 @@ index 0000000..b1feb7f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/greylist_selinux.8 b/man/man8/greylist_selinux.8
++selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/exim_selinux.8 b/man/man8/exim_selinux.8
new file mode 100644
-index 0000000..420c772
+index 0000000..f4f4fa7
--- /dev/null
-+++ b/man/man8/greylist_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "greylist_selinux" "8" "greylist" "dwalsh at redhat.com" "greylist SELinux Policy documentation"
++++ b/man/man8/exim_selinux.8
+@@ -0,0 +1,232 @@
++.TH "exim_selinux" "8" "exim" "dwalsh at redhat.com" "exim SELinux Policy documentation"
+.SH "NAME"
-+greylist_selinux \- Security Enhanced Linux Policy for the greylist processes
++exim_selinux \- Security Enhanced Linux Policy for the exim processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the greylist processes via flexible mandatory access
++Security-Enhanced Linux secures the exim processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. exim policy is extremely flexible and has several booleans that allow you to manipulate the policy and run exim with the tightest access possible.
++
++
++.PP
++If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
++
++.EX
++.B setsebool -P exim_read_user_files 1
++.EE
++
++.PP
++If you want to allow exim to connect to databases (postgres, mysql), you must turn on the exim_can_connect_db boolean.
++
++.EX
++.B setsebool -P exim_can_connect_db 1
++.EE
++
++.PP
++If you want to allow exim to create, read, write, and delete unprivileged user files, you must turn on the exim_manage_user_files boolean.
++
++.EX
++.B setsebool -P exim_manage_user_files 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the greylist_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the exim_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the greylist_milter_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the exim_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -19318,29 +23208,69 @@ index 0000000..420c772
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux greylist policy is very flexible allowing users to setup their greylist processes in as secure a method as possible.
++SELinux exim policy is very flexible allowing users to setup their exim processes in as secure a method as possible.
+.PP
-+The following file types are defined for greylist:
++The following file types are defined for exim:
+
+
+.EX
+.PP
-+.B greylist_milter_data_t
++.B exim_exec_t
+.EE
+
-+- Set files with the greylist_milter_data_t type, if you want to treat the files as greylist milter content.
++- Set files with the exim_exec_t type, if you want to transition an executable to the exim_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/milter-greylist\.pid, /var/run/milter-greylist(/.*)?, /var/lib/milter-greylist(/.*)?
++/usr/sbin/exim_tidydb, /usr/sbin/exim[0-9]?
+
+.EX
+.PP
-+.B greylist_milter_exec_t
++.B exim_initrc_exec_t
+.EE
+
-+- Set files with the greylist_milter_exec_t type, if you want to transition an executable to the greylist_milter_t domain.
++- Set files with the exim_initrc_exec_t type, if you want to transition an executable to the exim_initrc_t domain.
++
++
++.EX
++.PP
++.B exim_keytab_t
++.EE
++
++- Set files with the exim_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B exim_log_t
++.EE
++
++- Set files with the exim_log_t type, if you want to treat the data as exim log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B exim_spool_t
++.EE
++
++- Set files with the exim_spool_t type, if you want to store the exim files under the /var/spool directory.
++
++
++.EX
++.PP
++.B exim_tmp_t
++.EE
++
++- Set files with the exim_tmp_t type, if you want to store exim temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B exim_var_run_t
++.EE
++
++- Set files with the exim_var_run_t type, if you want to store the exim files under the /run directory.
+
+
+.PP
@@ -19356,18 +23286,82 @@ index 0000000..420c772
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux greylist policy is very flexible allowing users to setup their greylist processes in as secure a method as possible.
++SELinux exim policy is very flexible allowing users to setup their exim processes in as secure a method as possible.
+.PP
-+The following process types are defined for greylist:
++The following process types are defined for exim:
+
+.EX
-+.B greylist_milter_t
++.B exim_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type exim_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B arpwatch_tmp_t
++
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B exim_log_t
++
++ /var/log/exim[0-9]?(/.*)?
++.br
++
++.br
++.B exim_spool_t
++
++ /var/spool/exim[0-9]?(/.*)?
++.br
++
++.br
++.B exim_tmp_t
++
++
++.br
++.B exim_var_run_t
++
++ /var/run/exim[0-9]?\.pid
++.br
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B sendmail_tmp_t
++
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19378,67 +23372,54 @@ index 0000000..420c772
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), greylist(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/groupadd_selinux.8 b/man/man8/groupadd_selinux.8
++selinux(8), exim(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/fail2ban_client_selinux.8 b/man/man8/fail2ban_client_selinux.8
new file mode 100644
-index 0000000..05104f2
+index 0000000..04741bf
--- /dev/null
-+++ b/man/man8/groupadd_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "groupadd_selinux" "8" "groupadd" "dwalsh at redhat.com" "groupadd SELinux Policy documentation"
++++ b/man/man8/fail2ban_client_selinux.8
+@@ -0,0 +1,78 @@
++.TH "fail2ban_client_selinux" "8" "fail2ban_client" "dwalsh at redhat.com" "fail2ban_client SELinux Policy documentation"
+.SH "NAME"
-+groupadd_selinux \- Security Enhanced Linux Policy for the groupadd processes
++fail2ban_client_selinux \- Security Enhanced Linux Policy for the fail2ban_client processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the groupadd processes via flexible mandatory access
++Security-Enhanced Linux secures the fail2ban_client processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the groupadd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the groupadd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux groupadd policy is very flexible allowing users to setup their groupadd processes in as secure a method as possible.
++SELinux fail2ban_client policy is very flexible allowing users to setup their fail2ban_client processes in as secure a method as possible.
+.PP
-+The following file types are defined for groupadd:
++The following file types are defined for fail2ban_client:
+
+
+.EX
+.PP
-+.B groupadd_exec_t
++.B fail2ban_client_exec_t
+.EE
+
-+- Set files with the groupadd_exec_t type, if you want to transition an executable to the groupadd_t domain.
++- Set files with the fail2ban_client_exec_t type, if you want to transition an executable to the fail2ban_client_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -19453,18 +23434,22 @@ index 0000000..05104f2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux groupadd policy is very flexible allowing users to setup their groupadd processes in as secure a method as possible.
++SELinux fail2ban_client policy is very flexible allowing users to setup their fail2ban_client processes in as secure a method as possible.
+.PP
-+The following process types are defined for groupadd:
++The following process types are defined for fail2ban_client:
+
+.EX
-+.B groupadd_t
++.B fail2ban_client_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type fail2ban_client_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19480,38 +23465,40 @@ index 0000000..05104f2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/groupd_selinux.8 b/man/man8/groupd_selinux.8
++selinux(8), fail2ban_client(8), semanage(8), restorecon(8), chcon(1)
++, fail2ban_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/fail2ban_selinux.8 b/man/man8/fail2ban_selinux.8
new file mode 100644
-index 0000000..e934b66
+index 0000000..2627ff6
--- /dev/null
-+++ b/man/man8/groupd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "groupd_selinux" "8" "groupd" "dwalsh at redhat.com" "groupd SELinux Policy documentation"
++++ b/man/man8/fail2ban_selinux.8
+@@ -0,0 +1,192 @@
++.TH "fail2ban_selinux" "8" "fail2ban" "dwalsh at redhat.com" "fail2ban SELinux Policy documentation"
+.SH "NAME"
-+groupd_selinux \- Security Enhanced Linux Policy for the groupd processes
++fail2ban_selinux \- Security Enhanced Linux Policy for the fail2ban processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the groupd processes via flexible mandatory access
++Security-Enhanced Linux secures the fail2ban processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the groupadd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fail2ban_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the groupadd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the fail2ban_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -19520,41 +23507,69 @@ index 0000000..e934b66
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux groupd policy is very flexible allowing users to setup their groupd processes in as secure a method as possible.
++SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible.
+.PP
-+The following file types are defined for groupd:
++The following file types are defined for fail2ban:
+
+
+.EX
+.PP
-+.B groupd_exec_t
++.B fail2ban_client_exec_t
+.EE
+
-+- Set files with the groupd_exec_t type, if you want to transition an executable to the groupd_t domain.
++- Set files with the fail2ban_client_exec_t type, if you want to transition an executable to the fail2ban_client_t domain.
+
+
+.EX
+.PP
-+.B groupd_tmpfs_t
++.B fail2ban_exec_t
+.EE
+
-+- Set files with the groupd_tmpfs_t type, if you want to store groupd files on a tmpfs file system.
++- Set files with the fail2ban_exec_t type, if you want to transition an executable to the fail2ban_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/fail2ban-server, /usr/bin/fail2ban
+
+.EX
+.PP
-+.B groupd_var_log_t
++.B fail2ban_initrc_exec_t
+.EE
+
-+- Set files with the groupd_var_log_t type, if you want to treat the data as groupd var log data, usually stored under the /var/log directory.
++- Set files with the fail2ban_initrc_exec_t type, if you want to transition an executable to the fail2ban_initrc_t domain.
+
+
+.EX
+.PP
-+.B groupd_var_run_t
++.B fail2ban_log_t
+.EE
+
-+- Set files with the groupd_var_run_t type, if you want to store the groupd files under the /run directory.
++- Set files with the fail2ban_log_t type, if you want to treat the data as fail2ban log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B fail2ban_tmp_t
++.EE
++
++- Set files with the fail2ban_tmp_t type, if you want to store fail2ban temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B fail2ban_var_lib_t
++.EE
++
++- Set files with the fail2ban_var_lib_t type, if you want to store the fail2ban files under the /var/lib directory.
++
++
++.EX
++.PP
++.B fail2ban_var_run_t
++.EE
++
++- Set files with the fail2ban_var_run_t type, if you want to store the fail2ban files under the /run directory.
+
+
+.PP
@@ -19570,18 +23585,70 @@ index 0000000..e934b66
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux groupd policy is very flexible allowing users to setup their groupd processes in as secure a method as possible.
++SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible.
+.PP
-+The following process types are defined for groupd:
++The following process types are defined for fail2ban:
+
+.EX
-+.B groupadd_t, groupd_t
++.B fail2ban_client_t, fail2ban_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type fail2ban_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B fail2ban_log_t
++
++ /var/log/fail2ban\.log.*
++.br
++
++.br
++.B fail2ban_tmp_t
++
++
++.br
++.B fail2ban_var_lib_t
++
++ /var/lib/fail2ban(/.*)?
++.br
++
++.br
++.B fail2ban_var_run_t
++
++ /var/run/fail2ban.*
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19597,89 +23664,58 @@ index 0000000..e934b66
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/gssd_selinux.8 b/man/man8/gssd_selinux.8
++selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1)
++, fail2ban_client_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/fcoemon_selinux.8 b/man/man8/fcoemon_selinux.8
new file mode 100644
-index 0000000..559dae1
+index 0000000..9dc9954
--- /dev/null
-+++ b/man/man8/gssd_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "gssd_selinux" "8" "gssd" "dwalsh at redhat.com" "gssd SELinux Policy documentation"
++++ b/man/man8/fcoemon_selinux.8
+@@ -0,0 +1,97 @@
++.TH "fcoemon_selinux" "8" "fcoemon" "dwalsh at redhat.com" "fcoemon SELinux Policy documentation"
+.SH "NAME"
-+gssd_selinux \- Security Enhanced Linux Policy for the gssd processes
++fcoemon_selinux \- Security Enhanced Linux Policy for the fcoemon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gssd processes via flexible mandatory access
++Security-Enhanced Linux secures the fcoemon processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. gssd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gssd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
-+
-+.EX
-+.B setsebool -P gssd_read_tmp 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gssd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the gssd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux gssd policy is very flexible allowing users to setup their gssd processes in as secure a method as possible.
++SELinux fcoemon policy is very flexible allowing users to setup their fcoemon processes in as secure a method as possible.
+.PP
-+The following file types are defined for gssd:
-+
-+
-+.EX
-+.PP
-+.B gssd_exec_t
-+.EE
-+
-+- Set files with the gssd_exec_t type, if you want to transition an executable to the gssd_t domain.
++The following file types are defined for fcoemon:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.gssd, /usr/sbin/rpc\.svcgssd
+
+.EX
+.PP
-+.B gssd_keytab_t
++.B fcoemon_exec_t
+.EE
+
-+- Set files with the gssd_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the fcoemon_exec_t type, if you want to transition an executable to the fcoemon_t domain.
+
+
+.EX
+.PP
-+.B gssd_tmp_t
++.B fcoemon_var_run_t
+.EE
+
-+- Set files with the gssd_tmp_t type, if you want to store gssd temporary files in the /tmp directories.
++- Set files with the fcoemon_var_run_t type, if you want to store the fcoemon files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/fcm(/.*)?, /var/run/fcoemon\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -19694,18 +23730,30 @@ index 0000000..559dae1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux gssd policy is very flexible allowing users to setup their gssd processes in as secure a method as possible.
++SELinux fcoemon policy is very flexible allowing users to setup their fcoemon processes in as secure a method as possible.
+.PP
-+The following process types are defined for gssd:
++The following process types are defined for fcoemon:
+
+.EX
-+.B gssd_t
++.B fcoemon_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type fcoemon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B fcoemon_var_run_t
++
++ /var/run/fcm(/.*)?
++.br
++ /var/run/fcoemon\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -19716,226 +23764,245 @@ index 0000000..559dae1
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), gssd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/guest_selinux.8 b/man/man8/guest_selinux.8
++selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/fenced_selinux.8 b/man/man8/fenced_selinux.8
new file mode 100644
-index 0000000..faeeaf7
+index 0000000..de66206
--- /dev/null
-+++ b/man/man8/guest_selinux.8
-@@ -0,0 +1,188 @@
-+.TH "guest_selinux" "8" "guest" "mgrepl at redhat.com" "guest SELinux Policy documentation"
++++ b/man/man8/fenced_selinux.8
+@@ -0,0 +1,211 @@
++.TH "fenced_selinux" "8" "fenced" "dwalsh at redhat.com" "fenced SELinux Policy documentation"
+.SH "NAME"
-+guest_u \- \fBLeast privledge terminal user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBguest_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBguest_r\fP. The
-+default role has a default type, \fBguest_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B guest_u:guest_r:guest_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
-+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
-+
-+You can list all Linux User to SELinux user mapping using:
-+
-+.B semanage login -l
-+
-+If you wanted to change the default user mapping to use the guest_u user, you would execute:
-+
-+.B semanage login -m -s guest_u __default__
-+
-+
-+If you want to map the one Linux user (joe) to the SELinux user guest, you would execute:
-+
-+.B $ semanage login -a -s guest_u joe
-+
-+
-+.SH USER DESCRIPTION
-+
-+The SELinux user guest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
-+
-+.SH SUDO
-+
-+The SELinux type guest_t is not allowed to execute sudo.
-+
-+.SH X WINDOWS LOGIN
-+
-+The SELinux user guest_u is not able to X Windows login.
-+
-+.SH TERMINAL LOGIN
-+
-+The SELinux user guest_u is able to terminal login.
-+
-+.SH NETWORK
-+
-+.TP
-+The SELinux user guest_u is able to connect to the following tcp ports.
-+
-+.B dns_port_t: 53
-+
-+.B ocsp_port_t: 9080
++fenced_selinux \- Security Enhanced Linux Policy for the fenced processes
++.SH "DESCRIPTION"
+
-+.B kerberos_port_t: 88,750,4444
++Security-Enhanced Linux secures the fenced processes via flexible mandatory access
++control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. guest_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run guest_t with the tightest access possible.
++SELinux policy is customizable based on least access required. fenced policy is extremely flexible and has several booleans that allow you to manipulate the policy and run fenced with the tightest access possible.
+
+
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
+
+.EX
-+.B setsebool -P allow_user_mysql_connect 1
++.B setsebool -P fenced_can_ssh 1
+.EE
+
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++If you want to allow fenced domain to connect to the network using TCP, you must turn on the fenced_can_network_connect boolean.
+
+.EX
-+.B setsebool -P user_ping 1
++.B setsebool -P fenced_can_network_connect 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fenced_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P user_ttyfile_stat 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
++If you want to allow confined applications to run with kerberos for the fenced_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P user_share_music 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux fenced policy is very flexible allowing users to setup their fenced processes in as secure a method as possible.
++.PP
++The following file types are defined for fenced:
++
+
+.EX
-+.B setsebool -P user_direct_dri 1
++.PP
++.B fenced_exec_t
+.EE
+
-+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++- Set files with the fenced_exec_t type, if you want to transition an executable to the fenced_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/fence_tool, /usr/sbin/fence_node, /usr/sbin/fenced
+
+.EX
-+.B setsebool -P user_rw_noexattrfile 1
++.PP
++.B fenced_lock_t
+.EE
+
-+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++- Set files with the fenced_lock_t type, if you want to treat the files as fenced lock data, stored under the /var/lock directory
++
+
+.EX
-+.B setsebool -P user_tcp_server 1
++.PP
++.B fenced_tmp_t
+.EE
+
-+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++- Set files with the fenced_tmp_t type, if you want to store fenced temporary files in the /tmp directories.
++
+
+.EX
-+.B setsebool -P user_direct_mouse 1
++.PP
++.B fenced_tmpfs_t
+.EE
+
-+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++- Set files with the fenced_tmpfs_t type, if you want to store fenced files on a tmpfs file system.
++
+
+.EX
-+.B setsebool -P user_setrlimit 1
++.PP
++.B fenced_var_log_t
+.EE
+
-+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++- Set files with the fenced_var_log_t type, if you want to treat the data as fenced var log data, usually stored under the /var/log directory.
++
+
+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
++.PP
++.B fenced_var_run_t
+.EE
+
++- Set files with the fenced_var_run_t type, if you want to store the fenced files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/cluster/fenced_override, /var/run/cluster/fence_scsi.*, /var/run/fenced\.pid
++
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux fenced policy is very flexible allowing users to setup their fenced processes in as secure a method as possible.
++.PP
++The following process types are defined for fenced:
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B fenced_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH HOME_EXEC
++.SH "MANAGED FILES"
+
-+The SELinux user guest_u is able execute home content files.
++The SELinux user type fenced_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH TRANSITIONS
++.br
++.B cluster_var_lib_t
+
-+Three things can happen when guest_t attempts to execute a program.
++ /var/lib/cluster(/.*)?
++.br
+
-+\fB1.\fP SELinux Policy can deny guest_t from executing the program.
++.br
++.B fenced_lock_t
+
-+.TP
++ /var/lock/fence_manual\.lock
++.br
+
-+\fB2.\fP SELinux Policy can allow guest_t to execute the program in the current user type.
++.br
++.B fenced_tmp_t
+
-+Execute the following to see the types that the SELinux user guest_t can execute without transitioning:
+
-+.B sesearch -A -s guest_t -c file -p execute_no_trans
++.br
++.B fenced_tmpfs_t
+
-+.TP
+
-+\fB3.\fP SELinux can allow guest_t to execute the program and transition to a new type.
++.br
++.B fenced_var_log_t
+
-+Execute the following to see the types that the SELinux user guest_t can execute and transition:
++ /var/log/cluster/fenced\.log.*
++.br
+
-+.B $ sesearch -A -s guest_t -c process -p transition
++.br
++.B fenced_var_run_t
++
++ /var/run/cluster/fence_scsi.*
++.br
++ /var/run/fenced\.pid
++.br
++ /var/run/cluster/fenced_override
++.br
+
++.br
++.B snmpd_var_lib_t
+
-+.SH "COMMANDS"
++ /var/agentx(/.*)?
++.br
++ /var/lib/snmp(/.*)?
++.br
++ /var/net-snmp(/.*)?
++.br
++ /var/lib/net-snmp(/.*)?
++.br
++ /usr/share/snmp/mibs/\.index
++.br
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.B semanage boolean
++can also be used to manipulate the booleans
+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/hddtemp_selinux.8 b/man/man8/hddtemp_selinux.8
++selinux(8), fenced(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/fetchmail_selinux.8 b/man/man8/fetchmail_selinux.8
new file mode 100644
-index 0000000..9f14966
+index 0000000..468a155
--- /dev/null
-+++ b/man/man8/hddtemp_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "hddtemp_selinux" "8" "hddtemp" "dwalsh at redhat.com" "hddtemp SELinux Policy documentation"
++++ b/man/man8/fetchmail_selinux.8
+@@ -0,0 +1,135 @@
++.TH "fetchmail_selinux" "8" "fetchmail" "dwalsh at redhat.com" "fetchmail SELinux Policy documentation"
+.SH "NAME"
-+hddtemp_selinux \- Security Enhanced Linux Policy for the hddtemp processes
++fetchmail_selinux \- Security Enhanced Linux Policy for the fetchmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hddtemp processes via flexible mandatory access
++Security-Enhanced Linux secures the fetchmail processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -19946,83 +24013,106 @@ index 0000000..9f14966
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
++SELinux fetchmail policy is very flexible allowing users to setup their fetchmail processes in as secure a method as possible.
+.PP
-+The following file types are defined for hddtemp:
++The following file types are defined for fetchmail:
+
+
+.EX
+.PP
-+.B hddtemp_etc_t
++.B fetchmail_etc_t
+.EE
+
-+- Set files with the hddtemp_etc_t type, if you want to store hddtemp files in the /etc directories.
++- Set files with the fetchmail_etc_t type, if you want to store fetchmail files in the /etc directories.
+
+
+.EX
+.PP
-+.B hddtemp_exec_t
++.B fetchmail_exec_t
+.EE
+
-+- Set files with the hddtemp_exec_t type, if you want to transition an executable to the hddtemp_t domain.
++- Set files with the fetchmail_exec_t type, if you want to transition an executable to the fetchmail_t domain.
+
+
+.EX
+.PP
-+.B hddtemp_initrc_exec_t
++.B fetchmail_home_t
+.EE
+
-+- Set files with the hddtemp_initrc_exec_t type, if you want to transition an executable to the hddtemp_initrc_t domain.
-+
++- Set files with the fetchmail_home_t type, if you want to store fetchmail files in the users home directory.
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.EX
+.PP
-+You can see the types associated with a port by using the following command:
++.B fetchmail_uidl_cache_t
++.EE
+
-+.B semanage port -l
++- Set files with the fetchmail_uidl_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
-+.PP
-+The following port types are defined for hddtemp:
++.br
++.TP 5
++Paths:
++/var/lib/fetchmail(/.*)?, /var/mail/\.fetchmail-UIDL-cache
+
+.EX
-+.TP 5
-+.B hddtemp_port_t
-+.TP 10
++.PP
++.B fetchmail_var_run_t
+.EE
+
++- Set files with the fetchmail_var_run_t type, if you want to store the fetchmail files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+Default Defined Ports:
-+tcp 7634
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
++SELinux fetchmail policy is very flexible allowing users to setup their fetchmail processes in as secure a method as possible.
+.PP
-+The following process types are defined for hddtemp:
++The following process types are defined for fetchmail:
+
+.EX
-+.B hddtemp_t
++.B fetchmail_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type fetchmail_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B fetchmail_uidl_cache_t
++
++ /var/lib/fetchmail(/.*)?
++.br
++ /var/mail/\.fetchmail-UIDL-cache
++.br
++
++.br
++.B fetchmail_var_run_t
++
++ /var/run/fetchmail/.*
++.br
++
++.br
++.B sendmail_log_t
++
++ /var/log/mail(/.*)?
++.br
++ /var/log/sendmail\.st
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -20033,56 +24123,91 @@ index 0000000..9f14966
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/hostname_selinux.8 b/man/man8/hostname_selinux.8
++selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/fingerd_selinux.8 b/man/man8/fingerd_selinux.8
new file mode 100644
-index 0000000..6701415
+index 0000000..2c1e040
--- /dev/null
-+++ b/man/man8/hostname_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "hostname_selinux" "8" "hostname" "dwalsh at redhat.com" "hostname SELinux Policy documentation"
++++ b/man/man8/fingerd_selinux.8
+@@ -0,0 +1,155 @@
++.TH "fingerd_selinux" "8" "fingerd" "dwalsh at redhat.com" "fingerd SELinux Policy documentation"
+.SH "NAME"
-+hostname_selinux \- Security Enhanced Linux Policy for the hostname processes
++fingerd_selinux \- Security Enhanced Linux Policy for the fingerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hostname processes via flexible mandatory access
++Security-Enhanced Linux secures the fingerd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fingerd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the fingerd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux hostname policy is very flexible allowing users to setup their hostname processes in as secure a method as possible.
++SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
+.PP
-+The following file types are defined for hostname:
++The following file types are defined for fingerd:
+
+
+.EX
+.PP
-+.B hostname_exec_t
++.B fingerd_etc_t
+.EE
+
-+- Set files with the hostname_exec_t type, if you want to transition an executable to the hostname_t domain.
++- Set files with the fingerd_etc_t type, if you want to store fingerd files in the /etc directories.
++
++
++.EX
++.PP
++.B fingerd_exec_t
++.EE
++
++- Set files with the fingerd_exec_t type, if you want to transition an executable to the fingerd_t domain.
+
+.br
+.TP 5
+Paths:
-+/bin/hostname, /usr/bin/hostname
++/etc/cron\.weekly/(c)?fingerd, /usr/sbin/[cef]fingerd, /usr/sbin/in\.fingerd
++
++.EX
++.PP
++.B fingerd_log_t
++.EE
++
++- Set files with the fingerd_log_t type, if you want to treat the data as fingerd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B fingerd_var_run_t
++.EE
++
++- Set files with the fingerd_var_run_t type, if you want to store the fingerd files under the /run directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -20091,24 +24216,61 @@ index 0000000..6701415
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
++.PP
++The following port types are defined for fingerd:
++
++.EX
++.TP 5
++.B fingerd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 79
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux hostname policy is very flexible allowing users to setup their hostname processes in as secure a method as possible.
++SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible.
+.PP
-+The following process types are defined for hostname:
++The following process types are defined for fingerd:
+
+.EX
-+.B hostname_t
++.B fingerd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type fingerd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B fingerd_log_t
++
++ /var/log/cfingerd\.log.*
++.br
++
++.br
++.B fingerd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -20119,89 +24281,110 @@ index 0000000..6701415
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/hplip_selinux.8 b/man/man8/hplip_selinux.8
++selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/firewalld_selinux.8 b/man/man8/firewalld_selinux.8
new file mode 100644
-index 0000000..fd1af3c
+index 0000000..706011a
--- /dev/null
-+++ b/man/man8/hplip_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "hplip_selinux" "8" "hplip" "dwalsh at redhat.com" "hplip SELinux Policy documentation"
++++ b/man/man8/firewalld_selinux.8
+@@ -0,0 +1,150 @@
++.TH "firewalld_selinux" "8" "firewalld" "dwalsh at redhat.com" "firewalld SELinux Policy documentation"
+.SH "NAME"
-+hplip_selinux \- Security Enhanced Linux Policy for the hplip processes
++firewalld_selinux \- Security Enhanced Linux Policy for the firewalld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hplip processes via flexible mandatory access
++Security-Enhanced Linux secures the firewalld processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the firewallgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the firewallgui_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
++SELinux firewalld policy is very flexible allowing users to setup their firewalld processes in as secure a method as possible.
+.PP
-+The following file types are defined for hplip:
++The following file types are defined for firewalld:
+
+
+.EX
+.PP
-+.B hplip_etc_t
++.B firewalld_etc_rw_t
+.EE
+
-+- Set files with the hplip_etc_t type, if you want to store hplip files in the /etc directories.
++- Set files with the firewalld_etc_rw_t type, if you want to treat the files as firewalld etc read/write content.
+
+
+.EX
+.PP
-+.B hplip_exec_t
++.B firewalld_exec_t
+.EE
+
-+- Set files with the hplip_exec_t type, if you want to transition an executable to the hplip_t domain.
++- Set files with the firewalld_exec_t type, if you want to transition an executable to the firewalld_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/hpijs, /usr/share/hplip/.*\.py, /usr/sbin/hp-[^/]+, /usr/lib/cups/backend/hp.*, /usr/sbin/hpiod
+
+.EX
+.PP
-+.B hplip_tmp_t
++.B firewalld_initrc_exec_t
+.EE
+
-+- Set files with the hplip_tmp_t type, if you want to store hplip temporary files in the /tmp directories.
++- Set files with the firewalld_initrc_exec_t type, if you want to transition an executable to the firewalld_initrc_t domain.
+
+
+.EX
+.PP
-+.B hplip_var_lib_t
++.B firewalld_unit_file_t
+.EE
+
-+- Set files with the hplip_var_lib_t type, if you want to store the hplip files under the /var/lib directory.
++- Set files with the firewalld_unit_file_t type, if you want to treat the files as firewalld unit content.
+
+
+.EX
+.PP
-+.B hplip_var_run_t
++.B firewalld_var_log_t
+.EE
+
-+- Set files with the hplip_var_run_t type, if you want to store the hplip files under the /run directory.
++- Set files with the firewalld_var_log_t type, if you want to treat the data as firewalld var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B firewalld_var_run_t
++.EE
++
++- Set files with the firewalld_var_run_t type, if you want to store the firewalld files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/hp.*\.pid, /var/run/hp.*\.port
++/var/run/firewalld\.pid, /var/run/firewalld(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -20210,47 +24393,42 @@ index 0000000..fd1af3c
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
-+.PP
-+The following port types are defined for hplip:
-+
-+.EX
-+.TP 5
-+.B hplip_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1782,2207,2208,8290,50000,50002,8292,9100,9101,9102,9220,9221,9222,9280,9281,9282,9290,9291
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
++SELinux firewalld policy is very flexible allowing users to setup their firewalld processes in as secure a method as possible.
+.PP
-+The following process types are defined for hplip:
++The following process types are defined for firewalld:
+
+.EX
-+.B hplip_t
++.B firewallgui_t, firewalld_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type firewalld_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B firewalld_etc_rw_t
++
++ /etc/firewalld(/.*)?
++.br
++
++.br
++.B firewalld_var_run_t
++
++ /var/run/firewalld(/.*)?
++.br
++ /var/run/firewalld\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -20261,1609 +24439,2104 @@ index 0000000..fd1af3c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
-index 16e8b13..0f70c71 100644
---- a/man/man8/httpd_selinux.8
-+++ b/man/man8/httpd_selinux.8
-@@ -1,120 +1,1613 @@
--.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
--.de EX
--.nf
--.ft CW
--..
--.de EE
--.ft R
--.fi
--..
-+.TH "httpd_selinux" "8" "httpd" "dwalsh at redhat.com" "httpd SELinux Policy documentation"
- .SH "NAME"
--httpd_selinux \- Security Enhanced Linux Policy for the httpd daemon
-+httpd_selinux \- Security Enhanced Linux Policy for the httpd processes
- .SH "DESCRIPTION"
-
--Security-Enhanced Linux secures the httpd server via flexible mandatory access
-+Security-Enhanced Linux secures the httpd processes via flexible mandatory access
- control.
--.SH FILE_CONTEXTS
--SELinux requires files to have an extended attribute to define the file type.
--Policy governs the access daemons have to these files.
--SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
--.PP
--The following file contexts types are defined for httpd:
++selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1)
++, firewallgui_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/firewallgui_selinux.8 b/man/man8/firewallgui_selinux.8
+new file mode 100644
+index 0000000..9e669ae
+--- /dev/null
++++ b/man/man8/firewallgui_selinux.8
+@@ -0,0 +1,125 @@
++.TH "firewallgui_selinux" "8" "firewallgui" "dwalsh at redhat.com" "firewallgui SELinux Policy documentation"
++.SH "NAME"
++firewallgui_selinux \- Security Enhanced Linux Policy for the firewallgui processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
++Security-Enhanced Linux secures the firewallgui processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow httpd to act as a relay, you must turn on the httpd_can_network_relay boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the firewallgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P httpd_can_network_relay 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
++If you want to allow confined applications to run with kerberos for the firewallgui_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P httpd_use_oddjob 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux firewallgui policy is very flexible allowing users to setup their firewallgui processes in as secure a method as possible.
++.PP
++The following file types are defined for firewallgui:
++
+
+.EX
-+.B setsebool -P httpd_can_network_connect_db 1
++.PP
++.B firewallgui_exec_t
+.EE
+
-+.PP
-+If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
++- Set files with the firewallgui_exec_t type, if you want to transition an executable to the firewallgui_t domain.
++
+
+.EX
-+.B setsebool -P httpd_use_gpg 1
++.PP
++.B firewallgui_tmp_t
+.EE
+
-+.PP
-+If you want to allow httpd cgi support, you must turn on the httpd_enable_cgi boolean.
++- Set files with the firewallgui_tmp_t type, if you want to store firewallgui temporary files in the /tmp directories.
+
-+.EX
-+.B setsebool -P httpd_enable_cgi 1
-+.EE
+
+.PP
-+If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P httpd_use_cifs 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow httpd processes to manage IPA content, you must turn on the httpd_manage_ipa boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux firewallgui policy is very flexible allowing users to setup their firewallgui processes in as secure a method as possible.
++.PP
++The following process types are defined for firewallgui:
+
+.EX
-+.B setsebool -P httpd_manage_ipa 1
++.B firewallgui_t
+.EE
-+
+.PP
-+If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.B setsebool -P httpd_run_stickshift 1
-+.EE
++.SH "MANAGED FILES"
+
-+.PP
-+If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean.
++The SELinux user type firewallgui_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.B setsebool -P httpd_enable_homedirs 1
-+.EE
++.br
++.B firewallgui_tmp_t
+
-+.PP
-+If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
+
-+.EX
-+.B setsebool -P httpd_dbus_avahi 1
-+.EE
++.br
++.B system_conf_t
+
-+.PP
-+If you want to unify HTTPD handling of all content files, you must turn on the httpd_unified boolean.
++ /etc/sysctl\.conf(\.old)?
++.br
++ /etc/sysconfig/ip6?tables.*
++.br
++ /etc/sysconfig/ipvsadm.*
++.br
++ /etc/sysconfig/ebtables.*
++.br
++ /etc/sysconfig/system-config-firewall.*
++.br
+
-+.EX
-+.B setsebool -P httpd_unified 1
-+.EE
++.br
++.B systemd_passwd_var_run_t
+
-+.PP
-+If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
-+.EX
-+.B setsebool -P httpd_mod_auth_pam 1
-+.EE
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+If you want to allow HTTPD scripts and modules to connect to the network using TCP, you must turn on the httpd_can_network_connect boolean.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.EX
-+.B setsebool -P httpd_can_network_connect 1
-+.EE
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.PP
-+If you want to allow httpd scripts and modules execmem/execstack, you must turn on the httpd_execmem boolean.
++.SH "SEE ALSO"
++selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/firstboot_selinux.8 b/man/man8/firstboot_selinux.8
+new file mode 100644
+index 0000000..32659cf
+--- /dev/null
++++ b/man/man8/firstboot_selinux.8
+@@ -0,0 +1,95 @@
++.TH "firstboot_selinux" "8" "firstboot" "dwalsh at redhat.com" "firstboot SELinux Policy documentation"
++.SH "NAME"
++firstboot_selinux \- Security Enhanced Linux Policy for the firstboot processes
++.SH "DESCRIPTION"
+
-+.EX
-+.B setsebool -P httpd_execmem 1
-+.EE
++Security-Enhanced Linux secures the firstboot processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow httpd to access FUSE file systems, you must turn on the httpd_use_fusefs boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux firstboot policy is very flexible allowing users to setup their firstboot processes in as secure a method as possible.
++.PP
++The following file types are defined for firstboot:
++
+
+.EX
-+.B setsebool -P httpd_use_fusefs 1
++.PP
++.B firstboot_etc_t
+.EE
+
-+.PP
-+If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++- Set files with the firstboot_etc_t type, if you want to store firstboot files in the /etc directories.
++
+
+.EX
-+.B setsebool -P httpd_mod_auth_ntlm_winbind 1
++.PP
++.B firstboot_exec_t
+.EE
+
-+.PP
-+If you want to unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal, you must turn on the httpd_tty_comm boolean.
++- Set files with the firstboot_exec_t type, if you want to transition an executable to the firstboot_t domain.
+
-+.EX
-+.B setsebool -P httpd_tty_comm 1
-+.EE
++.br
++.TP 5
++Paths:
++/usr/share/firstboot/firstboot\.py, /usr/sbin/firstboot
+
+.PP
-+If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
-+
-+.EX
-+.B setsebool -P httpd_graceful_shutdown 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux firstboot policy is very flexible allowing users to setup their firstboot processes in as secure a method as possible.
++.PP
++The following process types are defined for firstboot:
+
+.EX
-+.B setsebool -P httpd_can_connect_ftp 1
++.B firstboot_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type firstboot_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B file_type
++
++ all files on the system
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
-+.B setsebool -P httpd_read_user_content 1
-+.EE
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/foghorn_selinux.8 b/man/man8/foghorn_selinux.8
+new file mode 100644
+index 0000000..65d9a53
+--- /dev/null
++++ b/man/man8/foghorn_selinux.8
+@@ -0,0 +1,119 @@
++.TH "foghorn_selinux" "8" "foghorn" "dwalsh at redhat.com" "foghorn SELinux Policy documentation"
++.SH "NAME"
++foghorn_selinux \- Security Enhanced Linux Policy for the foghorn processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the foghorn processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux foghorn policy is very flexible allowing users to setup their foghorn processes in as secure a method as possible.
++.PP
++The following file types are defined for foghorn:
++
+
+.EX
-+.B setsebool -P httpd_use_nfs 1
++.PP
++.B foghorn_exec_t
+.EE
+
-+.PP
-+If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
++- Set files with the foghorn_exec_t type, if you want to transition an executable to the foghorn_t domain.
++
+
+.EX
-+.B setsebool -P httpd_tmp_exec 1
++.PP
++.B foghorn_tmpfs_t
+.EE
+
-+.PP
-+If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
++- Set files with the foghorn_tmpfs_t type, if you want to store foghorn files on a tmpfs file system.
++
+
+.EX
-+.B setsebool -P httpd_can_sendmail 1
++.PP
++.B foghorn_var_log_t
+.EE
+
-+.PP
-+If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean.
++- Set files with the foghorn_var_log_t type, if you want to treat the data as foghorn var log data, usually stored under the /var/log directory.
++
+
+.EX
-+.B setsebool -P httpd_builtin_scripting 1
++.PP
++.B foghorn_var_run_t
+.EE
+
-+.PP
-+If you want to allow httpd to connect to the ldap port, you must turn on the httpd_can_connect_ldap boolean.
++- Set files with the foghorn_var_run_t type, if you want to store the foghorn files under the /run directory.
+
- .EX
--httpd_sys_content_t
--.EE
--- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access.
-+.B setsebool -P httpd_can_connect_ldap 1
-+.EE
+
+.PP
-+If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
-+
-+.EX
-+.B setsebool -P httpd_can_check_spam 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux foghorn policy is very flexible allowing users to setup their foghorn processes in as secure a method as possible.
++.PP
++The following process types are defined for foghorn:
+
+.EX
-+.B setsebool -P named_bind_http_port 1
++.B foghorn_t
+.EE
-+
+.PP
-+If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.B setsebool -P httpd_can_network_memcache 1
-+.EE
++.SH "MANAGED FILES"
+
-+.PP
-+If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
++The SELinux user type foghorn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.B setsebool -P httpd_can_network_connect_cobbler 1
-+.EE
++.br
++.B cluster_var_lib_t
+
-+.PP
-+If you want to allow HTTPD to run SSI executables in the same domain as system CGI scripts, you must turn on the httpd_ssi_exec boolean.
++ /var/lib/cluster(/.*)?
++.br
+
-+.EX
-+.B setsebool -P httpd_ssi_exec 1
-+.EE
++.br
++.B foghorn_tmpfs_t
+
-+.PP
-+If you want to allow httpd to access openstack ports, you must turn on the httpd_use_openstack boolean.
+
-+.EX
-+.B setsebool -P httpd_use_openstack 1
-+.EE
++.br
++.B foghorn_var_log_t
+
-+.PP
-+If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
+
- .EX
--httpd_sys_script_exec_t
--.EE
--- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
-+.B setsebool -P httpd_enable_ftp_server 1
-+.EE
++.br
++.B foghorn_var_run_t
+
-+.PP
-+If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
+
- .EX
--httpd_sys_content_rw_t
-+.B setsebool -P httpd_can_connect_zabbix 1
- .EE
--- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+If you want to allow httpd daemon to change its resource limits, you must turn on the httpd_setrlimit boolean.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
- .EX
--httpd_sys_content_ra_t
-+.B setsebool -P httpd_setrlimit 1
- .EE
--- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/fprintd_selinux.8 b/man/man8/fprintd_selinux.8
+new file mode 100644
+index 0000000..db48a6a
+--- /dev/null
++++ b/man/man8/fprintd_selinux.8
+@@ -0,0 +1,105 @@
++.TH "fprintd_selinux" "8" "fprintd" "dwalsh at redhat.com" "fprintd SELinux Policy documentation"
++.SH "NAME"
++fprintd_selinux \- Security Enhanced Linux Policy for the fprintd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the fprintd processes via flexible mandatory access
++control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_prewikka_script_t, httpd_passwd_t, httpd_t, httpd_php_t, httpd_git_script_t, httpd_suexec_t, httpd_sys_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the fprintd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
- .EX
--httpd_unconfined_script_exec_t
--.EE
--- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the httpd_prewikka_script_t, httpd_passwd_t, httpd_t, httpd_php_t, httpd_git_script_t, httpd_suexec_t, httpd_sys_script_t, you must turn on the kerberos_enabled boolean.
-
--.SH NOTE
--With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
++If you want to allow confined applications to run with kerberos for the fprintd_t, you must turn on the kerberos_enabled boolean.
++
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
-
- .SH SHARING FILES
--If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow httpd servers to read the /var/httpd directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/httpd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/httpd
-+.pp
-+.TP
-+Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpdd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/httpd/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/httpd/incoming
-+
+
-+.PP
-+If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
-
- .EX
--setsebool -P allow_httpd_anon_write=1
-+.B setsebool -P httpd_sys_script_anon_write 1
- .EE
-
--or
-+.PP
-+If you want to allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t., you must turn on the httpd_anon_write boolean.
-
- .EX
--setsebool -P allow_httpd_sys_script_anon_write=1
-+.B setsebool -P httpd_anon_write 1
- .EE
-
--.SH BOOLEANS
--SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
++SELinux fprintd policy is very flexible allowing users to setup their fprintd processes in as secure a method as possible.
+.PP
-+The following file types are defined for httpd:
++The following file types are defined for fprintd:
+
+
+.EX
- .PP
--httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
-+.B httpd_apcupsd_cgi_content_t
++.PP
++.B fprintd_exec_t
+.EE
+
-+- Set files with the httpd_apcupsd_cgi_content_t type, if you want to treat the files as httpd apcupsd cgi content.
++- Set files with the fprintd_exec_t type, if you want to transition an executable to the fprintd_t domain.
+
+
+.EX
+.PP
-+.B httpd_apcupsd_cgi_htaccess_t
++.B fprintd_var_lib_t
+.EE
+
-+- Set files with the httpd_apcupsd_cgi_htaccess_t type, if you want to treat the file as a httpd apcupsd cgi access file.
++- Set files with the fprintd_var_lib_t type, if you want to store the fprintd files under the /var/lib directory.
+
+
-+.EX
+.PP
-+.B httpd_apcupsd_cgi_ra_content_t
-+.EE
-+
-+- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-
- .EX
--setsebool -P httpd_enable_cgi 1
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B httpd_apcupsd_cgi_rw_content_t
- .EE
-
-+- Set files with the httpd_apcupsd_cgi_rw_content_t type, if you want to treat the files as httpd apcupsd cgi read/write content.
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux fprintd policy is very flexible allowing users to setup their fprintd processes in as secure a method as possible.
++.PP
++The following process types are defined for fprintd:
+
+.EX
- .PP
--SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
-+.B httpd_apcupsd_cgi_script_exec_t
++.B fprintd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
++.SH "MANAGED FILES"
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
-
- .EX
--setsebool -P httpd_enable_homedirs 1
--chcon -R -t httpd_sys_content_t ~user/public_html
-+.PP
-+.B httpd_awstats_content_t
- .EE
-
-+- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content.
++The SELinux user type fprintd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
++.br
++.B fprintd_var_lib_t
+
-+.EX
- .PP
--SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
-+.B httpd_awstats_htaccess_t
-+.EE
++ /var/lib/fprint(/.*)?
++.br
+
-+- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-
- .EX
--setsebool -P httpd_tty_comm 1
+.PP
-+.B httpd_awstats_ra_content_t
- .EE
-
-+- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
- .PP
--httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
-+.B httpd_awstats_rw_content_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/freshclam_selinux.8 b/man/man8/freshclam_selinux.8
+new file mode 100644
+index 0000000..85a3f70
+--- /dev/null
++++ b/man/man8/freshclam_selinux.8
+@@ -0,0 +1,143 @@
++.TH "freshclam_selinux" "8" "freshclam" "dwalsh at redhat.com" "freshclam SELinux Policy documentation"
++.SH "NAME"
++freshclam_selinux \- Security Enhanced Linux Policy for the freshclam processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_awstats_rw_content_t type, if you want to treat the files as httpd awstats read/write content.
++Security-Enhanced Linux secures the freshclam processes via flexible mandatory access
++control.
+
-
- .EX
--setsebool -P httpd_unified 0
-+.PP
-+.B httpd_awstats_script_exec_t
- .EE
-
-+- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the freshclam_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
- .PP
--SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean.
-+.B httpd_bugzilla_content_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content.
++.PP
++If you want to allow confined applications to run with kerberos for the freshclam_t, you must turn on the kerberos_enabled boolean.
+
-
- .EX
--setsebool -P httpd_can_sendmail 1
- .PP
--httpd can be configured to turn off internal scripting (PHP). PHP and other
--loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
-+.B httpd_bugzilla_htaccess_t
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file.
-+
-
- .EX
--setsebool -P httpd_builtin_scripting 0
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_bugzilla_ra_content_t
- .EE
-
-+- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux freshclam policy is very flexible allowing users to setup their freshclam processes in as secure a method as possible.
++.PP
++The following file types are defined for freshclam:
+
+
+.EX
- .PP
--SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
--This would prevent a hacker from breaking into you httpd server and attacking
--other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
-+.B httpd_bugzilla_rw_content_t
++.PP
++.B freshclam_exec_t
+.EE
+
-+- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content.
++- Set files with the freshclam_exec_t type, if you want to transition an executable to the freshclam_t domain.
+
-
- .EX
--setsebool -P httpd_can_network_connect 1
++
++.EX
+.PP
-+.B httpd_bugzilla_script_exec_t
- .EE
-
-+- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
-+
-+
-+.EX
- .PP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
--.SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+.B httpd_bugzilla_tmp_t
-+.EE
-
--.SH "SEE ALSO"
--selinux(8), httpd(8), chcon(1), setsebool(8)
-+- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories.
-
-
-+.EX
-+.PP
-+.B httpd_cache_t
++.B freshclam_var_log_t
+.EE
+
-+- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the freshclam_var_log_t type, if you want to treat the data as freshclam var log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)?
++/var/log/clamav/freshclam.*, /var/log/freshclam.*
+
-+.EX
+.PP
-+.B httpd_cobbler_content_t
-+.EE
-+
-+- Set files with the httpd_cobbler_content_t type, if you want to treat the files as httpd cobbler content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux freshclam policy is very flexible allowing users to setup their freshclam processes in as secure a method as possible.
++.PP
++The following process types are defined for freshclam:
+
+.EX
-+.PP
-+.B httpd_cobbler_htaccess_t
++.B freshclam_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_cobbler_htaccess_t type, if you want to treat the file as a httpd cobbler access file.
++.SH "MANAGED FILES"
+
++The SELinux user type freshclam_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B httpd_cobbler_ra_content_t
-+.EE
++.br
++.B clamd_var_lib_t
+
-+- Set files with the httpd_cobbler_ra_content_t type, if you want to treat the files as httpd cobbler read/append content.
++ /var/clamav(/.*)?
++.br
++ /var/lib/clamd.*
++.br
++ /var/lib/clamav(/.*)?
++.br
++
++.br
++.B clamd_var_run_t
+
++ /var/run/clamd.*
++.br
++ /var/run/clamav.*
++.br
++ /var/run/amavis(d)?/clamd\.pid
++.br
++ /var/spool/MailScanner(/.*)?
++.br
++ /var/spool/amavisd/clamd\.sock
++.br
+
-+.EX
-+.PP
-+.B httpd_cobbler_rw_content_t
-+.EE
++.br
++.B freshclam_var_log_t
+
-+- Set files with the httpd_cobbler_rw_content_t type, if you want to treat the files as httpd cobbler read/write content.
++ /var/log/freshclam.*
++.br
++ /var/log/clamav/freshclam.*
++.br
+
++.br
++.B systemd_passwd_var_run_t
+
-+.EX
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_cobbler_script_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_collectd_content_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/fsadm_selinux.8 b/man/man8/fsadm_selinux.8
+new file mode 100644
+index 0000000..a2e7734
+--- /dev/null
++++ b/man/man8/fsadm_selinux.8
+@@ -0,0 +1,249 @@
++.TH "fsadm_selinux" "8" "fsadm" "dwalsh at redhat.com" "fsadm SELinux Policy documentation"
++.SH "NAME"
++fsadm_selinux \- Security Enhanced Linux Policy for the fsadm processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_collectd_content_t type, if you want to treat the files as httpd collectd content.
++Security-Enhanced Linux secures the fsadm processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_collectd_htaccess_t
-+.EE
-+
-+- Set files with the httpd_collectd_htaccess_t type, if you want to treat the file as a httpd collectd access file.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux fsadm policy is very flexible allowing users to setup their fsadm processes in as secure a method as possible.
++.PP
++The following file types are defined for fsadm:
+
+
+.EX
+.PP
-+.B httpd_collectd_ra_content_t
++.B fsadm_exec_t
+.EE
+
-+- Set files with the httpd_collectd_ra_content_t type, if you want to treat the files as httpd collectd read/append content.
++- Set files with the fsadm_exec_t type, if you want to transition an executable to the fsadm_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/partx, /usr/sbin/fdisk, /sbin/mkfs.*, /sbin/blockdev, /usr/sbin/sfdisk, /sbin/mkdosfs, /usr/sbin/mke2fs, /sbin/mke2fs, /sbin/e4fsck, /usr/sbin/dosfsck, /usr/sbin/blockdev, /sbin/dosfsck, /usr/sbin/lsraid, /usr/bin/partition_uuid, /sbin/raidautorun, /usr/sbin/findfs, /usr/sbin/scsi_info, /sbin/resize.*fs, /usr/sbin/raidstart, /sbin/mkreiserfs, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/sbin/partx, /usr/sbin/resize.*fs, /usr/sbin/fsck.*, /usr/sbin/dumpe2fs, /usr/sbin/cfdisk, /sbin/tune2fs, /sbin/dumpe2fs, /usr/sbin/mkdosfs, /sbin/blkid, /usr/sbin/hdparm, /sbin/make_reiser4, /sbin/dump, /sbin/swapon.*, /usr/sbin/jfs_.*, /usr/bin/scsi_unique_id, /sbin/findfs, /usr/sbin/smartctl, /usr/bin/syslinux, /usr/sbin/blkid, /sbin/losetup.*, /usr/sbin/tune2fs, /usr/lib/systemd/systemd-fsck, /sbin/parted, /sbin/partprobe, /usr/sbin/mkfs.*, /sbin/e2label, /usr/sbin/reiserfs(ck|tune), /sbin/mkraid, /sbin/install-mbr, /sbin/scsi_info, /sbin/fsck.*, /usr/sbin/install-mbr, /usr/s
bin/clubufflush, /sbin/jfs_.*, /usr/sbin/mke4fs, /sbin/raidstart, /sbin/lsraid, /usr/sbin/losetup.*, /usr/sbin/mkreiserfs, /usr/sbin/swapon.*, /usr/sbin/e2fsck, /sbin/reiserfs(ck|tune), /usr/sbin/e4fsck, /usr/sbin/dump, /usr/sbin/partprobe, /sbin/fdisk, /sbin/sfdisk, /sbin/e2fsck, /usr/sbin/e2label, /usr/sbin/parted, /usr/bin/raw, /sbin/mke4fs, /sbin/cfdisk, /usr/sbin/mkraid, /sbin/hdparm
+
+.EX
+.PP
-+.B httpd_collectd_rw_content_t
++.B fsadm_log_t
+.EE
+
-+- Set files with the httpd_collectd_rw_content_t type, if you want to treat the files as httpd collectd read/write content.
++- Set files with the fsadm_log_t type, if you want to treat the data as fsadm log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B httpd_collectd_script_exec_t
++.B fsadm_tmp_t
+.EE
+
-+- Set files with the httpd_collectd_script_exec_t type, if you want to transition an executable to the httpd_collectd_script_t domain.
++- Set files with the fsadm_tmp_t type, if you want to store fsadm temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B httpd_config_t
++.B fsadm_var_run_t
+.EE
+
-+- Set files with the httpd_config_t type, if you want to treat the files as httpd configuration data, usually stored under the /etc directory.
++- Set files with the fsadm_var_run_t type, if you want to store the fsadm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/vhosts, /etc/httpd(/.*)?, /etc/apache(2)?(/.*)?, /etc/apache-ssl(2)?(/.*)?, /etc/lighttpd(/.*)?, /var/lib/stickshift/.httpd.d(/.*)?, /etc/cherokee(/.*)?
+
-+.EX
+.PP
-+.B httpd_cvs_content_t
-+.EE
-+
-+- Set files with the httpd_cvs_content_t type, if you want to treat the files as httpd cvs content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux fsadm policy is very flexible allowing users to setup their fsadm processes in as secure a method as possible.
++.PP
++The following process types are defined for fsadm:
+
+.EX
-+.PP
-+.B httpd_cvs_htaccess_t
++.B fsadm_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_cvs_htaccess_t type, if you want to treat the file as a httpd cvs access file.
++.SH "MANAGED FILES"
+
++The SELinux user type fsadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B httpd_cvs_ra_content_t
-+.EE
++.br
++.B amanda_dumpdates_t
+
-+- Set files with the httpd_cvs_ra_content_t type, if you want to treat the files as httpd cvs read/append content.
++ /etc/dumpdates
++.br
+
++.br
++.B cifs_t
+
-+.EX
-+.PP
-+.B httpd_cvs_rw_content_t
-+.EE
+
-+- Set files with the httpd_cvs_rw_content_t type, if you want to treat the files as httpd cvs read/write content.
++.br
++.B etc_runtime_t
+
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
+
-+.EX
-+.PP
-+.B httpd_cvs_script_exec_t
-+.EE
++.br
++.B fsadm_log_t
+
-+- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain.
++ /var/log/fsck(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
++.B fsadm_tmp_t
+
-+.EX
-+.PP
-+.B httpd_dirsrvadmin_content_t
-+.EE
+
-+- Set files with the httpd_dirsrvadmin_content_t type, if you want to treat the files as httpd dirsrvadmin content.
++.br
++.B fsadm_var_run_t
+
++ /var/run/blkid(/.*)?
++.br
+
-+.EX
-+.PP
-+.B httpd_dirsrvadmin_htaccess_t
-+.EE
++.br
++.B hugetlbfs_t
+
-+- Set files with the httpd_dirsrvadmin_htaccess_t type, if you want to treat the file as a httpd dirsrvadmin access file.
++ /dev/hugepages
++.br
++ /lib/udev/devices/hugepages
++.br
++ /usr/lib/udev/devices/hugepages
++.br
+
++.br
++.B livecd_tmp_t
+
-+.EX
-+.PP
-+.B httpd_dirsrvadmin_ra_content_t
-+.EE
+
-+- Set files with the httpd_dirsrvadmin_ra_content_t type, if you want to treat the files as httpd dirsrvadmin read/append content.
++.br
++.B lost_found_t
++
++ /lost\+found
++.br
++ /var/lost\+found
++.br
++ /usr/lost\+found
++.br
++ /tmp/lost\+found
++.br
++ /boot/lost\+found
++.br
++ /var/tmp/lost\+found
++.br
++ /home/lost\+found
++.br
+
++.br
++.B nfs_t
+
-+.EX
-+.PP
-+.B httpd_dirsrvadmin_rw_content_t
-+.EE
+
-+- Set files with the httpd_dirsrvadmin_rw_content_t type, if you want to treat the files as httpd dirsrvadmin read/write content.
++.br
++.B swapfile_t
+
+
-+.EX
-+.PP
-+.B httpd_dirsrvadmin_script_exec_t
-+.EE
++.br
++.B sysfs_t
+
-+- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain.
++ /sys(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
++.B tmpfs_t
+
-+.EX
-+.PP
-+.B httpd_dspam_content_t
-+.EE
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
+
-+- Set files with the httpd_dspam_content_t type, if you want to treat the files as httpd dspam content.
++.br
++.B xen_image_t
+
++ /xen(/.*)?
++.br
++ /var/lib/xen/images(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_dspam_htaccess_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_dspam_htaccess_t type, if you want to treat the file as a httpd dspam access file.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_dspam_ra_content_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/fsdaemon_selinux.8 b/man/man8/fsdaemon_selinux.8
+new file mode 100644
+index 0000000..2b3d987
+--- /dev/null
++++ b/man/man8/fsdaemon_selinux.8
+@@ -0,0 +1,111 @@
++.TH "fsdaemon_selinux" "8" "fsdaemon" "dwalsh at redhat.com" "fsdaemon SELinux Policy documentation"
++.SH "NAME"
++fsdaemon_selinux \- Security Enhanced Linux Policy for the fsdaemon processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_dspam_ra_content_t type, if you want to treat the files as httpd dspam read/append content.
++Security-Enhanced Linux secures the fsdaemon processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_dspam_rw_content_t
-+.EE
-+
-+- Set files with the httpd_dspam_rw_content_t type, if you want to treat the files as httpd dspam read/write content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux fsdaemon policy is very flexible allowing users to setup their fsdaemon processes in as secure a method as possible.
++.PP
++The following file types are defined for fsdaemon:
+
+
+.EX
+.PP
-+.B httpd_dspam_script_exec_t
++.B fsdaemon_exec_t
+.EE
+
-+- Set files with the httpd_dspam_script_exec_t type, if you want to transition an executable to the httpd_dspam_script_t domain.
++- Set files with the fsdaemon_exec_t type, if you want to transition an executable to the fsdaemon_t domain.
+
+
+.EX
+.PP
-+.B httpd_exec_t
++.B fsdaemon_initrc_exec_t
+.EE
+
-+- Set files with the httpd_exec_t type, if you want to transition an executable to the httpd_t domain.
++- Set files with the fsdaemon_initrc_exec_t type, if you want to transition an executable to the fsdaemon_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/apache(2)?, /usr/share/jetty/bin/jetty.sh, /usr/bin/mongrel_rails, /usr/lib/apache-ssl/.+, /usr/sbin/httpd\.event, /usr/sbin/httpd(\.worker)?, /usr/sbin/cherokee, /usr/sbin/apache-ssl(2)?, /usr/sbin/lighttpd
+
+.EX
+.PP
-+.B httpd_git_content_t
++.B fsdaemon_tmp_t
+.EE
+
-+- Set files with the httpd_git_content_t type, if you want to treat the files as httpd git content.
++- Set files with the fsdaemon_tmp_t type, if you want to store fsdaemon temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B httpd_git_htaccess_t
++.B fsdaemon_var_run_t
+.EE
+
-+- Set files with the httpd_git_htaccess_t type, if you want to treat the file as a httpd git access file.
++- Set files with the fsdaemon_var_run_t type, if you want to store the fsdaemon files under the /run directory.
+
+
-+.EX
+.PP
-+.B httpd_git_ra_content_t
-+.EE
-+
-+- Set files with the httpd_git_ra_content_t type, if you want to treat the files as httpd git read/append content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux fsdaemon policy is very flexible allowing users to setup their fsdaemon processes in as secure a method as possible.
++.PP
++The following process types are defined for fsdaemon:
+
+.EX
-+.PP
-+.B httpd_git_rw_content_t
++.B fsdaemon_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_git_rw_content_t type, if you want to treat the files as httpd git read/write content.
++.SH "MANAGED FILES"
++
++The SELinux user type fsdaemon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/var/cache/gitweb-caching(/.*)?, /var/cache/cgit(/.*)?
++.B fsdaemon_tmp_t
+
-+.EX
-+.PP
-+.B httpd_git_script_exec_t
-+.EE
+
-+- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain.
++.br
++.B fsdaemon_var_run_t
+
++ /var/run/smartd\.pid
+.br
-+.TP 5
-+Paths:
-+/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_helper_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_helper_exec_t type, if you want to transition an executable to the httpd_helper_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_initrc_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
+index 5bebd82..3e8fbe7 100644
+--- a/man/man8/ftpd_selinux.8
++++ b/man/man8/ftpd_selinux.8
+@@ -1,65 +1,482 @@
+-.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd SELinux policy documentation"
++.TH "ftpd_selinux" "8" "ftpd" "dwalsh at redhat.com" "ftpd SELinux Policy documentation"
+ .SH "NAME"
+-.PP
+-ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons.
++ftpd_selinux \- Security Enhanced Linux Policy for the ftpd processes
+ .SH "DESCRIPTION"
+
-+- Set files with the httpd_initrc_exec_t type, if you want to transition an executable to the httpd_initrc_t domain.
++Security-Enhanced Linux secures the ftpd processes via flexible mandatory access
++control.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. ftpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ftpd with the tightest access possible.
++
++
+ .PP
+-Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
+-.SH FILE_CONTEXTS
++If you want to allow ftp to read and write files in the user home directories, you must turn on the ftp_home_dir boolean.
+
+.EX
-+.PP
-+.B httpd_keytab_t
++.B setsebool -P ftp_home_dir 1
+.EE
+
-+- Set files with the httpd_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
+ .PP
+-SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files.
+-.TP
+-Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
++If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the ftpd_use_cifs boolean.
+
+.EX
-+.PP
-+.B httpd_libra_content_t
++.B setsebool -P ftpd_use_cifs 1
+.EE
+
-+- Set files with the httpd_libra_content_t type, if you want to treat the files as httpd libra content.
-+
+ .PP
+-.B
+-semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
+-.TP
+-.B
+-restorecon -F -R -v /var/ftp
+-.TP
+-Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set.
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
+
+.EX
-+.PP
-+.B httpd_libra_htaccess_t
++.B setsebool -P sftpd_write_ssh_home 1
+.EE
+
-+- Set files with the httpd_libra_htaccess_t type, if you want to treat the file as a httpd libra access file.
-+
+ .PP
+-.B
+-semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
+-.TP
+-.B
+-restorecon -F -R -v /var/ftp/incoming
++If you want to allow ftp servers to connect to mysql database ports, you must turn on the ftpd_connect_db boolean.
+
+.EX
-+.PP
-+.B httpd_libra_ra_content_t
++.B setsebool -P ftpd_connect_db 1
+.EE
+
+-.SH BOOLEANS
+ .PP
+-SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
+-.TP
+-Allow ftp servers to read and write files with the public_content_rw_t file type.
++If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the ftpd_full_access boolean.
+
-+- Set files with the httpd_libra_ra_content_t type, if you want to treat the files as httpd libra read/append content.
++.EX
++.B setsebool -P ftpd_full_access 1
++.EE
+
+ .PP
+-.B
+-setsebool -P allow_ftpd_anon_write on
+-.TP
+-Allow ftp servers to read or write files in the user home directories.
++If you want to allow sftp-internal to read and write files in the user home directories, you must turn on the sftpd_enable_homedirs boolean.
+
+.EX
-+.PP
-+.B httpd_libra_rw_content_t
++.B setsebool -P sftpd_enable_homedirs 1
+.EE
+
-+- Set files with the httpd_libra_rw_content_t type, if you want to treat the files as httpd libra read/write content.
-+
+ .PP
+-.B
+-setsebool -P ftp_home_dir on
+-.TP
+-Allow ftp servers to read or write all files on the system.
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
+
+.EX
-+.PP
-+.B httpd_libra_script_exec_t
++.B setsebool -P httpd_can_connect_ftp 1
+.EE
+
-+- Set files with the httpd_libra_script_exec_t type, if you want to transition an executable to the httpd_libra_script_t domain.
-+
+ .PP
+-.B
+-setsebool -P allow_ftpd_full_access on
++If you want to allow ftp servers to use bind to all unreserved ports for passive mode, you must turn on the ftpd_use_passive_mode boolean.
+
+.EX
-+.PP
-+.B httpd_lock_t
++.B setsebool -P ftpd_use_passive_mode 1
+.EE
+
-+- Set files with the httpd_lock_t type, if you want to treat the files as httpd lock data, stored under the /var/lock directory
-+
++.PP
++If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.PP
-+.B httpd_log_t
++.B setsebool -P ftpd_use_nfs 1
+.EE
+
-+- Set files with the httpd_log_t type, if you want to treat the data as httpd log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/apache-ssl(2)?(/.*)?, /var/log/suphp\.log.*, /var/log/httpd(/.*)?, /var/log/apache(2)?(/.*)?, /var/log/cherokee(/.*)?, /var/log/roundcubemail(/.*)?, /var/log/cgiwrap\.log.*, /var/log/lighttpd(/.*)?, /var/www(/.*)?/logs(/.*)?, /var/log/cacti(/.*)?, /var/log/dirsrv/admin-serv(/.*)?, /etc/httpd/logs
-+
-+.EX
+.PP
-+.B httpd_man2html_content_t
-+.EE
-+
-+- Set files with the httpd_man2html_content_t type, if you want to treat the files as httpd man2html content.
-+
++If you want to allow sftp-internal to login to local users and read/write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean.
+
+.EX
-+.PP
-+.B httpd_man2html_htaccess_t
++.B setsebool -P sftpd_full_access 1
+.EE
+
-+- Set files with the httpd_man2html_htaccess_t type, if you want to treat the file as a httpd man2html access file.
-+
++.PP
++If you want to allow ftp servers to connect to all ports > 1023, you must turn on the ftpd_connect_all_unreserved boolean.
+
+.EX
-+.PP
-+.B httpd_man2html_ra_content_t
++.B setsebool -P ftpd_connect_all_unreserved 1
+.EE
+
-+- Set files with the httpd_man2html_ra_content_t type, if you want to treat the files as httpd man2html read/append content.
-+
++.PP
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
+
+.EX
-+.PP
-+.B httpd_man2html_rw_content_t
++.B setsebool -P httpd_enable_ftp_server 1
+.EE
+
-+- Set files with the httpd_man2html_rw_content_t type, if you want to treat the files as httpd man2html read/write content.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ftpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B httpd_man2html_script_cache_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the httpd_man2html_script_cache_t type, if you want to store the files under the /var/cache directory.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the ftpd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B httpd_man2html_script_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the httpd_man2html_script_exec_t type, if you want to transition an executable to the httpd_man2html_script_t domain.
-+
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+ .TP
+-Allow ftp servers to use cifs for public file transfer services.
++Allow ftpd servers to read the /var/ftpd directory by adding the public_content_t file type to the directory and by restoring the file type.
+ .PP
+ .B
+-setsebool -P allow_ftpd_use_cifs on
++semanage fcontext -a -t public_content_t "/var/ftpd(/.*)?"
+.br
-+.TP 5
-+Paths:
-+/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
++.B restorecon -F -R -v /var/ftpd
++.pp
+ .TP
+-Allow ftp servers to use nfs for public file transfer services.
++Allow ftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpdd_anon_write boolean to be set.
+ .PP
+ .B
+-setsebool -P allow_ftpd_use_nfs on
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
++semanage fcontext -a -t public_content_rw_t "/var/ftpd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/ftpd/incoming
++
++
+ .PP
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
+
+.EX
-+.PP
-+.B httpd_mediawiki_content_t
++.B setsebool -P tftp_anon_write 1
+.EE
+
-+- Set files with the httpd_mediawiki_content_t type, if you want to treat the files as httpd mediawiki content.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/www/wiki/.*\.php, /usr/share/mediawiki(/.*)?
++.PP
++If you want to allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the ftpd_anon_write boolean.
+
+.EX
-+.PP
-+.B httpd_mediawiki_htaccess_t
++.B setsebool -P ftpd_anon_write 1
+.EE
+
-+- Set files with the httpd_mediawiki_htaccess_t type, if you want to treat the file as a httpd mediawiki access file.
-+
++.PP
++If you want to allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean.
+
+.EX
-+.PP
-+.B httpd_mediawiki_ra_content_t
++.B setsebool -P sftpd_anon_write 1
+.EE
+
-+- Set files with the httpd_mediawiki_ra_content_t type, if you want to treat the files as httpd mediawiki read/append content.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
++.PP
++The following file types are defined for ftpd:
+
+
+.EX
+.PP
-+.B httpd_mediawiki_rw_content_t
++.B ftpd_etc_t
+.EE
+
-+- Set files with the httpd_mediawiki_rw_content_t type, if you want to treat the files as httpd mediawiki read/write content.
++- Set files with the ftpd_etc_t type, if you want to store ftpd files in the /etc directories.
+
+
+.EX
+.PP
-+.B httpd_mediawiki_script_exec_t
++.B ftpd_exec_t
+.EE
+
-+- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain.
++- Set files with the ftpd_exec_t type, if you want to transition an executable to the ftpd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
++/usr/sbin/ftpwho, /etc/cron\.monthly/proftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/kerberos/sbin/ftpd, /usr/sbin/muddleftpd, /usr/sbin/vsftpd
+
+.EX
+.PP
-+.B httpd_modules_t
++.B ftpd_initrc_exec_t
+.EE
+
-+- Set files with the httpd_modules_t type, if you want to treat the files as httpd modules.
++- Set files with the ftpd_initrc_exec_t type, if you want to transition an executable to the ftpd_initrc_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/cherokee(/.*)?, /usr/lib/lighttpd(/.*)?, /usr/lib/apache(/.*)?, /etc/httpd/modules, /usr/lib/httpd(/.*)?, /usr/lib/apache2/modules(/.*)?
++/etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/vsftpd
+
+.EX
+.PP
-+.B httpd_mojomojo_content_t
++.B ftpd_keytab_t
+.EE
+
-+- Set files with the httpd_mojomojo_content_t type, if you want to treat the files as httpd mojomojo content.
++- Set files with the ftpd_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B httpd_mojomojo_htaccess_t
++.B ftpd_lock_t
+.EE
+
-+- Set files with the httpd_mojomojo_htaccess_t type, if you want to treat the file as a httpd mojomojo access file.
++- Set files with the ftpd_lock_t type, if you want to treat the files as ftpd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B httpd_mojomojo_ra_content_t
++.B ftpd_tmp_t
+.EE
+
-+- Set files with the httpd_mojomojo_ra_content_t type, if you want to treat the files as httpd mojomojo read/append content.
++- Set files with the ftpd_tmp_t type, if you want to store ftpd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B httpd_mojomojo_rw_content_t
++.B ftpd_tmpfs_t
+.EE
+
-+- Set files with the httpd_mojomojo_rw_content_t type, if you want to treat the files as httpd mojomojo read/write content.
++- Set files with the ftpd_tmpfs_t type, if you want to store ftpd files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B httpd_mojomojo_script_exec_t
++.B ftpd_unit_file_t
+.EE
+
-+- Set files with the httpd_mojomojo_script_exec_t type, if you want to transition an executable to the httpd_mojomojo_script_t domain.
++- Set files with the ftpd_unit_file_t type, if you want to treat the files as ftpd unit content.
+
+
+.EX
+.PP
-+.B httpd_mojomojo_tmp_t
++.B ftpd_var_run_t
+.EE
+
-+- Set files with the httpd_mojomojo_tmp_t type, if you want to store httpd mojomojo temporary files in the /tmp directories.
++- Set files with the ftpd_var_run_t type, if you want to store the ftpd files under the /run directory.
+
+
+.EX
+.PP
-+.B httpd_munin_content_t
++.B ftpdctl_exec_t
+.EE
+
-+- Set files with the httpd_munin_content_t type, if you want to treat the files as httpd munin content.
++- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain.
+
+
+.EX
+.PP
-+.B httpd_munin_htaccess_t
++.B ftpdctl_tmp_t
+.EE
+
-+- Set files with the httpd_munin_htaccess_t type, if you want to treat the file as a httpd munin access file.
++- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B httpd_munin_ra_content_t
-+.EE
-+
-+- Set files with the httpd_munin_ra_content_t type, if you want to treat the files as httpd munin read/append content.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B httpd_munin_rw_content_t
-+.EE
++You can see the types associated with a port by using the following command:
+
-+- Set files with the httpd_munin_rw_content_t type, if you want to treat the files as httpd munin read/write content.
++.B semanage port -l
+
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
++.PP
++The following port types are defined for ftpd:
+
+.EX
-+.PP
-+.B httpd_munin_script_exec_t
++.TP 5
++.B ftp_data_port_t
++.TP 10
+.EE
+
-+- Set files with the httpd_munin_script_exec_t type, if you want to transition an executable to the httpd_munin_script_t domain.
+
++Default Defined Ports:
++tcp 20
++.EE
+
+.EX
-+.PP
-+.B httpd_nagios_content_t
++.TP 5
++.B ftp_port_t
++.TP 10
+.EE
+
-+- Set files with the httpd_nagios_content_t type, if you want to treat the files as httpd nagios content.
+
++Default Defined Ports:
++tcp 21,990
++.EE
++udp 990
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible.
++.PP
++The following process types are defined for ftpd:
+
+.EX
-+.PP
-+.B httpd_nagios_htaccess_t
++.B ftpd_t, ftpdctl_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_nagios_htaccess_t type, if you want to treat the file as a httpd nagios access file.
++.SH "MANAGED FILES"
+
++The SELinux user type ftpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B httpd_nagios_ra_content_t
-+.EE
++.br
++.B faillog_t
+
-+- Set files with the httpd_nagios_ra_content_t type, if you want to treat the files as httpd nagios read/append content.
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
+
++.br
++.B ftpd_lock_t
+
-+.EX
-+.PP
-+.B httpd_nagios_rw_content_t
-+.EE
+
-+- Set files with the httpd_nagios_rw_content_t type, if you want to treat the files as httpd nagios read/write content.
++.br
++.B ftpd_tmp_t
+
+
-+.EX
-+.PP
-+.B httpd_nagios_script_exec_t
-+.EE
++.br
++.B ftpd_tmpfs_t
+
-+- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
-+
-+.EX
-+.PP
-+.B httpd_nutups_cgi_content_t
-+.EE
++.B ftpd_var_run_t
+
-+- Set files with the httpd_nutups_cgi_content_t type, if you want to treat the files as httpd nutups cgi content.
++ /var/run/proftpd.*
++.br
+
++.br
++.B initrc_var_run_t
+
-+.EX
-+.PP
-+.B httpd_nutups_cgi_htaccess_t
-+.EE
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
-+- Set files with the httpd_nutups_cgi_htaccess_t type, if you want to treat the file as a httpd nutups cgi access file.
++.br
++.B krb5_host_rcache_t
+
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
+
-+.EX
-+.PP
-+.B httpd_nutups_cgi_ra_content_t
-+.EE
++.br
++.B lastlog_t
+
-+- Set files with the httpd_nutups_cgi_ra_content_t type, if you want to treat the files as httpd nutups cgi read/append content.
++ /var/log/lastlog
++.br
+
++.br
++.B pcscd_var_run_t
+
-+.EX
-+.PP
-+.B httpd_nutups_cgi_rw_content_t
-+.EE
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
+
-+- Set files with the httpd_nutups_cgi_rw_content_t type, if you want to treat the files as httpd nutups cgi read/write content.
++.br
++.B security_t
+
++ /selinux
++.br
+
-+.EX
-+.PP
-+.B httpd_nutups_cgi_script_exec_t
-+.EE
++.br
++.B var_auth_t
+
-+- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain.
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
++.B wtmp_t
+
-+.EX
-+.PP
-+.B httpd_passwd_exec_t
-+.EE
++ /var/log/wtmp.*
++.br
+
-+- Set files with the httpd_passwd_exec_t type, if you want to transition an executable to the httpd_passwd_t domain.
++.br
++.B xferlog_t
+
++ /var/log/vsftpd.*
++.br
++ /var/log/xferlog.*
++.br
++ /var/log/proftpd(/.*)?
++.br
++ /var/log/xferreport.*
++.br
++ /var/log/muddleftpd\.log.*
++.br
++ /usr/libexec/webmin/vsftpd/webalizer/xfer_log
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_php_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_php_exec_t type, if you want to transition an executable to the httpd_php_t domain.
++.B semanage port
++can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
+
+-.SH "SEE ALSO"
+ .PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
+-selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_php_tmp_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), ftpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), ftpdctl_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ftpdctl_selinux.8 b/man/man8/ftpdctl_selinux.8
+new file mode 100644
+index 0000000..b71947a
+--- /dev/null
++++ b/man/man8/ftpdctl_selinux.8
+@@ -0,0 +1,86 @@
++.TH "ftpdctl_selinux" "8" "ftpdctl" "dwalsh at redhat.com" "ftpdctl SELinux Policy documentation"
++.SH "NAME"
++ftpdctl_selinux \- Security Enhanced Linux Policy for the ftpdctl processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_php_tmp_t type, if you want to store httpd php temporary files in the /tmp directories.
++Security-Enhanced Linux secures the ftpdctl processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_prewikka_content_t
-+.EE
-+
-+- Set files with the httpd_prewikka_content_t type, if you want to treat the files as httpd prewikka content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ftpdctl policy is very flexible allowing users to setup their ftpdctl processes in as secure a method as possible.
++.PP
++The following file types are defined for ftpdctl:
+
+
+.EX
+.PP
-+.B httpd_prewikka_htaccess_t
++.B ftpdctl_exec_t
+.EE
+
-+- Set files with the httpd_prewikka_htaccess_t type, if you want to treat the file as a httpd prewikka access file.
++- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain.
+
+
+.EX
+.PP
-+.B httpd_prewikka_ra_content_t
++.B ftpdctl_tmp_t
+.EE
+
-+- Set files with the httpd_prewikka_ra_content_t type, if you want to treat the files as httpd prewikka read/append content.
++- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B httpd_prewikka_rw_content_t
-+.EE
-+
-+- Set files with the httpd_prewikka_rw_content_t type, if you want to treat the files as httpd prewikka read/write content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ftpdctl policy is very flexible allowing users to setup their ftpdctl processes in as secure a method as possible.
++.PP
++The following process types are defined for ftpdctl:
+
+.EX
-+.PP
-+.B httpd_prewikka_script_exec_t
++.B ftpdctl_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_prewikka_script_exec_t type, if you want to transition an executable to the httpd_prewikka_script_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type ftpdctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_rotatelogs_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_rotatelogs_exec_t type, if you want to transition an executable to the httpd_rotatelogs_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_smokeping_cgi_content_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1)
++, ftpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/games_selinux.8 b/man/man8/games_selinux.8
+new file mode 100644
+index 0000000..7c948d5
+--- /dev/null
++++ b/man/man8/games_selinux.8
+@@ -0,0 +1,155 @@
++.TH "games_selinux" "8" "games" "dwalsh at redhat.com" "games SELinux Policy documentation"
++.SH "NAME"
++games_selinux \- Security Enhanced Linux Policy for the games processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_smokeping_cgi_content_t type, if you want to treat the files as httpd smokeping cgi content.
++Security-Enhanced Linux secures the games processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_smokeping_cgi_htaccess_t
-+.EE
-+
-+- Set files with the httpd_smokeping_cgi_htaccess_t type, if you want to treat the file as a httpd smokeping cgi access file.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux games policy is very flexible allowing users to setup their games processes in as secure a method as possible.
++.PP
++The following file types are defined for games:
+
+
+.EX
+.PP
-+.B httpd_smokeping_cgi_ra_content_t
++.B games_data_t
+.EE
+
-+- Set files with the httpd_smokeping_cgi_ra_content_t type, if you want to treat the files as httpd smokeping cgi read/append content.
++- Set files with the games_data_t type, if you want to treat the files as games content.
+
++.br
++.TP 5
++Paths:
++/var/games(/.*)?, /var/lib/games(/.*)?
+
+.EX
+.PP
-+.B httpd_smokeping_cgi_rw_content_t
++.B games_exec_t
+.EE
+
-+- Set files with the httpd_smokeping_cgi_rw_content_t type, if you want to treat the files as httpd smokeping cgi read/write content.
++- Set files with the games_exec_t type, if you want to transition an executable to the games_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/sol, /usr/bin/blackjack, /usr/bin/micq, /usr/bin/gnotski, /usr/bin/katomic, /usr/bin/kshisen, /usr/bin/klickety, /usr/bin/lskat, /usr/bin/atlantik, /usr/bin/ksame, /usr/bin/kgoldrunner, /usr/bin/lskatproc, /usr/bin/gataxx, /usr/bin/Maelstrom, /usr/bin/ksmiletris, /usr/bin/gnotravex, /usr/bin/ksirtet, /usr/bin/kbattleship, /usr/bin/ktuberling, /usr/bin/kenolaba, /usr/bin/kmahjongg, /usr/bin/ksnake, /usr/games/.*, /usr/bin/gnobots2, /usr/bin/civserver.*, /usr/bin/civclient.*, /usr/bin/kbounce, /usr/bin/kwin4, /usr/bin/ktron, /usr/bin/mahjongg, /usr/bin/kbackgammon, /usr/bin/kblackbox, /usr/bin/kjumpingcube, /usr/bin/gnomine, /usr/bin/gnect, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/ksokoban, /usr/bin/kolf, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/kpoker, /usr/lib/games(/.*)?, /usr/bin/glines, /usr/bin/kfouleggs, /usr/bin/kmines, /usr/bin/gnibbles, /usr/bin/kspaceduel, /usr/bin/kpat, /usr/bin/iagno, /usr/bin/gtali, /usr/bin/klines, /usr/bin/kwin4proc, /
usr/bin/gnome-stones
+
+.EX
+.PP
-+.B httpd_smokeping_cgi_script_exec_t
++.B games_srv_var_run_t
+.EE
+
-+- Set files with the httpd_smokeping_cgi_script_exec_t type, if you want to transition an executable to the httpd_smokeping_cgi_script_t domain.
++- Set files with the games_srv_var_run_t type, if you want to store the games srv files under the /run directory.
+
+
+.EX
+.PP
-+.B httpd_squid_content_t
++.B games_tmp_t
+.EE
+
-+- Set files with the httpd_squid_content_t type, if you want to treat the files as httpd squid content.
++- Set files with the games_tmp_t type, if you want to store games temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B httpd_squid_htaccess_t
++.B games_tmpfs_t
+.EE
+
-+- Set files with the httpd_squid_htaccess_t type, if you want to treat the file as a httpd squid access file.
++- Set files with the games_tmpfs_t type, if you want to store games files on a tmpfs file system.
+
+
-+.EX
+.PP
-+.B httpd_squid_ra_content_t
-+.EE
-+
-+- Set files with the httpd_squid_ra_content_t type, if you want to treat the files as httpd squid read/append content.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux games policy is very flexible allowing users to setup their games processes in as secure a method as possible.
++.PP
++The following process types are defined for games:
+
+.EX
-+.PP
-+.B httpd_squid_rw_content_t
++.B games_t, games_srv_t
+.EE
-+
-+- Set files with the httpd_squid_rw_content_t type, if you want to treat the files as httpd squid read/write content.
-+
-+
-+.EX
+.PP
-+.B httpd_squid_script_exec_t
-+.EE
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type games_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B httpd_squirrelmail_t
-+.EE
++.br
++.B games_data_t
+
-+- Set files with the httpd_squirrelmail_t type, if you want to treat the files as httpd squirrelmail data.
++ /var/games(/.*)?
++.br
++ /var/lib/games(/.*)?
++.br
+
++.br
++.B games_tmp_t
+
-+.EX
-+.PP
-+.B httpd_suexec_exec_t
-+.EE
+
-+- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain.
++.br
++.B games_tmpfs_t
++
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
++.B user_fonts_cache_t
+
-+.EX
-+.PP
-+.B httpd_suexec_tmp_t
-+.EE
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
-+- Set files with the httpd_suexec_tmp_t type, if you want to store httpd suexec temporary files in the /tmp directories.
++.br
++.B user_tmp_t
+
++ /var/run/user(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_sys_content_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_sys_content_t type, if you want to treat the files as httpd sys content.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/icecast(/.*)?, /usr/share/htdig(/.*)?, /etc/htdig(/.*)?, /var/www/svn/conf(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/data(/.*)?, /var/lib/htdig(/.*)?, /srv/gallery2(/.*)?, /srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?, /usr/share/mythweb(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/cacti/rra(/.*)?, /var/lib/trac(/.*)?, /var/www(/.*)?, /var/www/icons(/.*)?
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_sys_htaccess_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), games(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gconfd_selinux.8 b/man/man8/gconfd_selinux.8
+new file mode 100644
+index 0000000..db11a2e
+--- /dev/null
++++ b/man/man8/gconfd_selinux.8
+@@ -0,0 +1,102 @@
++.TH "gconfd_selinux" "8" "gconfd" "dwalsh at redhat.com" "gconfd SELinux Policy documentation"
++.SH "NAME"
++gconfd_selinux \- Security Enhanced Linux Policy for the gconfd processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_sys_htaccess_t type, if you want to treat the file as a httpd sys access file.
++Security-Enhanced Linux secures the gconfd processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_sys_ra_content_t
-+.EE
-+
-+- Set files with the httpd_sys_ra_content_t type, if you want to treat the files as httpd sys read/append content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gconfd policy is very flexible allowing users to setup their gconfd processes in as secure a method as possible.
++.PP
++The following file types are defined for gconfd:
+
+
+.EX
+.PP
-+.B httpd_sys_rw_content_t
++.B gconfd_exec_t
+.EE
+
-+- Set files with the httpd_sys_rw_content_t type, if you want to treat the files as httpd sys read/write content.
++- Set files with the gconfd_exec_t type, if you want to transition an executable to the gconfd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/html/[^/]*/sites/default/settings\.php, /var/spool/viewvc(/.*)?, /etc/WebCalendar(/.*)?, /etc/mock/koji(/.*)?, /var/lib/svn(/.*)?, /var/spool/gosa(/.*)?, /etc/zabbix/web(/.*)?, /var/lib/pootle/po(/.*)?, /etc/drupal.*, /var/www/gallery/albums(/.*)?, /usr/share/wordpress/wp-content/uploads(/.*)?, /var/www/html/configuration\.php, /usr/share/wordpress/wp-content/upgrade(/.*)?, /var/lib/drupal.*, /usr/share/wordpress-mu/wp-content(/.*)?, /var/lib/dokuwiki(/.*)?, /var/www/moodledata(/.*)?, /var/www/html/[^/]*/sites/default/files(/.*)?, /var/www/svn(/.*)?, /var/www/html/wp-content(/.*)?
+
+.EX
+.PP
-+.B httpd_sys_script_exec_t
++.B gconfdefaultsm_exec_t
+.EE
+
-+- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain.
++- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php
+
-+.EX
+.PP
-+.B httpd_tmp_t
-+.EE
-+
-+- Set files with the httpd_tmp_t type, if you want to store httpd temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux gconfd policy is very flexible allowing users to setup their gconfd processes in as secure a method as possible.
++.PP
++The following process types are defined for gconfd:
+
+.EX
-+.PP
-+.B httpd_tmpfs_t
++.B gconfdefaultsm_t, gconfd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_tmpfs_t type, if you want to store httpd files on a tmpfs file system.
++.SH "MANAGED FILES"
+
++The SELinux user type gconfd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B httpd_unit_file_t
-+.EE
++.br
++.B gconf_home_t
+
-+- Set files with the httpd_unit_file_t type, if you want to treat the files as httpd unit content.
++ /root/\.local.*
++.br
++ /root/\.gconf(d)?(/.*)?
++.br
++ /home/[^/]*/\.local.*
++.br
++ /home/[^/]*/\.gconf(d)?(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/httpd.*, /usr/lib/systemd/system/jetty.*
++.B gconf_tmp_t
+
-+.EX
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_user_content_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the httpd_user_content_t type, if you want to treat the files as httpd user content.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B httpd_user_htaccess_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1)
++, gconfdefaultsm_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/gconfdefaultsm_selinux.8 b/man/man8/gconfdefaultsm_selinux.8
+new file mode 100644
+index 0000000..7e9e962
+--- /dev/null
++++ b/man/man8/gconfdefaultsm_selinux.8
+@@ -0,0 +1,96 @@
++.TH "gconfdefaultsm_selinux" "8" "gconfdefaultsm" "dwalsh at redhat.com" "gconfdefaultsm SELinux Policy documentation"
++.SH "NAME"
++gconfdefaultsm_selinux \- Security Enhanced Linux Policy for the gconfdefaultsm processes
++.SH "DESCRIPTION"
+
-+- Set files with the httpd_user_htaccess_t type, if you want to treat the file as a httpd user access file.
++Security-Enhanced Linux secures the gconfdefaultsm processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B httpd_user_ra_content_t
-+.EE
-+
-+- Set files with the httpd_user_ra_content_t type, if you want to treat the files as httpd user read/append content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gconfdefaultsm policy is very flexible allowing users to setup their gconfdefaultsm processes in as secure a method as possible.
++.PP
++The following file types are defined for gconfdefaultsm:
+
+
+.EX
+.PP
-+.B httpd_user_rw_content_t
++.B gconfdefaultsm_exec_t
+.EE
+
-+- Set files with the httpd_user_rw_content_t type, if you want to treat the files as httpd user read/write content.
++- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain.
+
+
-+.EX
+.PP
-+.B httpd_user_script_exec_t
-+.EE
-+
-+- Set files with the httpd_user_script_exec_t type, if you want to transition an executable to the httpd_user_script_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux gconfdefaultsm policy is very flexible allowing users to setup their gconfdefaultsm processes in as secure a method as possible.
++.PP
++The following process types are defined for gconfdefaultsm:
+
+.EX
-+.PP
-+.B httpd_var_lib_t
++.B gconfdefaultsm_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the httpd_var_lib_t type, if you want to store the httpd files under the /var/lib directory.
++.SH "MANAGED FILES"
++
++The SELinux user type gconfdefaultsm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/var/lib/rt3/data/RT-Shredder(/.*)?, /var/lib/lighttpd(/.*)?, /var/lib/httpd(/.*)?, /var/lib/cherokee(/.*)?, /var/lib/dav(/.*)?
++.B gconf_etc_t
+
-+.EX
-+.PP
-+.B httpd_var_run_t
-+.EE
++ /etc/gconf(/.*)?
++.br
+
-+- Set files with the httpd_var_run_t type, if you want to store the httpd files under the /run directory.
++.br
++.B gconf_home_t
+
++ /root/\.local.*
++.br
++ /root/\.gconf(d)?(/.*)?
++.br
++ /home/[^/]*/\.local.*
++.br
++ /home/[^/]*/\.gconf(d)?(/.*)?
+.br
-+.TP 5
-+Paths:
-+/var/run/mod_.*, /var/run/wsgi.*, /var/run/apache.*, /var/run/cherokee\.pid, /var/run/gcache_port, /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?, /var/run/httpd.*, /var/run/dirsrv/admin-serv.*, /var/lib/php/session(/.*)?, /var/run/lighttpd(/.*)?
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B httpd_w3c_validator_content_t
-+.EE
-+
-+- Set files with the httpd_w3c_validator_content_t type, if you want to treat the files as httpd w3c validator content.
-+
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B httpd_w3c_validator_htaccess_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the httpd_w3c_validator_htaccess_t type, if you want to treat the file as a httpd w3c validator access file.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1)
++, gconfd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/getty_selinux.8 b/man/man8/getty_selinux.8
+new file mode 100644
+index 0000000..5405406
+--- /dev/null
++++ b/man/man8/getty_selinux.8
+@@ -0,0 +1,203 @@
++.TH "getty_selinux" "8" "getty" "dwalsh at redhat.com" "getty SELinux Policy documentation"
++.SH "NAME"
++getty_selinux \- Security Enhanced Linux Policy for the getty processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B httpd_w3c_validator_ra_content_t
-+.EE
++Security-Enhanced Linux secures the getty processes via flexible mandatory access
++control.
+
-+- Set files with the httpd_w3c_validator_ra_content_t type, if you want to treat the files as httpd w3c validator read/append content.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the getty_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B httpd_w3c_validator_rw_content_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the httpd_w3c_validator_rw_content_t type, if you want to treat the files as httpd w3c validator read/write content.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the getty_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B httpd_w3c_validator_script_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux getty policy is very flexible allowing users to setup their getty processes in as secure a method as possible.
++.PP
++The following file types are defined for getty:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+
+.EX
+.PP
-+.B httpd_w3c_validator_tmp_t
++.B getty_etc_t
+.EE
+
-+- Set files with the httpd_w3c_validator_tmp_t type, if you want to store httpd w3c validator temporary files in the /tmp directories.
++- Set files with the getty_etc_t type, if you want to store getty files in the /etc directories.
+
+
+.EX
+.PP
-+.B httpd_zoneminder_content_t
++.B getty_exec_t
+.EE
+
-+- Set files with the httpd_zoneminder_content_t type, if you want to treat the files as httpd zoneminder content.
++- Set files with the getty_exec_t type, if you want to transition an executable to the getty_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/.*getty, /sbin/.*getty
+
+.EX
+.PP
-+.B httpd_zoneminder_htaccess_t
++.B getty_lock_t
+.EE
+
-+- Set files with the httpd_zoneminder_htaccess_t type, if you want to treat the file as a httpd zoneminder access file.
++- Set files with the getty_lock_t type, if you want to treat the files as getty lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B httpd_zoneminder_ra_content_t
++.B getty_log_t
+.EE
+
-+- Set files with the httpd_zoneminder_ra_content_t type, if you want to treat the files as httpd zoneminder read/append content.
++- Set files with the getty_log_t type, if you want to treat the data as getty log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/mgetty\.log.*, /var/log/vgetty\.log\..*
+
+.EX
+.PP
-+.B httpd_zoneminder_rw_content_t
++.B getty_tmp_t
+.EE
+
-+- Set files with the httpd_zoneminder_rw_content_t type, if you want to treat the files as httpd zoneminder read/write content.
++- Set files with the getty_tmp_t type, if you want to store getty temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B httpd_zoneminder_script_exec_t
++.B getty_var_run_t
+.EE
+
-+- Set files with the httpd_zoneminder_script_exec_t type, if you want to transition an executable to the httpd_zoneminder_script_t domain.
++- Set files with the getty_var_run_t type, if you want to store the getty files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/spool/voice(/.*)?, /var/spool/fax(/.*)?, /var/run/mgetty\.pid.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -21872,60 +26545,88 @@ index 16e8b13..0f70c71 100644
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for httpd:
-+
-+.EX
-+.TP 5
-+.B http_cache_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 8080,8118,10001-10010
-+.EE
-+udp 3130
-+.EE
-+
-+.EX
-+.TP 5
-+.B http_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 80,443,488,8008,8009,8443
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
++SELinux getty policy is very flexible allowing users to setup their getty processes in as secure a method as possible.
+.PP
-+The following process types are defined for httpd:
++The following process types are defined for getty:
+
+.EX
-+.B httpd_collectd_script_t, httpd_cvs_script_t, httpd_rotatelogs_t, httpd_bugzilla_script_t, httpd_smokeping_cgi_script_t, httpd_nagios_script_t, httpd_dirsrvadmin_script_t, httpd_suexec_t, httpd_mojomojo_script_t, httpd_php_t, httpd_w3c_validator_script_t, httpd_user_script_t, httpd_awstats_script_t, httpd_libra_script_t, httpd_apcupsd_cgi_script_t, httpd_nutups_cgi_script_t, httpd_munin_script_t, httpd_zoneminder_script_t, httpd_sys_script_t, httpd_dspam_script_t, httpd_prewikka_script_t, httpd_git_script_t, httpd_t, httpd_man2html_script_t, httpd_passwd_t, httpd_helper_t, httpd_squid_script_t, httpd_cobbler_script_t, httpd_mediawiki_script_t
++.B getty_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type getty_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B getty_lock_t
++
++
++.br
++.B getty_log_t
++
++ /var/log/mgetty\.log.*
++.br
++ /var/log/vgetty\.log\..*
++.br
++
++.br
++.B getty_tmp_t
++
++
++.br
++.B getty_var_run_t
++
++ /var/spool/fax(/.*)?
++.br
++ /var/spool/voice(/.*)?
++.br
++ /var/run/mgetty\.pid.*
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B var_run_t
++
++ /run/.*
++.br
++ /var/run/.*
++.br
++ /run
++.br
++ /var/run
++.br
++ /var/run
++.br
++ /var/spool/postfix/pid
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -21936,75 +26637,73 @@ index 16e8b13..0f70c71 100644
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), httpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/hwclock_selinux.8 b/man/man8/hwclock_selinux.8
++selinux(8), getty(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gfs_controld_selinux.8 b/man/man8/gfs_controld_selinux.8
new file mode 100644
-index 0000000..5e360b5
+index 0000000..df0cbc4
--- /dev/null
-+++ b/man/man8/hwclock_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "hwclock_selinux" "8" "hwclock" "dwalsh at redhat.com" "hwclock SELinux Policy documentation"
++++ b/man/man8/gfs_controld_selinux.8
+@@ -0,0 +1,133 @@
++.TH "gfs_controld_selinux" "8" "gfs_controld" "dwalsh at redhat.com" "gfs_controld SELinux Policy documentation"
+.SH "NAME"
-+hwclock_selinux \- Security Enhanced Linux Policy for the hwclock processes
++gfs_controld_selinux \- Security Enhanced Linux Policy for the gfs_controld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hwclock processes via flexible mandatory access
++Security-Enhanced Linux secures the gfs_controld processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the hwclock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gfs_controld policy is very flexible allowing users to setup their gfs_controld processes in as secure a method as possible.
++.PP
++The following file types are defined for gfs_controld:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B gfs_controld_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the hwclock_t, you must turn on the kerberos_enabled boolean.
++- Set files with the gfs_controld_exec_t type, if you want to transition an executable to the gfs_controld_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B gfs_controld_tmpfs_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++- Set files with the gfs_controld_tmpfs_t type, if you want to store gfs controld files on a tmpfs file system.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux hwclock policy is very flexible allowing users to setup their hwclock processes in as secure a method as possible.
-+.PP
-+The following file types are defined for hwclock:
++.B gfs_controld_var_log_t
++.EE
++
++- Set files with the gfs_controld_var_log_t type, if you want to treat the data as gfs controld var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B hwclock_exec_t
++.B gfs_controld_var_run_t
+.EE
+
-+- Set files with the hwclock_exec_t type, if you want to transition an executable to the hwclock_t domain.
++- Set files with the gfs_controld_var_run_t type, if you want to store the gfs controld files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/hwclock, /sbin/hwclock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22019,18 +26718,54 @@ index 0000000..5e360b5
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux hwclock policy is very flexible allowing users to setup their hwclock processes in as secure a method as possible.
++SELinux gfs_controld policy is very flexible allowing users to setup their gfs_controld processes in as secure a method as possible.
+.PP
-+The following process types are defined for hwclock:
++The following process types are defined for gfs_controld:
+
+.EX
-+.B hwclock_t
++.B gfs_controld_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gfs_controld_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_var_lib_t
++
++ /var/lib/cluster(/.*)?
++.br
++
++.br
++.B gfs_controld_tmpfs_t
++
++
++.br
++.B gfs_controld_var_log_t
++
++ /var/log/cluster/gfs_controld\.log.*
++.br
++
++.br
++.B gfs_controld_var_run_t
++
++ /var/run/gfs_controld\.pid
++.br
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -22046,85 +26781,237 @@ index 0000000..5e360b5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/iceauth_selinux.8 b/man/man8/iceauth_selinux.8
-new file mode 100644
-index 0000000..cdb61ed
---- /dev/null
-+++ b/man/man8/iceauth_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "iceauth_selinux" "8" "iceauth" "dwalsh at redhat.com" "iceauth SELinux Policy documentation"
++selinux(8), gfs_controld(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/git_selinux.8 b/man/man8/git_selinux.8
+deleted file mode 100644
+index e9c43b1..0000000
+--- a/man/man8/git_selinux.8
++++ /dev/null
+@@ -1,109 +0,0 @@
+-.TH "git_selinux" "8" "27 May 2010" "domg472 at gmail.com" "Git SELinux policy documentation"
+-.de EX
+-.nf
+-.ft CW
+-..
+-.de EE
+-.ft R
+-.fi
+-..
+-.SH "NAME"
+-git_selinux \- Security Enhanced Linux Policy for the Git daemon.
+-.SH "DESCRIPTION"
+-Security-Enhanced Linux secures the Git server via flexible mandatory access
+-control.
+-.SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type.
+-Policy governs the access daemons have to these files.
+-SELinux Git policy is very flexible allowing users to setup their web services in as secure a method as possible.
+-.PP
+-The following file contexts types are by default defined for Git:
+-.EX
+-git_system_content_t
+-.EE
+-- Set files with git_system_content_t if you want the Git system daemon to read the file, and if you want the file to be modifiable and executable by all "Git shell" users.
+-.EX
+-git_session_content_t
+-.EE
+-- Set files with git_session_content_t if you want the Git session and system daemon to read the file, and if you want the file to be modifiable and executable by all users. Note that "Git shell" users may not interact with this type.
+-.SH BOOLEANS
+-SELinux policy is customizable based on least access required. Git policy is extremely flexible and has several booleans that allow you to manipulate the policy and run Git with the tightest access possible.
+-.PP
+-Allow the Git system daemon to search user home directories so that it can find git session content. This is useful if you want the Git system daemon to host users personal repositories.
+-.EX
+-sudo setsebool -P git_system_enable_homedirs 1
+-.EE
+-.PP
+-Allow the Git system daemon to read system shared repositories on NFS shares.
+-.EX
+-sudo setsebool -P git_system_use_nfs 1
+-.EE
+-.PP
+-Allow the Git system daemon to read system shared repositories on Samba shares.
+-.EX
+-sudo setsebool -P git_system_use_cifs 1
+-.EE
+-.PP
+-Allow the Git session daemon to read users personal repositories on NFS mounted home directories.
+-.EX
+-sudo setsebool -P use_nfs_home_dirs 1
+-.EE
+-.PP
+-Allow the Git session daemon to read users personal repositories on Samba mounted home directories.
+-.EX
+-sudo setsebool -P use_samba_home_dirs 1
+-.EE
+-.PP
+-To also allow Git system daemon to read users personal repositories on NFS and Samba mounted home directories you must also allow the Git system daemon to search home directories so that it can find the repositories.
+-.EX
+-sudo setsebool -P git_system_enable_homedirs 1
+-.EE
+-.PP
+-To allow the Git System daemon mass hosting of users personal repositories you can allow the Git daemon to listen to any unreserved ports.
+-.EX
+-sudo setsebool -P git_session_bind_all_unreserved_ports 1
+-.EE
+-.SH GIT_SHELL
+-The Git policy by default provides a restricted user environment to be used with "Git shell". This default git_shell_u SELinux user can modify and execute generic Git system content (generic system shared respositories with type git_system_content_t).
+-.PP
+-To add a new Linux user and map him to this Git shell user domain automatically:
+-.EX
+-sudo useradd -Z git_shell_u joe
+-.EE
+-.SH ADVANCED_SYSTEM_SHARED_REPOSITORY_AND GIT_SHELL_RESTRICTIONS
+-Alternatively Git SELinux policy can be used to restrict "Git shell" users to git system shared repositories. The policy allows for the creation of new types of Git system content and Git shell user environment. The policy allows for delegation of types of "Git shell" environments to types of Git system content.
+-.PP
+-To add a new Git system repository type, for example "project1" create a file named project1.te and add to it:
+-.EX
+-policy_module(project1, 1.0.0)
+-git_content_template(project1)
+-.EE
+-Next create a file named project1.fc and add a file context specification for the new repository type to it:
+-.EX
+-/srv/git/project1\.git(/.*)? gen_context(system_u:object_r:git_project1_content_t,s0)
+-.EE
+-Build a binary representation of this source policy module, load it into the policy store and restore the context of the repository:
+-.EX
+-make -f /usr/share/selinux/devel/Makefile project.pp
+-sudo semodule -i project1.pp
+-sudo restorecon -R -v /srv/git/project1
+-.EE
+-To create a "Git shell" domain that can interact with this repository create a file named project1user.te in the same directory as where the source policy for the Git systemm content type is and add the following:
+-.EX
+-policy_module(project1user, 1.0.0)
+-git_role_template(project1user)
+-git_content_delegation(project1user_t, git_project1_content_t)
+-gen_user(project1user_u, user, project1user_r, s0, s0)
+-.EE
+-Build a binary representation of this source policy module, load it into the policy store and map Linux users to the new project1user_u SELinux user:
+-.EX
+-make -f /usr/share/selinux/devel/Makefile project1user.pp
+-sudo semodule -i project1user.pp
+-sudo useradd -Z project1user_u jane
+-.EE
+-.PP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dominick Grift <domg472 at gmail.com>.
+-.SH "SEE ALSO"
+-selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
+diff --git a/man/man8/git_shell_selinux.8 b/man/man8/git_shell_selinux.8
+new file mode 100644
+index 0000000..91536bf
+--- /dev/null
++++ b/man/man8/git_shell_selinux.8
+@@ -0,0 +1,126 @@
++.TH "git_shell_selinux" "8" "git_shell" "mgrepl at redhat.com" "git_shell SELinux Policy documentation"
+.SH "NAME"
-+iceauth_selinux \- Security Enhanced Linux Policy for the iceauth processes
-+.SH "DESCRIPTION"
++git_shell_u \- \fBgit_shell user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the iceauth processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH NSSWITCH DOMAIN
++\fBgit_shell_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBgit_shell_r\fP. The
++default role has a default type, \fBgit_shell_t\fP, associated with it.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux iceauth policy is very flexible allowing users to setup their iceauth processes in as secure a method as possible.
-+.PP
-+The following file types are defined for iceauth:
++The SELinux user will usually login to a system with a context that looks like:
+
++.B git_shell_u:git_shell_r:git_shell_t:s0-s0:c0.c1023
+
-+.EX
-+.PP
-+.B iceauth_exec_t
-+.EE
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
+
-+- Set files with the iceauth_exec_t type, if you want to transition an executable to the iceauth_t domain.
++SELinux policy uses the context to control the user's access.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/iceauth, /usr/X11R6/bin/iceauth
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
+
-+.EX
-+.PP
-+.B iceauth_home_t
-+.EE
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the git_shell_u user, you would execute:
++
++.B semanage login -m -s git_shell_u __default__
++
++
++.SH USER DESCRIPTION
++
++The SELinux user git_shell_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++.SH X WINDOWS LOGIN
++
++The SELinux user git_shell_u is not able to X Windows login.
++
++.SH NETWORK
++
++.TP
++The SELinux user git_shell_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.TP
++The SELinux user git_shell_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.SH HOME_EXEC
++
++The SELinux user git_shell_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when git_shell_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny git_shell_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow git_shell_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user git_shell_t can execute without transitioning:
++
++.B sesearch -A -s git_shell_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow git_shell_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user git_shell_t can execute and transition:
++
++.B $ sesearch -A -s git_shell_t -c process -p transition
+
-+- Set files with the iceauth_home_t type, if you want to store iceauth files in the users home directory.
++
++.SH "MANAGED FILES"
++
++The SELinux user type git_shell_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/root/\.DCOP.*, /root/\.ICEauthority.*
++.B alsa_home_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /home/[^/]*/\.asoundrc
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux iceauth policy is very flexible allowing users to setup their iceauth processes in as secure a method as possible.
-+.PP
-+The following process types are defined for iceauth:
++.br
++.B git_sys_content_t
+
-+.EX
-+.B iceauth_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /srv/git(/.*)?
++.br
++ /var/lib/git(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -22141,93 +27028,71 @@ index 0000000..cdb61ed
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/icecast_selinux.8 b/man/man8/icecast_selinux.8
++selinux(8), git_shell(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gitosis_selinux.8 b/man/man8/gitosis_selinux.8
new file mode 100644
-index 0000000..09452ee
+index 0000000..b57e8dd
--- /dev/null
-+++ b/man/man8/icecast_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "icecast_selinux" "8" "icecast" "dwalsh at redhat.com" "icecast SELinux Policy documentation"
++++ b/man/man8/gitosis_selinux.8
+@@ -0,0 +1,116 @@
++.TH "gitosis_selinux" "8" "gitosis" "dwalsh at redhat.com" "gitosis SELinux Policy documentation"
+.SH "NAME"
-+icecast_selinux \- Security Enhanced Linux Policy for the icecast processes
++gitosis_selinux \- Security Enhanced Linux Policy for the gitosis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the icecast processes via flexible mandatory access
++Security-Enhanced Linux secures the gitosis processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. icecast policy is extremely flexible and has several booleans that allow you to manipulate the policy and run icecast with the tightest access possible.
++SELinux policy is customizable based on least access required. gitosis policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gitosis with the tightest access possible.
+
+
+.PP
-+If you want to allow icecast to connect to all ports, not just sound ports, you must turn on the icecast_connect_any boolean.
++If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
+
+.EX
-+.B setsebool -P icecast_connect_any 1
++.B setsebool -P gitosis_can_sendmail 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the icecast_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the icecast_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux icecast policy is very flexible allowing users to setup their icecast processes in as secure a method as possible.
++SELinux gitosis policy is very flexible allowing users to setup their gitosis processes in as secure a method as possible.
+.PP
-+The following file types are defined for icecast:
-+
-+
-+.EX
-+.PP
-+.B icecast_exec_t
-+.EE
-+
-+- Set files with the icecast_exec_t type, if you want to transition an executable to the icecast_t domain.
-+
-+
-+.EX
-+.PP
-+.B icecast_initrc_exec_t
-+.EE
-+
-+- Set files with the icecast_initrc_exec_t type, if you want to transition an executable to the icecast_initrc_t domain.
++The following file types are defined for gitosis:
+
+
+.EX
+.PP
-+.B icecast_log_t
++.B gitosis_exec_t
+.EE
+
-+- Set files with the icecast_log_t type, if you want to treat the data as icecast log data, usually stored under the /var/log directory.
++- Set files with the gitosis_exec_t type, if you want to transition an executable to the gitosis_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/gitosis-serve, /usr/bin/gl-auth-command
+
+.EX
+.PP
-+.B icecast_var_run_t
++.B gitosis_var_lib_t
+.EE
+
-+- Set files with the icecast_var_run_t type, if you want to store the icecast files under the /run directory.
++- Set files with the gitosis_var_lib_t type, if you want to store the gitosis files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/gitosis(/.*)?, /var/lib/gitolite(3)?(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22242,18 +27107,30 @@ index 0000000..09452ee
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux icecast policy is very flexible allowing users to setup their icecast processes in as secure a method as possible.
++SELinux gitosis policy is very flexible allowing users to setup their gitosis processes in as secure a method as possible.
+.PP
-+The following process types are defined for icecast:
++The following process types are defined for gitosis:
+
+.EX
-+.B icecast_t
++.B gitosis_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gitosis_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gitosis_var_lib_t
++
++ /var/lib/gitosis(/.*)?
++.br
++ /var/lib/gitolite(3)?(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -22272,64 +27149,54 @@ index 0000000..09452ee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), icecast(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gitosis(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/ifconfig_selinux.8 b/man/man8/ifconfig_selinux.8
+diff --git a/man/man8/glance_api_selinux.8 b/man/man8/glance_api_selinux.8
new file mode 100644
-index 0000000..3cb3078
+index 0000000..f6bae20
--- /dev/null
-+++ b/man/man8/ifconfig_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "ifconfig_selinux" "8" "ifconfig" "dwalsh at redhat.com" "ifconfig SELinux Policy documentation"
++++ b/man/man8/glance_api_selinux.8
+@@ -0,0 +1,107 @@
++.TH "glance_api_selinux" "8" "glance_api" "dwalsh at redhat.com" "glance_api SELinux Policy documentation"
+.SH "NAME"
-+ifconfig_selinux \- Security Enhanced Linux Policy for the ifconfig processes
++glance_api_selinux \- Security Enhanced Linux Policy for the glance_api processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ifconfig processes via flexible mandatory access
++Security-Enhanced Linux secures the glance_api processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ifconfig_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the ifconfig_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ifconfig policy is very flexible allowing users to setup their ifconfig processes in as secure a method as possible.
++SELinux glance_api policy is very flexible allowing users to setup their glance_api processes in as secure a method as possible.
+.PP
-+The following file types are defined for ifconfig:
++The following file types are defined for glance_api:
+
+
+.EX
+.PP
-+.B ifconfig_exec_t
++.B glance_api_exec_t
+.EE
+
-+- Set files with the ifconfig_exec_t type, if you want to transition an executable to the ifconfig_t domain.
++- Set files with the glance_api_exec_t type, if you want to transition an executable to the glance_api_t domain.
++
++
++.EX
++.PP
++.B glance_api_initrc_exec_t
++.EE
++
++- Set files with the glance_api_initrc_exec_t type, if you want to transition an executable to the glance_api_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /usr/sbin/ifconfig, /sbin/ipx_interface, /bin/ip, /usr/bin/ip, /usr/sbin/tc, /sbin/iwconfig, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ip, /sbin/ipx_internal_net
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22344,18 +27211,44 @@ index 0000000..3cb3078
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ifconfig policy is very flexible allowing users to setup their ifconfig processes in as secure a method as possible.
++SELinux glance_api policy is very flexible allowing users to setup their glance_api processes in as secure a method as possible.
+.PP
-+The following process types are defined for ifconfig:
++The following process types are defined for glance_api:
+
+.EX
-+.B ifconfig_t
++.B glance_api_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type glance_api_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B glance_log_t
++
++ /var/log/glance(/.*)?
++.br
++
++.br
++.B glance_tmp_t
++
++
++.br
++.B glance_var_lib_t
++
++ /var/lib/glance(/.*)?
++.br
++
++.br
++.B glance_var_run_t
++
++ /var/run/glance(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -22371,113 +27264,59 @@ index 0000000..3cb3078
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/inetd_selinux.8 b/man/man8/inetd_selinux.8
++selinux(8), glance_api(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/glance_registry_selinux.8 b/man/man8/glance_registry_selinux.8
new file mode 100644
-index 0000000..dc4c84e
+index 0000000..d3691be
--- /dev/null
-+++ b/man/man8/inetd_selinux.8
-@@ -0,0 +1,171 @@
-+.TH "inetd_selinux" "8" "inetd" "dwalsh at redhat.com" "inetd SELinux Policy documentation"
++++ b/man/man8/glance_registry_selinux.8
+@@ -0,0 +1,143 @@
++.TH "glance_registry_selinux" "8" "glance_registry" "dwalsh at redhat.com" "glance_registry SELinux Policy documentation"
+.SH "NAME"
-+inetd_selinux \- Security Enhanced Linux Policy for the inetd processes
++glance_registry_selinux \- Security Enhanced Linux Policy for the glance_registry processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the inetd processes via flexible mandatory access
++Security-Enhanced Linux secures the glance_registry processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the inetd_t, inetd_child_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the inetd_t, inetd_child_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
++SELinux glance_registry policy is very flexible allowing users to setup their glance_registry processes in as secure a method as possible.
+.PP
-+The following file types are defined for inetd:
-+
-+
-+.EX
-+.PP
-+.B inetd_child_exec_t
-+.EE
-+
-+- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
-+
-+.EX
-+.PP
-+.B inetd_child_tmp_t
-+.EE
-+
-+- Set files with the inetd_child_tmp_t type, if you want to store inetd child temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B inetd_child_var_run_t
-+.EE
-+
-+- Set files with the inetd_child_var_run_t type, if you want to store the inetd child files under the /run directory.
-+
-+
-+.EX
-+.PP
-+.B inetd_exec_t
-+.EE
-+
-+- Set files with the inetd_exec_t type, if you want to transition an executable to the inetd_t domain.
++The following file types are defined for glance_registry:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/inetd, /usr/sbin/xinetd, /usr/sbin/rlinetd
+
+.EX
+.PP
-+.B inetd_log_t
++.B glance_registry_exec_t
+.EE
+
-+- Set files with the inetd_log_t type, if you want to treat the data as inetd log data, usually stored under the /var/log directory.
++- Set files with the glance_registry_exec_t type, if you want to transition an executable to the glance_registry_t domain.
+
+
+.EX
+.PP
-+.B inetd_tmp_t
++.B glance_registry_initrc_exec_t
+.EE
+
-+- Set files with the inetd_tmp_t type, if you want to store inetd temporary files in the /tmp directories.
++- Set files with the glance_registry_initrc_exec_t type, if you want to transition an executable to the glance_registry_initrc_t domain.
+
+
+.EX
+.PP
-+.B inetd_var_run_t
++.B glance_registry_tmp_t
+.EE
+
-+- Set files with the inetd_var_run_t type, if you want to store the inetd files under the /run directory.
++- Set files with the glance_registry_tmp_t type, if you want to store glance registry temporary files in the /tmp directories.
+
+
+.PP
@@ -22496,21 +27335,21 @@ index 0000000..dc4c84e
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
++SELinux glance_registry policy is very flexible allowing users to setup their glance_registry processes in as secure a method as possible.
+.PP
-+The following port types are defined for inetd:
++The following port types are defined for glance_registry:
+
+.EX
+.TP 5
-+.B inetd_child_port_t
++.B glance_registry_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 1,9,13,19,512,543,544,891,892,2105,5666
++tcp 9191
+.EE
-+udp 1,9,13,19,891,892
++udp 9191
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -22518,18 +27357,44 @@ index 0000000..dc4c84e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
++SELinux glance_registry policy is very flexible allowing users to setup their glance_registry processes in as secure a method as possible.
+.PP
-+The following process types are defined for inetd:
++The following process types are defined for glance_registry:
+
+.EX
-+.B inetd_t, inetd_child_t
++.B glance_registry_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type glance_registry_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B glance_log_t
++
++ /var/log/glance(/.*)?
++.br
++
++.br
++.B glance_registry_tmp_t
++
++
++.br
++.B glance_var_lib_t
++
++ /var/lib/glance(/.*)?
++.br
++
++.br
++.B glance_var_run_t
++
++ /var/run/glance(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -22548,56 +27413,38 @@ index 0000000..dc4c84e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/init_selinux.8 b/man/man8/init_selinux.8
++selinux(8), glance_registry(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/glusterd_selinux.8 b/man/man8/glusterd_selinux.8
new file mode 100644
-index 0000000..5e3e05e
+index 0000000..5736fca
--- /dev/null
-+++ b/man/man8/init_selinux.8
-@@ -0,0 +1,177 @@
-+.TH "init_selinux" "8" "init" "dwalsh at redhat.com" "init SELinux Policy documentation"
++++ b/man/man8/glusterd_selinux.8
+@@ -0,0 +1,185 @@
++.TH "glusterd_selinux" "8" "glusterd" "dwalsh at redhat.com" "glusterd SELinux Policy documentation"
+.SH "NAME"
-+init_selinux \- Security Enhanced Linux Policy for the init processes
++glusterd_selinux \- Security Enhanced Linux Policy for the glusterd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the init processes via flexible mandatory access
++Security-Enhanced Linux secures the glusterd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. init policy is extremely flexible and has several booleans that allow you to manipulate the policy and run init with the tightest access possible.
-+
-+
-+.PP
-+If you want to enable support for upstart as the init program, you must turn on the init_upstart boolean.
-+
-+.EX
-+.B setsebool -P init_upstart 1
-+.EE
-+
-+.PP
-+If you want to enable support for systemd as the init program, you must turn on the init_systemd boolean.
-+
-+.EX
-+.B setsebool -P init_systemd 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the init_t, initrc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the glusterd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the init_t, initrc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the glusterd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -22606,86 +27453,82 @@ index 0000000..5e3e05e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux init policy is very flexible allowing users to setup their init processes in as secure a method as possible.
++SELinux glusterd policy is very flexible allowing users to setup their glusterd processes in as secure a method as possible.
+.PP
-+The following file types are defined for init:
++The following file types are defined for glusterd:
+
+
+.EX
+.PP
-+.B init_exec_t
++.B glusterd_etc_t
+.EE
+
-+- Set files with the init_exec_t type, if you want to transition an executable to the init_t domain.
++- Set files with the glusterd_etc_t type, if you want to store glusterd files in the /etc directories.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/init(ng)?, /sbin/init(ng)?, /bin/systemd, /usr/lib/systemd/system-generators/[^/]*, /usr/bin/systemd, /sbin/upstart, /usr/sbin/upstart, /usr/lib/systemd/[^/]*
-+
-+.EX
-+.PP
-+.B init_var_run_t
-+.EE
-+
-+- Set files with the init_var_run_t type, if you want to store the init files under the /run directory.
-+
++/etc/glusterfs(/.*)?, /etc/glusterd(/.*)?
+
+.EX
+.PP
-+.B initctl_t
++.B glusterd_exec_t
+.EE
+
-+- Set files with the initctl_t type, if you want to treat the files as initctl data.
++- Set files with the glusterd_exec_t type, if you want to transition an executable to the glusterd_t domain.
+
++.br
++.TP 5
++Paths:
++/opt/glusterfs/[^/]+/sbin/glusterfsd, /usr/sbin/glusterfsd
+
+.EX
+.PP
-+.B initrc_devpts_t
++.B glusterd_initrc_exec_t
+.EE
+
-+- Set files with the initrc_devpts_t type, if you want to treat the files as initrc devpts data.
++- Set files with the glusterd_initrc_exec_t type, if you want to transition an executable to the glusterd_initrc_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/glusterd, /etc/rc\.d/init\.d/glusterd
+
+.EX
+.PP
-+.B initrc_exec_t
++.B glusterd_log_t
+.EE
+
-+- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
++- Set files with the glusterd_log_t type, if you want to treat the data as glusterd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
+
+.EX
+.PP
-+.B initrc_state_t
++.B glusterd_tmp_t
+.EE
+
-+- Set files with the initrc_state_t type, if you want to treat the files as initrc state data.
++- Set files with the glusterd_tmp_t type, if you want to store glusterd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B initrc_tmp_t
++.B glusterd_var_lib_t
+.EE
+
-+- Set files with the initrc_tmp_t type, if you want to store initrc temporary files in the /tmp directories.
++- Set files with the glusterd_var_lib_t type, if you want to store the glusterd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B initrc_var_run_t
++.B glusterd_var_run_t
+.EE
+
-+- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
++- Set files with the glusterd_var_run_t type, if you want to store the glusterd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
++/var/run/glusterd\.pid, /var/run/glusterd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22700,70 +27543,99 @@ index 0000000..5e3e05e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux init policy is very flexible allowing users to setup their init processes in as secure a method as possible.
++SELinux glusterd policy is very flexible allowing users to setup their glusterd processes in as secure a method as possible.
+.PP
-+The following process types are defined for init:
++The following process types are defined for glusterd:
+
+.EX
-+.B initrc_t, init_t
++.B glusterd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.SH "MANAGED FILES"
++
++The SELinux user type glusterd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B glusterd_etc_t
++
++ /etc/glusterd(/.*)?
++.br
++ /etc/glusterfs(/.*)?
++.br
++
++.br
++.B glusterd_log_t
++
++ /var/log/glusterfs(/.*)?
++.br
++
++.br
++.B glusterd_tmp_t
++
++
++.br
++.B glusterd_var_lib_t
++
++
++.br
++.B glusterd_var_run_t
++
++ /var/run/glusterd(/.*)?
++.br
++ /var/run/glusterd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), init(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/initrc_selinux.8 b/man/man8/initrc_selinux.8
++selinux(8), glusterd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gnomeclock_selinux.8 b/man/man8/gnomeclock_selinux.8
new file mode 100644
-index 0000000..a384c3a
+index 0000000..2de4518
--- /dev/null
-+++ b/man/man8/initrc_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "initrc_selinux" "8" "initrc" "dwalsh at redhat.com" "initrc SELinux Policy documentation"
++++ b/man/man8/gnomeclock_selinux.8
+@@ -0,0 +1,135 @@
++.TH "gnomeclock_selinux" "8" "gnomeclock" "dwalsh at redhat.com" "gnomeclock SELinux Policy documentation"
+.SH "NAME"
-+initrc_selinux \- Security Enhanced Linux Policy for the initrc processes
++gnomeclock_selinux \- Security Enhanced Linux Policy for the gnomeclock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the initrc processes via flexible mandatory access
++Security-Enhanced Linux secures the gnomeclock processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the initrc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gnomeclock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the initrc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the gnomeclock_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -22772,58 +27644,22 @@ index 0000000..a384c3a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux initrc policy is very flexible allowing users to setup their initrc processes in as secure a method as possible.
++SELinux gnomeclock policy is very flexible allowing users to setup their gnomeclock processes in as secure a method as possible.
+.PP
-+The following file types are defined for initrc:
-+
-+
-+.EX
-+.PP
-+.B initrc_devpts_t
-+.EE
-+
-+- Set files with the initrc_devpts_t type, if you want to treat the files as initrc devpts data.
-+
-+
-+.EX
-+.PP
-+.B initrc_exec_t
-+.EE
-+
-+- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
-+
-+.EX
-+.PP
-+.B initrc_state_t
-+.EE
-+
-+- Set files with the initrc_state_t type, if you want to treat the files as initrc state data.
-+
-+
-+.EX
-+.PP
-+.B initrc_tmp_t
-+.EE
-+
-+- Set files with the initrc_tmp_t type, if you want to store initrc temporary files in the /tmp directories.
++The following file types are defined for gnomeclock:
+
+
+.EX
+.PP
-+.B initrc_var_run_t
++.B gnomeclock_exec_t
+.EE
+
-+- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
++- Set files with the gnomeclock_exec_t type, if you want to transition an executable to the gnomeclock_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
++/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22838,18 +27674,62 @@ index 0000000..a384c3a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux initrc policy is very flexible allowing users to setup their initrc processes in as secure a method as possible.
++SELinux gnomeclock policy is very flexible allowing users to setup their gnomeclock processes in as secure a method as possible.
+.PP
-+The following process types are defined for initrc:
++The following process types are defined for gnomeclock:
+
+.EX
-+.B initrc_t
++.B gnomeclock_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gnomeclock_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B config_usr_t
++
++ /usr/share/config(/.*)?
++.br
++
++.br
++.B locale_t
++
++ /etc/locale.conf
++.br
++ /usr/lib/locale(/.*)?
++.br
++ /usr/share/locale(/.*)?
++.br
++ /usr/share/zoneinfo(/.*)?
++.br
++ /usr/share/X11/locale(/.*)?
++.br
++ /etc/timezone
++.br
++ /etc/localtime
++.br
++ /etc/sysconfig/clock
++.br
++ /etc/avahi/etc/localtime
++.br
++ /var/empty/sshd/etc/localtime
++.br
++ /var/spool/postfix/etc/localtime
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -22865,22 +27745,22 @@ index 0000000..a384c3a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/innd_selinux.8 b/man/man8/innd_selinux.8
++selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gnomesystemmm_selinux.8 b/man/man8/gnomesystemmm_selinux.8
new file mode 100644
-index 0000000..b1b7c6c
+index 0000000..ed23212
--- /dev/null
-+++ b/man/man8/innd_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "innd_selinux" "8" "innd" "dwalsh at redhat.com" "innd SELinux Policy documentation"
++++ b/man/man8/gnomesystemmm_selinux.8
+@@ -0,0 +1,87 @@
++.TH "gnomesystemmm_selinux" "8" "gnomesystemmm" "dwalsh at redhat.com" "gnomesystemmm SELinux Policy documentation"
+.SH "NAME"
-+innd_selinux \- Security Enhanced Linux Policy for the innd processes
++gnomesystemmm_selinux \- Security Enhanced Linux Policy for the gnomesystemmm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the innd processes via flexible mandatory access
++Security-Enhanced Linux secures the gnomesystemmm processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -22891,66 +27771,130 @@ index 0000000..b1b7c6c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
++SELinux gnomesystemmm policy is very flexible allowing users to setup their gnomesystemmm processes in as secure a method as possible.
+.PP
-+The following file types are defined for innd:
++The following file types are defined for gnomesystemmm:
+
+
+.EX
+.PP
-+.B innd_etc_t
++.B gnomesystemmm_exec_t
+.EE
+
-+- Set files with the innd_etc_t type, if you want to store innd files in the /etc directories.
++- Set files with the gnomesystemmm_exec_t type, if you want to transition an executable to the gnomesystemmm_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/libexec/kde(3|4)/ksysguardprocesslist_helper, /usr/libexec/gnome-system-monitor-mechanism
+
-+.EX
+.PP
-+.B innd_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux gnomesystemmm policy is very flexible allowing users to setup their gnomesystemmm processes in as secure a method as possible.
++.PP
++The following process types are defined for gnomesystemmm:
++
++.EX
++.B gnomesystemmm_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the innd_exec_t type, if you want to transition an executable to the innd_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type gnomesystemmm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/bin/suck, /usr/lib/news/bin/filechan, /usr/lib/news/bin/nntpget, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/convdate, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/shlock, /usr/lib/news/bin/archive, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/actsync, /usr/lib/news/bin/innxbatch, /usr/bin/inews, /usr/lib/news/bin/batcher, /usr/sbin/innd.*, /usr/lib/news/bin/expire, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/ctlinnd, /usr/bin/rpost, /usr/lib/news/bin/buffchan, /usr/lib/news/bin/ovdb_recover, /etc/news/boot, /usr/lib/news/bin/startinnfeed, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/innd, /usr/lib/news/bin/makedbz, /usr/bin/rnews, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/getlist, /usr/lib/news/bin/sm, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/rnews, /usr/lib/news/bin/newsrequeue, /usr/lib/news/bin/overchan, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/prunehistory, /usr/lib/news/bin/inews, /usr/lib/ne
ws/bin/shrinkfile, /usr/lib/news/bin/expireover, /usr/lib/news/bin/inndf
++.B config_usr_t
+
-+.EX
++ /usr/share/config(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B innd_initrc_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the innd_initrc_exec_t type, if you want to transition an executable to the innd_initrc_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gpg_agent_selinux.8 b/man/man8/gpg_agent_selinux.8
+new file mode 100644
+index 0000000..199ce8e
+--- /dev/null
++++ b/man/man8/gpg_agent_selinux.8
+@@ -0,0 +1,114 @@
++.TH "gpg_agent_selinux" "8" "gpg_agent" "dwalsh at redhat.com" "gpg_agent SELinux Policy documentation"
++.SH "NAME"
++gpg_agent_selinux \- Security Enhanced Linux Policy for the gpg_agent processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the gpg_agent processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. gpg_agent policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gpg_agent with the tightest access possible.
+
+
-+.EX
+.PP
-+.B innd_log_t
++If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
++
++.EX
++.B setsebool -P gpg_agent_env_file 1
+.EE
+
-+- Set files with the innd_log_t type, if you want to treat the data as innd log data, usually stored under the /var/log directory.
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gpg_agent policy is very flexible allowing users to setup their gpg_agent processes in as secure a method as possible.
++.PP
++The following file types are defined for gpg_agent:
+
+
+.EX
+.PP
-+.B innd_var_lib_t
++.B gpg_agent_exec_t
+.EE
+
-+- Set files with the innd_var_lib_t type, if you want to store the innd files under the /var/lib directory.
++- Set files with the gpg_agent_exec_t type, if you want to transition an executable to the gpg_agent_t domain.
+
+
+.EX
+.PP
-+.B innd_var_run_t
++.B gpg_agent_tmp_t
+.EE
+
-+- Set files with the innd_var_run_t type, if you want to store the innd files under the /run directory.
++- Set files with the gpg_agent_tmp_t type, if you want to store gpg agent temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/innd(/.*)?, /var/run/news(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22959,47 +27903,42 @@ index 0000000..b1b7c6c
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for innd:
-+
-+.EX
-+.TP 5
-+.B innd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 119
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
++SELinux gpg_agent policy is very flexible allowing users to setup their gpg_agent processes in as secure a method as possible.
+.PP
-+The following process types are defined for innd:
++The following process types are defined for gpg_agent:
+
+.EX
-+.B innd_t
++.B gpg_agent_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gpg_agent_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gpg_agent_tmp_t
++
++ /home/[^/]*/\.gnupg/log-socket
++.br
++
++.br
++.B gpg_secret_t
++
++ /root/\.gnupg(/.+)?
++.br
++ /home/[^/]*/\.gnupg(/.+)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23010,64 +27949,48 @@ index 0000000..b1b7c6c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), innd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/insmod_selinux.8 b/man/man8/insmod_selinux.8
++selinux(8), gpg_agent(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), gpg_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/gpg_helper_selinux.8 b/man/man8/gpg_helper_selinux.8
new file mode 100644
-index 0000000..2ccbe62
+index 0000000..9491991
--- /dev/null
-+++ b/man/man8/insmod_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "insmod_selinux" "8" "insmod" "dwalsh at redhat.com" "insmod SELinux Policy documentation"
++++ b/man/man8/gpg_helper_selinux.8
+@@ -0,0 +1,92 @@
++.TH "gpg_helper_selinux" "8" "gpg_helper" "dwalsh at redhat.com" "gpg_helper SELinux Policy documentation"
+.SH "NAME"
-+insmod_selinux \- Security Enhanced Linux Policy for the insmod processes
++gpg_helper_selinux \- Security Enhanced Linux Policy for the gpg_helper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the insmod processes via flexible mandatory access
++Security-Enhanced Linux secures the gpg_helper processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. insmod policy is extremely flexible and has several booleans that allow you to manipulate the policy and run insmod with the tightest access possible.
-+
-+
-+.PP
-+If you want to disable kernel module loading, you must turn on the secure_mode_insmod boolean.
-+
-+.EX
-+.B setsebool -P secure_mode_insmod 1
-+.EE
-+
-+.PP
-+If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
-+
-+.EX
-+.B setsebool -P pppd_can_insmod 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the insmod_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gpg_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the insmod_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the gpg_helper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -23076,29 +27999,17 @@ index 0000000..2ccbe62
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux insmod policy is very flexible allowing users to setup their insmod processes in as secure a method as possible.
++SELinux gpg_helper policy is very flexible allowing users to setup their gpg_helper processes in as secure a method as possible.
+.PP
-+The following file types are defined for insmod:
-+
-+
-+.EX
-+.PP
-+.B insmod_exec_t
-+.EE
-+
-+- Set files with the insmod_exec_t type, if you want to transition an executable to the insmod_t domain.
++The following file types are defined for gpg_helper:
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/rmmod.*, /sbin/modprobe.*, /sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod, /usr/sbin/insmod.*, /usr/sbin/rmmod.*
+
+.EX
+.PP
-+.B insmod_tmpfs_t
++.B gpg_helper_exec_t
+.EE
+
-+- Set files with the insmod_tmpfs_t type, if you want to store insmod files on a tmpfs file system.
++- Set files with the gpg_helper_exec_t type, if you want to transition an executable to the gpg_helper_t domain.
+
+
+.PP
@@ -23114,18 +28025,22 @@ index 0000000..2ccbe62
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux insmod policy is very flexible allowing users to setup their insmod processes in as secure a method as possible.
++SELinux gpg_helper policy is very flexible allowing users to setup their gpg_helper processes in as secure a method as possible.
+.PP
-+The following process types are defined for insmod:
++The following process types are defined for gpg_helper:
+
+.EX
-+.B insmod_t
++.B gpg_helper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gpg_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23136,164 +28051,161 @@ index 0000000..2ccbe62
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), insmod(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), gpg_helper(8), semanage(8), restorecon(8), chcon(1)
++, gpg_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/ipsec_selinux.8 b/man/man8/ipsec_selinux.8
+diff --git a/man/man8/gpg_selinux.8 b/man/man8/gpg_selinux.8
new file mode 100644
-index 0000000..267a622
+index 0000000..3a25152
--- /dev/null
-+++ b/man/man8/ipsec_selinux.8
-@@ -0,0 +1,211 @@
-+.TH "ipsec_selinux" "8" "ipsec" "dwalsh at redhat.com" "ipsec SELinux Policy documentation"
++++ b/man/man8/gpg_selinux.8
+@@ -0,0 +1,257 @@
++.TH "gpg_selinux" "8" "gpg" "dwalsh at redhat.com" "gpg SELinux Policy documentation"
+.SH "NAME"
-+ipsec_selinux \- Security Enhanced Linux Policy for the ipsec processes
++gpg_selinux \- Security Enhanced Linux Policy for the gpg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ipsec processes via flexible mandatory access
++Security-Enhanced Linux secures the gpg processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. gpg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gpg with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ipsec_t, ipsec_mgmt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P gpg_agent_env_file 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ipsec_t, ipsec_mgmt_t, you must turn on the kerberos_enabled boolean.
++If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P httpd_use_gpg 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
-+.PP
-+The following file types are defined for ipsec:
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gpg_t, gpg_helper_t, gpg_pinentry_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B ipsec_conf_file_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the ipsec_conf_file_t type, if you want to treat the files as ipsec conf content.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/ipsec\.conf, /etc/racoon(/.*)?
++.PP
++If you want to allow confined applications to run with kerberos for the gpg_t, gpg_helper_t, gpg_pinentry_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B ipsec_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the ipsec_exec_t type, if you want to transition an executable to the ipsec_t domain.
-+
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow gpg servers to read the /var/gpg directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/gpg(/.*)?"
+.br
-+.TP 5
-+Paths:
-+/usr/local/lib/ipsec/eroute, /usr/lib/ipsec/pluto, /usr/local/lib/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/spi, /usr/lib/ipsec/eroute, /usr/local/lib/ipsec/klipsdebug, /usr/local/lib/ipsec/spi, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/klipsdebug
++.B restorecon -F -R -v /var/gpg
++.pp
++.TP
++Allow gpg servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_gpgd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/gpg/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/gpg/incoming
++
+
-+.EX
+.PP
-+.B ipsec_initrc_exec_t
++If you want to allow gpg web domain to modify public files used for public file transfer services., you must turn on the gpg_web_anon_write boolean.
++
++.EX
++.B setsebool -P gpg_web_anon_write 1
+.EE
+
-+- Set files with the ipsec_initrc_exec_t type, if you want to transition an executable to the ipsec_initrc_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gpg policy is very flexible allowing users to setup their gpg processes in as secure a method as possible.
++.PP
++The following file types are defined for gpg:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/ipsec
+
+.EX
+.PP
-+.B ipsec_key_file_t
++.B gpg_agent_exec_t
+.EE
+
-+- Set files with the ipsec_key_file_t type, if you want to treat the files as ipsec key content.
++- Set files with the gpg_agent_exec_t type, if you want to transition an executable to the gpg_agent_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ipsec\.secrets, /etc/racoon/certs(/.*)?, /etc/racoon/psk\.txt, /etc/ipsec\.d(/.*)?
+
+.EX
+.PP
-+.B ipsec_log_t
++.B gpg_agent_tmp_t
+.EE
+
-+- Set files with the ipsec_log_t type, if you want to treat the data as ipsec log data, usually stored under the /var/log directory.
++- Set files with the gpg_agent_tmp_t type, if you want to store gpg agent temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ipsec_mgmt_exec_t
++.B gpg_exec_t
+.EE
+
-+- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain.
++- Set files with the gpg_exec_t type, if you want to transition an executable to the gpg_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
++/usr/bin/gpgsm, /usr/bin/gpg(2)?, /usr/bin/kgpg, /usr/lib/gnupg/.*
+
+.EX
+.PP
-+.B ipsec_mgmt_lock_t
++.B gpg_helper_exec_t
+.EE
+
-+- Set files with the ipsec_mgmt_lock_t type, if you want to treat the files as ipsec mgmt lock data, stored under the /var/lock directory
++- Set files with the gpg_helper_exec_t type, if you want to transition an executable to the gpg_helper_t domain.
+
+
+.EX
+.PP
-+.B ipsec_mgmt_var_run_t
++.B gpg_pinentry_tmp_t
+.EE
+
-+- Set files with the ipsec_mgmt_var_run_t type, if you want to store the ipsec mgmt files under the /run directory.
++- Set files with the gpg_pinentry_tmp_t type, if you want to store gpg pinentry temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ipsec_tmp_t
++.B gpg_pinentry_tmpfs_t
+.EE
+
-+- Set files with the ipsec_tmp_t type, if you want to store ipsec temporary files in the /tmp directories.
++- Set files with the gpg_pinentry_tmpfs_t type, if you want to store gpg pinentry files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B ipsec_var_run_t
++.B gpg_secret_t
+.EE
+
-+- Set files with the ipsec_var_run_t type, if you want to store the ipsec files under the /run directory.
++- Set files with the gpg_secret_t type, if you want to treat the files as gpg se secret data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/racoon\.pid, /var/run/pluto(/.*)?, /var/racoon(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23302,111 +28214,133 @@ index 0000000..267a622
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ipsec:
-+
-+.EX
-+.TP 5
-+.B ipsecnat_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 4500
-+.EE
-+udp 4500
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
++SELinux gpg policy is very flexible allowing users to setup their gpg processes in as secure a method as possible.
+.PP
-+The following process types are defined for ipsec:
++The following process types are defined for gpg:
+
+.EX
-+.B ipsec_t, ipsec_mgmt_t
++.B gpg_t, gpg_pinentry_t, gpg_helper_t, gpg_web_t, gpg_agent_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++The SELinux user type gpg_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B etc_mail_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++ /etc/mail(/.*)?
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/iptables_selinux.8 b/man/man8/iptables_selinux.8
-new file mode 100644
-index 0000000..3707b64
---- /dev/null
-+++ b/man/man8/iptables_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "iptables_selinux" "8" "iptables" "dwalsh at redhat.com" "iptables SELinux Policy documentation"
-+.SH "NAME"
-+iptables_selinux \- Security Enhanced Linux Policy for the iptables processes
-+.SH "DESCRIPTION"
++.br
++.B gpg_agent_tmp_t
+
-+Security-Enhanced Linux secures the iptables processes via flexible mandatory access
-+control.
++ /home/[^/]*/\.gnupg/log-socket
++.br
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. iptables policy is extremely flexible and has several booleans that allow you to manipulate the policy and run iptables with the tightest access possible.
++.br
++.B gpg_secret_t
+
++ /root/\.gnupg(/.+)?
++.br
++ /home/[^/]*/\.gnupg(/.+)?
++.br
+
-+.PP
-+If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++.br
++.B mozilla_home_t
+
-+.EX
-+.B setsebool -P dhcpc_exec_iptables 1
-+.EE
++ /home/[^/]*/\.java(/.*)?
++.br
++ /home/[^/]*/\.adobe(/.*)?
++.br
++ /home/[^/]*/\.gnash(/.*)?
++.br
++ /home/[^/]*/\.galeon(/.*)?
++.br
++ /home/[^/]*/\.spicec(/.*)?
++.br
++ /home/[^/]*/\.mozilla(/.*)?
++.br
++ /home/[^/]*/\.phoenix(/.*)?
++.br
++ /home/[^/]*/\.netscape(/.*)?
++.br
++ /home/[^/]*/\.ICAClient(/.*)?
++.br
++ /home/[^/]*/\.macromedia(/.*)?
++.br
++ /home/[^/]*/\.thunderbird(/.*)?
++.br
++ /home/[^/]*/\.gcjwebplugin(/.*)?
++.br
++ /home/[^/]*/\.icedteaplugin(/.*)?
++.br
++ /home/[^/]*/zimbrauserdata(/.*)?
++.br
++ /home/[^/]*/\.config/chromium(/.*)?
++.br
+
-+.SH NSSWITCH DOMAIN
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the iptables_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
-+If you want to allow confined applications to run with kerberos for the iptables_t, you must turn on the kerberos_enabled boolean.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), gpg(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), gpg_agent_selinux(8), gpg_helper_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/gpm_selinux.8 b/man/man8/gpm_selinux.8
+new file mode 100644
+index 0000000..555205c
+--- /dev/null
++++ b/man/man8/gpm_selinux.8
+@@ -0,0 +1,121 @@
++.TH "gpm_selinux" "8" "gpm" "dwalsh at redhat.com" "gpm SELinux Policy documentation"
++.SH "NAME"
++gpm_selinux \- Security Enhanced Linux Policy for the gpm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the gpm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -23414,62 +28348,54 @@ index 0000000..3707b64
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux iptables policy is very flexible allowing users to setup their iptables processes in as secure a method as possible.
++SELinux gpm policy is very flexible allowing users to setup their gpm processes in as secure a method as possible.
+.PP
-+The following file types are defined for iptables:
++The following file types are defined for gpm:
+
+
+.EX
+.PP
-+.B iptables_exec_t
++.B gpm_conf_t
+.EE
+
-+- Set files with the iptables_exec_t type, if you want to transition an executable to the iptables_t domain.
++- Set files with the gpm_conf_t type, if you want to treat the files as gpm configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ipvsadm-restore, /usr/sbin/ipchains.*, /sbin/ebtables, /usr/sbin/ip6?tables, /usr/sbin/ip6?tables-restore, /sbin/ebtables-restore, /usr/sbin/xtables-multi, /sbin/ipchains.*, /sbin/ip6?tables, /usr/sbin/ebtables-restore, /usr/sbin/ebtables, /sbin/ipvsadm, /usr/sbin/ipvsadm-save, /sbin/xtables-multi, /sbin/ipvsadm-restore, /usr/sbin/ip6?tables-multi, /sbin/ip6?tables-multi, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /sbin/ip6?tables-restore
+
+.EX
+.PP
-+.B iptables_initrc_exec_t
++.B gpm_exec_t
+.EE
+
-+- Set files with the iptables_initrc_exec_t type, if you want to transition an executable to the iptables_initrc_t domain.
++- Set files with the gpm_exec_t type, if you want to transition an executable to the gpm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/ip6?tables
+
+.EX
+.PP
-+.B iptables_tmp_t
++.B gpm_tmp_t
+.EE
+
-+- Set files with the iptables_tmp_t type, if you want to store iptables temporary files in the /tmp directories.
++- Set files with the gpm_tmp_t type, if you want to store gpm temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B iptables_unit_file_t
++.B gpm_var_run_t
+.EE
+
-+- Set files with the iptables_unit_file_t type, if you want to treat the files as iptables unit content.
++- Set files with the gpm_var_run_t type, if you want to store the gpm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/proftpd.*, /usr/lib/systemd/system/ip6tables.*, /usr/lib/systemd/system/vsftpd.*, /usr/lib/systemd/system/slapd.*, /usr/lib/systemd/system/ppp.*, /usr/lib/systemd/system/iptables.*
+
+.EX
+.PP
-+.B iptables_var_run_t
++.B gpmctl_t
+.EE
+
-+- Set files with the iptables_var_run_t type, if you want to store the iptables files under the /run directory.
++- Set files with the gpmctl_t type, if you want to treat the files as gpmctl data.
+
++.br
++.TP 5
++Paths:
++/dev/gpmctl, /dev/gpmdata
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23484,18 +28410,30 @@ index 0000000..3707b64
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux iptables policy is very flexible allowing users to setup their iptables processes in as secure a method as possible.
++SELinux gpm policy is very flexible allowing users to setup their gpm processes in as secure a method as possible.
+.PP
-+The following process types are defined for iptables:
++The following process types are defined for gpm:
+
+.EX
-+.B iptables_t
++.B gpm_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gpm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gpm_tmp_t
++
++
++.br
++.B gpm_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23506,74 +28444,91 @@ index 0000000..3707b64
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), iptables(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/irc_selinux.8 b/man/man8/irc_selinux.8
++selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/gpsd_selinux.8 b/man/man8/gpsd_selinux.8
new file mode 100644
-index 0000000..c53c421
+index 0000000..793fb68
--- /dev/null
-+++ b/man/man8/irc_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "irc_selinux" "8" "irc" "dwalsh at redhat.com" "irc SELinux Policy documentation"
++++ b/man/man8/gpsd_selinux.8
+@@ -0,0 +1,165 @@
++.TH "gpsd_selinux" "8" "gpsd" "dwalsh at redhat.com" "gpsd SELinux Policy documentation"
+.SH "NAME"
-+irc_selinux \- Security Enhanced Linux Policy for the irc processes
++gpsd_selinux \- Security Enhanced Linux Policy for the gpsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irc processes via flexible mandatory access
++Security-Enhanced Linux secures the gpsd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gpsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the gpsd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
++SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
+.PP
-+The following file types are defined for irc:
++The following file types are defined for gpsd:
+
+
+.EX
+.PP
-+.B irc_exec_t
++.B gpsd_exec_t
+.EE
+
-+- Set files with the irc_exec_t type, if you want to transition an executable to the irc_t domain.
++- Set files with the gpsd_exec_t type, if you want to transition an executable to the gpsd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/tinyirc, /usr/bin/[st]irc, /usr/bin/ircII
+
+.EX
+.PP
-+.B irc_home_t
++.B gpsd_initrc_exec_t
+.EE
+
-+- Set files with the irc_home_t type, if you want to store irc files in the users home directory.
++- Set files with the gpsd_initrc_exec_t type, if you want to transition an executable to the gpsd_initrc_t domain.
+
+
+.EX
+.PP
-+.B irc_tmp_t
++.B gpsd_tmpfs_t
+.EE
+
-+- Set files with the irc_tmp_t type, if you want to store irc temporary files in the /tmp directories.
++- Set files with the gpsd_tmpfs_t type, if you want to store gpsd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B gpsd_var_run_t
++.EE
++
++- Set files with the gpsd_var_run_t type, if you want to store the gpsd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/gpsd\.sock, /var/run/gpsd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23591,19 +28546,19 @@ index 0000000..c53c421
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
++SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
+.PP
-+The following port types are defined for irc:
++The following port types are defined for gpsd:
+
+.EX
+.TP 5
-+.B ircd_port_t
++.B gpsd_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 6667
++tcp 2947
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -23611,18 +28566,42 @@ index 0000000..c53c421
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
++SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for irc:
++The following process types are defined for gpsd:
+
+.EX
-+.B irc_t
++.B gpsd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gpsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B chronyd_tmpfs_t
++
++
++.br
++.B gpsd_tmpfs_t
++
++
++.br
++.B gpsd_var_run_t
++
++ /var/run/gpsd\.pid
++.br
++ /var/run/gpsd\.sock
++.br
++
++.br
++.B ntpd_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23641,52 +28620,74 @@ index 0000000..c53c421
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), irc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/irqbalance_selinux.8 b/man/man8/irqbalance_selinux.8
++selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/greylist_milter_selinux.8 b/man/man8/greylist_milter_selinux.8
new file mode 100644
-index 0000000..f66b248
+index 0000000..5307f1e
--- /dev/null
-+++ b/man/man8/irqbalance_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "irqbalance_selinux" "8" "irqbalance" "dwalsh at redhat.com" "irqbalance SELinux Policy documentation"
++++ b/man/man8/greylist_milter_selinux.8
+@@ -0,0 +1,121 @@
++.TH "greylist_milter_selinux" "8" "greylist_milter" "dwalsh at redhat.com" "greylist_milter SELinux Policy documentation"
+.SH "NAME"
-+irqbalance_selinux \- Security Enhanced Linux Policy for the irqbalance processes
++greylist_milter_selinux \- Security Enhanced Linux Policy for the greylist_milter processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irqbalance processes via flexible mandatory access
++Security-Enhanced Linux secures the greylist_milter processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the greylist_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the greylist_milter_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux irqbalance policy is very flexible allowing users to setup their irqbalance processes in as secure a method as possible.
++SELinux greylist_milter policy is very flexible allowing users to setup their greylist_milter processes in as secure a method as possible.
+.PP
-+The following file types are defined for irqbalance:
++The following file types are defined for greylist_milter:
+
+
+.EX
+.PP
-+.B irqbalance_exec_t
++.B greylist_milter_data_t
+.EE
+
-+- Set files with the irqbalance_exec_t type, if you want to transition an executable to the irqbalance_t domain.
++- Set files with the greylist_milter_data_t type, if you want to treat the files as greylist milter content.
+
++.br
++.TP 5
++Paths:
++/var/run/sqlgrey\.pid, /var/run/milter-greylist\.pid, /var/run/milter-greylist(/.*)?, /var/lib/sqlgrey(/.*)?, /var/lib/milter-greylist(/.*)?
+
+.EX
+.PP
-+.B irqbalance_var_run_t
++.B greylist_milter_exec_t
+.EE
+
-+- Set files with the irqbalance_var_run_t type, if you want to store the irqbalance files under the /run directory.
++- Set files with the greylist_milter_exec_t type, if you want to transition an executable to the greylist_milter_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/sqlgrey, /usr/sbin/milter-greylist
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23701,18 +28702,36 @@ index 0000000..f66b248
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux irqbalance policy is very flexible allowing users to setup their irqbalance processes in as secure a method as possible.
++SELinux greylist_milter policy is very flexible allowing users to setup their greylist_milter processes in as secure a method as possible.
+.PP
-+The following process types are defined for irqbalance:
++The following process types are defined for greylist_milter:
+
+.EX
-+.B irqbalance_t
++.B greylist_milter_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type greylist_milter_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B greylist_milter_data_t
++
++ /var/lib/sqlgrey(/.*)?
++.br
++ /var/lib/milter-greylist(/.*)?
++.br
++ /var/run/milter-greylist(/.*)?
++.br
++ /var/run/sqlgrey\.pid
++.br
++ /var/run/milter-greylist\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23728,49 +28747,38 @@ index 0000000..f66b248
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/irssi_selinux.8 b/man/man8/irssi_selinux.8
++selinux(8), greylist_milter(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/groupadd_selinux.8 b/man/man8/groupadd_selinux.8
new file mode 100644
-index 0000000..f0f7b71
+index 0000000..06a77c4
--- /dev/null
-+++ b/man/man8/irssi_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "irssi_selinux" "8" "irssi" "dwalsh at redhat.com" "irssi SELinux Policy documentation"
++++ b/man/man8/groupadd_selinux.8
+@@ -0,0 +1,167 @@
++.TH "groupadd_selinux" "8" "groupadd" "dwalsh at redhat.com" "groupadd SELinux Policy documentation"
+.SH "NAME"
-+irssi_selinux \- Security Enhanced Linux Policy for the irssi processes
++groupadd_selinux \- Security Enhanced Linux Policy for the groupadd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irssi processes via flexible mandatory access
++Security-Enhanced Linux secures the groupadd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. irssi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run irssi with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port, you must turn on the irssi_use_full_network boolean.
-+
-+.EX
-+.B setsebool -P irssi_use_full_network 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the irssi_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the groupadd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the irssi_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the groupadd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -23779,34 +28787,22 @@ index 0000000..f0f7b71
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux irssi policy is very flexible allowing users to setup their irssi processes in as secure a method as possible.
++SELinux groupadd policy is very flexible allowing users to setup their groupadd processes in as secure a method as possible.
+.PP
-+The following file types are defined for irssi:
-+
-+
-+.EX
-+.PP
-+.B irssi_etc_t
-+.EE
-+
-+- Set files with the irssi_etc_t type, if you want to store irssi files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B irssi_exec_t
-+.EE
-+
-+- Set files with the irssi_exec_t type, if you want to transition an executable to the irssi_t domain.
++The following file types are defined for groupadd:
+
+
+.EX
+.PP
-+.B irssi_home_t
++.B groupadd_exec_t
+.EE
+
-+- Set files with the irssi_home_t type, if you want to store irssi files in the users home directory.
++- Set files with the groupadd_exec_t type, if you want to transition an executable to the groupadd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23821,18 +28817,94 @@ index 0000000..f0f7b71
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux irssi policy is very flexible allowing users to setup their irssi processes in as secure a method as possible.
++SELinux groupadd policy is very flexible allowing users to setup their groupadd processes in as secure a method as possible.
+.PP
-+The following process types are defined for irssi:
++The following process types are defined for groupadd:
+
+.EX
-+.B irssi_t
++.B groupadd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type groupadd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B passwd_file_t
++
++ /etc/group[-\+]?
++.br
++ /etc/passwd[-\+]?
++.br
++ /etc/ptmptmp
++.br
++ /etc/passwd\.OLD
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B shadow_t
++
++ /etc/shadow.*
++.br
++ /etc/gshadow.*
++.br
++ /var/db/shadow.*
++.br
++ /etc/passwd\.adjunct.*
++.br
++ /etc/\.pwd\.lock
++.br
++ /etc/group\.lock
++.br
++ /etc/passwd\.lock
++.br
++ /etc/security/opasswd
++.br
++ /etc/security/opasswd\.old
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23843,48 +28915,43 @@ index 0000000..f0f7b71
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), irssi(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/iscsid_selinux.8 b/man/man8/iscsid_selinux.8
++selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/groupd_selinux.8 b/man/man8/groupd_selinux.8
new file mode 100644
-index 0000000..6d11443
+index 0000000..aa995a2
--- /dev/null
-+++ b/man/man8/iscsid_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "iscsid_selinux" "8" "iscsid" "dwalsh at redhat.com" "iscsid SELinux Policy documentation"
++++ b/man/man8/groupd_selinux.8
+@@ -0,0 +1,140 @@
++.TH "groupd_selinux" "8" "groupd" "dwalsh at redhat.com" "groupd SELinux Policy documentation"
+.SH "NAME"
-+iscsid_selinux \- Security Enhanced Linux Policy for the iscsid processes
++groupd_selinux \- Security Enhanced Linux Policy for the groupd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iscsid processes via flexible mandatory access
++Security-Enhanced Linux secures the groupd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the iscsid_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the groupadd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the iscsid_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the groupadd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -23893,71 +28960,96 @@ index 0000000..6d11443
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
++SELinux groupd policy is very flexible allowing users to setup their groupd processes in as secure a method as possible.
+.PP
-+The following file types are defined for iscsid:
++The following file types are defined for groupd:
+
+
+.EX
+.PP
-+.B iscsid_exec_t
++.B groupd_exec_t
+.EE
+
-+- Set files with the iscsid_exec_t type, if you want to transition an executable to the iscsid_t domain.
++- Set files with the groupd_exec_t type, if you want to transition an executable to the groupd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B groupd_tmpfs_t
++.EE
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++- Set files with the groupd_tmpfs_t type, if you want to store groupd files on a tmpfs file system.
+
-+.B semanage port -l
+
++.EX
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
-+.PP
-+The following port types are defined for iscsid:
++.B groupd_var_log_t
++.EE
++
++- Set files with the groupd_var_log_t type, if you want to treat the data as groupd var log data, usually stored under the /var/log directory.
++
+
+.EX
-+.TP 5
-+.B iscsi_port_t
-+.TP 10
++.PP
++.B groupd_var_run_t
+.EE
+
++- Set files with the groupd_var_run_t type, if you want to store the groupd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+Default Defined Ports:
-+tcp 3260
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
++SELinux groupd policy is very flexible allowing users to setup their groupd processes in as secure a method as possible.
+.PP
-+The following process types are defined for iscsid:
++The following process types are defined for groupd:
+
+.EX
-+.B iscsid_t
++.B groupadd_t, groupd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type groupd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_var_lib_t
++
++ /var/lib/cluster(/.*)?
++.br
++
++.br
++.B groupd_tmpfs_t
++
++
++.br
++.B groupd_var_log_t
++
++
++.br
++.B groupd_var_run_t
++
++ /var/run/groupd\.pid
++.br
++
++.br
++.B initrc_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -23968,83 +29060,95 @@ index 0000000..6d11443
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/iwhd_selinux.8 b/man/man8/iwhd_selinux.8
++selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1)
++, groupadd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/gssd_selinux.8 b/man/man8/gssd_selinux.8
new file mode 100644
-index 0000000..570e109
+index 0000000..a09d3fd
--- /dev/null
-+++ b/man/man8/iwhd_selinux.8
-@@ -0,0 +1,105 @@
-+.TH "iwhd_selinux" "8" "iwhd" "dwalsh at redhat.com" "iwhd SELinux Policy documentation"
++++ b/man/man8/gssd_selinux.8
+@@ -0,0 +1,180 @@
++.TH "gssd_selinux" "8" "gssd" "dwalsh at redhat.com" "gssd SELinux Policy documentation"
+.SH "NAME"
-+iwhd_selinux \- Security Enhanced Linux Policy for the iwhd processes
++gssd_selinux \- Security Enhanced Linux Policy for the gssd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iwhd processes via flexible mandatory access
++Security-Enhanced Linux secures the gssd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. gssd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gssd with the tightest access possible.
++
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux iwhd policy is very flexible allowing users to setup their iwhd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for iwhd:
-+
++If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
+
+.EX
-+.PP
-+.B iwhd_exec_t
++.B setsebool -P gssd_read_tmp 1
+.EE
+
-+- Set files with the iwhd_exec_t type, if you want to transition an executable to the iwhd_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the gssd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B iwhd_initrc_exec_t
++If you want to allow confined applications to run with kerberos for the gssd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the iwhd_initrc_exec_t type, if you want to transition an executable to the iwhd_initrc_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux gssd policy is very flexible allowing users to setup their gssd processes in as secure a method as possible.
++.PP
++The following file types are defined for gssd:
+
+
+.EX
+.PP
-+.B iwhd_log_t
++.B gssd_exec_t
+.EE
+
-+- Set files with the iwhd_log_t type, if you want to treat the data as iwhd log data, usually stored under the /var/log directory.
++- Set files with the gssd_exec_t type, if you want to transition an executable to the gssd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/rpc\.gssd, /usr/sbin/rpc\.svcgssd
+
+.EX
+.PP
-+.B iwhd_var_lib_t
++.B gssd_keytab_t
+.EE
+
-+- Set files with the iwhd_var_lib_t type, if you want to store the iwhd files under the /var/lib directory.
++- Set files with the gssd_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B iwhd_var_run_t
++.B gssd_tmp_t
+.EE
+
-+- Set files with the iwhd_var_run_t type, if you want to store the iwhd files under the /run directory.
++- Set files with the gssd_tmp_t type, if you want to store gssd temporary files in the /tmp directories.
+
+
+.PP
@@ -24060,18 +29164,76 @@ index 0000000..570e109
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux iwhd policy is very flexible allowing users to setup their iwhd processes in as secure a method as possible.
++SELinux gssd policy is very flexible allowing users to setup their gssd processes in as secure a method as possible.
+.PP
-+The following process types are defined for iwhd:
++The following process types are defined for gssd:
+
+.EX
-+.B iwhd_t
++.B gssd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type gssd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B gssd_tmp_t
++
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B var_lib_nfs_t
++
++ /var/lib/nfs(/.*)?
++.br
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24082,151 +29244,204 @@ index 0000000..570e109
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/jabberd_selinux.8 b/man/man8/jabberd_selinux.8
++selinux(8), gssd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/guest_selinux.8 b/man/man8/guest_selinux.8
new file mode 100644
-index 0000000..51c4344
+index 0000000..72bd98d
--- /dev/null
-+++ b/man/man8/jabberd_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "jabberd_selinux" "8" "jabberd" "dwalsh at redhat.com" "jabberd SELinux Policy documentation"
++++ b/man/man8/guest_selinux.8
+@@ -0,0 +1,202 @@
++.TH "guest_selinux" "8" "guest" "mgrepl at redhat.com" "guest SELinux Policy documentation"
+.SH "NAME"
-+jabberd_selinux \- Security Enhanced Linux Policy for the jabberd processes
-+.SH "DESCRIPTION"
++guest_u \- \fBLeast privledge terminal user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the jabberd processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH NSSWITCH DOMAIN
++\fBguest_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBguest_r\fP. The
++default role has a default type, \fBguest_t\fP, associated with it.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for jabberd:
++The SELinux user will usually login to a system with a context that looks like:
+
++.B guest_u:guest_r:guest_t:s0-s0:c0.c1023
+
-+.EX
-+.PP
-+.B jabberd_exec_t
-+.EE
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
+
-+- Set files with the jabberd_exec_t type, if you want to transition an executable to the jabberd_t domain.
++SELinux policy uses the context to control the user's access.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/s2s, /usr/bin/sm
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
+
-+.EX
-+.PP
-+.B jabberd_initrc_exec_t
-+.EE
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
+
-+- Set files with the jabberd_initrc_exec_t type, if you want to transition an executable to the jabberd_initrc_t domain.
++You can list all Linux User to SELinux user mapping using:
+
++.B semanage login -l
+
-+.EX
-+.PP
-+.B jabberd_router_exec_t
-+.EE
++If you wanted to change the default user mapping to use the guest_u user, you would execute:
+
-+- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain.
++.B semanage login -m -s guest_u __default__
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/c2s, /usr/bin/router
+
-+.EX
-+.PP
-+.B jabberd_var_lib_t
-+.EE
++If you want to map the one Linux user (joe) to the SELinux user guest, you would execute:
+
-+- Set files with the jabberd_var_lib_t type, if you want to store the jabberd files under the /var/lib directory.
++.B $ semanage login -a -s guest_u joe
+
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.SH USER DESCRIPTION
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++The SELinux user guest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
+
-+.B semanage port -l
++.SH SUDO
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for jabberd:
++.SH X WINDOWS LOGIN
+
-+.EX
-+.TP 5
-+.B jabber_client_port_t
-+.TP 10
-+.EE
++The SELinux user guest_u is not able to X Windows login.
+
++.SH NETWORK
+
-+Default Defined Ports:
-+tcp 5222,5223
-+.EE
++.TP
++The SELinux user guest_u is able to connect to the following tcp ports.
+
-+.EX
-+.TP 5
-+.B jabber_interserver_port_t
-+.TP 10
-+.EE
++.B dns_port_t: 53
+
++.B ocsp_port_t: 9080
+
-+Default Defined Ports:
-+tcp 5269
-+.EE
++.B kerberos_port_t: 88,750,4444
++
++.TP
++The SELinux user guest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. guest policy is extremely flexible and has several booleans that allow you to manipulate the policy and run guest with the tightest access possible.
++
++
++.PP
++If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
+
+.EX
-+.TP 5
-+.B jabber_router_port_t
-+.TP 10
++.B setsebool -P xguest_connect_network 1
+.EE
+
++.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
+
-+Default Defined Ports:
-+tcp 5347
++.EX
++.B setsebool -P xguest_mount_media 1
+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for jabberd:
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
+
+.EX
-+.B jabberd_router_t, jabberd_t
++.B setsebool -P xguest_use_bluetooth 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH HOME_EXEC
++
++The SELinux user guest_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when guest_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny guest_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow guest_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user guest_t can execute without transitioning:
++
++.B sesearch -A -s guest_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow guest_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user guest_t can execute and transition:
++
++.B $ sesearch -A -s guest_t -c process -p transition
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type guest_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B httpd_user_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.+)?
++.br
++
++.br
++.B httpd_user_htaccess_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/\.htaccess
++.br
++
++.br
++.B httpd_user_ra_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/logs(/.*)?
++.br
++
++.br
++.B httpd_user_rw_content_t
++
++
++.br
++.B httpd_user_script_exec_t
++
++ /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -24238,30 +29453,32 @@ index 0000000..51c4344
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/jockey_selinux.8 b/man/man8/jockey_selinux.8
++selinux(8), guest(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/hddtemp_selinux.8 b/man/man8/hddtemp_selinux.8
new file mode 100644
-index 0000000..9a6aaca
+index 0000000..9785089
--- /dev/null
-+++ b/man/man8/jockey_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "jockey_selinux" "8" "jockey" "dwalsh at redhat.com" "jockey SELinux Policy documentation"
++++ b/man/man8/hddtemp_selinux.8
+@@ -0,0 +1,119 @@
++.TH "hddtemp_selinux" "8" "hddtemp" "dwalsh at redhat.com" "hddtemp SELinux Policy documentation"
+.SH "NAME"
-+jockey_selinux \- Security Enhanced Linux Policy for the jockey processes
++hddtemp_selinux \- Security Enhanced Linux Policy for the hddtemp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the jockey processes via flexible mandatory access
++Security-Enhanced Linux secures the hddtemp processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -24272,38 +29489,34 @@ index 0000000..9a6aaca
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux jockey policy is very flexible allowing users to setup their jockey processes in as secure a method as possible.
++SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
+.PP
-+The following file types are defined for jockey:
++The following file types are defined for hddtemp:
+
+
+.EX
+.PP
-+.B jockey_cache_t
++.B hddtemp_etc_t
+.EE
+
-+- Set files with the jockey_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the hddtemp_etc_t type, if you want to store hddtemp files in the /etc directories.
+
+
+.EX
+.PP
-+.B jockey_exec_t
++.B hddtemp_exec_t
+.EE
+
-+- Set files with the jockey_exec_t type, if you want to transition an executable to the jockey_t domain.
++- Set files with the hddtemp_exec_t type, if you want to transition an executable to the hddtemp_t domain.
+
+
+.EX
+.PP
-+.B jockey_var_log_t
++.B hddtemp_initrc_exec_t
+.EE
+
-+- Set files with the jockey_var_log_t type, if you want to treat the data as jockey var log data, usually stored under the /var/log directory.
++- Set files with the hddtemp_initrc_exec_t type, if you want to transition an executable to the hddtemp_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/jockey\.log.*, /var/log/jockey(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -24312,24 +29525,51 @@ index 0000000..9a6aaca
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
++.PP
++The following port types are defined for hddtemp:
++
++.EX
++.TP 5
++.B hddtemp_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 7634
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux jockey policy is very flexible allowing users to setup their jockey processes in as secure a method as possible.
++SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible.
+.PP
-+The following process types are defined for jockey:
++The following process types are defined for hddtemp:
+
+.EX
-+.B jockey_t
++.B hddtemp_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type hddtemp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24340,27 +29580,30 @@ index 0000000..9a6aaca
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), jockey(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kadmind_selinux.8 b/man/man8/kadmind_selinux.8
++selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/hostname_selinux.8 b/man/man8/hostname_selinux.8
new file mode 100644
-index 0000000..24e83c0
+index 0000000..029b6a7
--- /dev/null
-+++ b/man/man8/kadmind_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "kadmind_selinux" "8" "kadmind" "dwalsh at redhat.com" "kadmind SELinux Policy documentation"
++++ b/man/man8/hostname_selinux.8
+@@ -0,0 +1,81 @@
++.TH "hostname_selinux" "8" "hostname" "dwalsh at redhat.com" "hostname SELinux Policy documentation"
+.SH "NAME"
-+kadmind_selinux \- Security Enhanced Linux Policy for the kadmind processes
++hostname_selinux \- Security Enhanced Linux Policy for the hostname processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kadmind processes via flexible mandatory access
++Security-Enhanced Linux secures the hostname processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -24371,46 +29614,22 @@ index 0000000..24e83c0
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kadmind policy is very flexible allowing users to setup their kadmind processes in as secure a method as possible.
++SELinux hostname policy is very flexible allowing users to setup their hostname processes in as secure a method as possible.
+.PP
-+The following file types are defined for kadmind:
++The following file types are defined for hostname:
+
+
+.EX
+.PP
-+.B kadmind_exec_t
++.B hostname_exec_t
+.EE
+
-+- Set files with the kadmind_exec_t type, if you want to transition an executable to the kadmind_t domain.
++- Set files with the hostname_exec_t type, if you want to transition an executable to the hostname_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/(local/)?(kerberos/)?sbin/kadmind, /usr/kerberos/sbin/kadmin\.local
-+
-+.EX
-+.PP
-+.B kadmind_log_t
-+.EE
-+
-+- Set files with the kadmind_log_t type, if you want to treat the data as kadmind log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B kadmind_tmp_t
-+.EE
-+
-+- Set files with the kadmind_tmp_t type, if you want to store kadmind temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B kadmind_var_run_t
-+.EE
-+
-+- Set files with the kadmind_var_run_t type, if you want to store the kadmind files under the /run directory.
-+
++/bin/hostname, /usr/bin/hostname
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -24425,18 +29644,22 @@ index 0000000..24e83c0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kadmind policy is very flexible allowing users to setup their kadmind processes in as secure a method as possible.
++SELinux hostname policy is very flexible allowing users to setup their hostname processes in as secure a method as possible.
+.PP
-+The following process types are defined for kadmind:
++The following process types are defined for hostname:
+
+.EX
-+.B kadmind_t
++.B hostname_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type hostname_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24452,152 +29675,173 @@ index 0000000..24e83c0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kdump_selinux.8 b/man/man8/kdump_selinux.8
++selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/hplip_selinux.8 b/man/man8/hplip_selinux.8
new file mode 100644
-index 0000000..c6ca89e
+index 0000000..95fc55c
--- /dev/null
-+++ b/man/man8/kdump_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "kdump_selinux" "8" "kdump" "dwalsh at redhat.com" "kdump SELinux Policy documentation"
++++ b/man/man8/hplip_selinux.8
+@@ -0,0 +1,179 @@
++.TH "hplip_selinux" "8" "hplip" "dwalsh at redhat.com" "hplip SELinux Policy documentation"
+.SH "NAME"
-+kdump_selinux \- Security Enhanced Linux Policy for the kdump processes
++hplip_selinux \- Security Enhanced Linux Policy for the hplip processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kdump processes via flexible mandatory access
++Security-Enhanced Linux secures the hplip processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kdumpgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the kdumpgui_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kdump policy is very flexible allowing users to setup their kdump processes in as secure a method as possible.
++SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
+.PP
-+The following file types are defined for kdump:
++The following file types are defined for hplip:
+
+
+.EX
+.PP
-+.B kdump_etc_t
++.B hplip_etc_t
+.EE
+
-+- Set files with the kdump_etc_t type, if you want to store kdump files in the /etc directories.
++- Set files with the hplip_etc_t type, if you want to store hplip files in the /etc directories.
+
+
+.EX
+.PP
-+.B kdump_exec_t
++.B hplip_exec_t
+.EE
+
-+- Set files with the kdump_exec_t type, if you want to transition an executable to the kdump_t domain.
++- Set files with the hplip_exec_t type, if you want to transition an executable to the hplip_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/kdump, /usr/sbin/kexec, /sbin/kdump, /sbin/kexec
++/usr/bin/hpijs, /usr/share/hplip/.*\.py, /usr/sbin/hp-[^/]+, /usr/lib/cups/backend/hp.*, /usr/sbin/hpiod
+
+.EX
+.PP
-+.B kdump_initrc_exec_t
++.B hplip_tmp_t
+.EE
+
-+- Set files with the kdump_initrc_exec_t type, if you want to transition an executable to the kdump_initrc_t domain.
++- Set files with the hplip_tmp_t type, if you want to store hplip temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B kdump_unit_file_t
++.B hplip_var_lib_t
+.EE
+
-+- Set files with the kdump_unit_file_t type, if you want to treat the files as kdump unit content.
++- Set files with the hplip_var_lib_t type, if you want to store the hplip files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B kdumpctl_exec_t
++.B hplip_var_run_t
+.EE
+
-+- Set files with the kdumpctl_exec_t type, if you want to transition an executable to the kdumpctl_t domain.
++- Set files with the hplip_var_run_t type, if you want to store the hplip files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/hp.*\.pid, /var/run/hp.*\.port
+
-+.EX
+.PP
-+.B kdumpctl_tmp_t
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+- Set files with the kdumpctl_tmp_t type, if you want to store kdumpctl temporary files in the /tmp directories.
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
+
++.B semanage port -l
+
-+.EX
+.PP
-+.B kdumpctl_unit_file_t
-+.EE
-+
-+- Set files with the kdumpctl_unit_file_t type, if you want to treat the files as kdumpctl unit content.
-+
++Policy governs the access confined processes have to these ports.
++SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
++.PP
++The following port types are defined for hplip:
+
+.EX
-+.PP
-+.B kdumpgui_exec_t
++.TP 5
++.B hplip_port_t
++.TP 10
+.EE
+
-+- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain.
-+
+
-+.EX
-+.PP
-+.B kdumpgui_tmp_t
++Default Defined Ports:
++tcp 1782,2207,2208,8290,50000,50002,8292,9100,9101,9102,9220,9221,9222,9280,9281,9282,9290,9291
+.EE
-+
-+- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kdump policy is very flexible allowing users to setup their kdump processes in as secure a method as possible.
++SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible.
+.PP
-+The following process types are defined for kdump:
++The following process types are defined for hplip:
+
+.EX
-+.B kdumpgui_t, kdumpctl_t, kdump_t
++.B hplip_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type hplip_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B cupsd_tmp_t
++
++
++.br
++.B hplip_var_lib_t
++
++ /var/lib/hp(/.*)?
++.br
++
++.br
++.B hplip_var_run_t
++
++ /var/run/hp.*\.pid
++.br
++ /var/run/hp.*\.port
++.br
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
++.br
++.B usbfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24608,27 +29852,30 @@ index 0000000..c6ca89e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kdumpctl_selinux.8 b/man/man8/kdumpctl_selinux.8
++selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/httpd_apcupsd_cgi_script_selinux.8 b/man/man8/httpd_apcupsd_cgi_script_selinux.8
new file mode 100644
-index 0000000..da151a2
+index 0000000..45a6ae2
--- /dev/null
-+++ b/man/man8/kdumpctl_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "kdumpctl_selinux" "8" "kdumpctl" "dwalsh at redhat.com" "kdumpctl SELinux Policy documentation"
++++ b/man/man8/httpd_apcupsd_cgi_script_selinux.8
+@@ -0,0 +1,86 @@
++.TH "httpd_apcupsd_cgi_script_selinux" "8" "httpd_apcupsd_cgi_script" "dwalsh at redhat.com" "httpd_apcupsd_cgi_script SELinux Policy documentation"
+.SH "NAME"
-+kdumpctl_selinux \- Security Enhanced Linux Policy for the kdumpctl processes
++httpd_apcupsd_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_apcupsd_cgi_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kdumpctl processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_apcupsd_cgi_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -24639,34 +29886,22 @@ index 0000000..da151a2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kdumpctl policy is very flexible allowing users to setup their kdumpctl processes in as secure a method as possible.
++SELinux httpd_apcupsd_cgi_script policy is very flexible allowing users to setup their httpd_apcupsd_cgi_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for kdumpctl:
-+
-+
-+.EX
-+.PP
-+.B kdumpctl_exec_t
-+.EE
-+
-+- Set files with the kdumpctl_exec_t type, if you want to transition an executable to the kdumpctl_t domain.
-+
-+
-+.EX
-+.PP
-+.B kdumpctl_tmp_t
-+.EE
-+
-+- Set files with the kdumpctl_tmp_t type, if you want to store kdumpctl temporary files in the /tmp directories.
++The following file types are defined for httpd_apcupsd_cgi_script:
+
+
+.EX
+.PP
-+.B kdumpctl_unit_file_t
++.B httpd_apcupsd_cgi_script_exec_t
+.EE
+
-+- Set files with the kdumpctl_unit_file_t type, if you want to treat the files as kdumpctl unit content.
++- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
+
++.br
++.TP 5
++Paths:
++/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -24681,18 +29916,26 @@ index 0000000..da151a2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kdumpctl policy is very flexible allowing users to setup their kdumpctl processes in as secure a method as possible.
++SELinux httpd_apcupsd_cgi_script policy is very flexible allowing users to setup their httpd_apcupsd_cgi_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for kdumpctl:
++The following process types are defined for httpd_apcupsd_cgi_script:
+
+.EX
-+.B kdumpctl_t
++.B httpd_apcupsd_cgi_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_apcupsd_cgi_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_apcupsd_cgi_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24708,65 +29951,45 @@ index 0000000..da151a2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kdumpctl(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kdumpgui_selinux.8 b/man/man8/kdumpgui_selinux.8
++selinux(8), httpd_apcupsd_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_awstats_script_selinux.8 b/man/man8/httpd_awstats_script_selinux.8
new file mode 100644
-index 0000000..d20bf5e
+index 0000000..0ae4666
--- /dev/null
-+++ b/man/man8/kdumpgui_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "kdumpgui_selinux" "8" "kdumpgui" "dwalsh at redhat.com" "kdumpgui SELinux Policy documentation"
++++ b/man/man8/httpd_awstats_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_awstats_script_selinux" "8" "httpd_awstats_script" "dwalsh at redhat.com" "httpd_awstats_script SELinux Policy documentation"
+.SH "NAME"
-+kdumpgui_selinux \- Security Enhanced Linux Policy for the kdumpgui processes
++httpd_awstats_script_selinux \- Security Enhanced Linux Policy for the httpd_awstats_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kdumpgui processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_awstats_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kdumpgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the kdumpgui_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kdumpgui policy is very flexible allowing users to setup their kdumpgui processes in as secure a method as possible.
++SELinux httpd_awstats_script policy is very flexible allowing users to setup their httpd_awstats_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for kdumpgui:
-+
-+
-+.EX
-+.PP
-+.B kdumpgui_exec_t
-+.EE
-+
-+- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain.
++The following file types are defined for httpd_awstats_script:
+
+
+.EX
+.PP
-+.B kdumpgui_tmp_t
++.B httpd_awstats_script_exec_t
+.EE
+
-+- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories.
++- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
+
+
+.PP
@@ -24782,18 +30005,26 @@ index 0000000..d20bf5e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kdumpgui policy is very flexible allowing users to setup their kdumpgui processes in as secure a method as possible.
++SELinux httpd_awstats_script policy is very flexible allowing users to setup their httpd_awstats_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for kdumpgui:
++The following process types are defined for httpd_awstats_script:
+
+.EX
-+.B kdumpgui_t
++.B httpd_awstats_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_awstats_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_awstats_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24809,22 +30040,24 @@ index 0000000..d20bf5e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/keyboardd_selinux.8 b/man/man8/keyboardd_selinux.8
++selinux(8), httpd_awstats_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_bugzilla_script_selinux.8 b/man/man8/httpd_bugzilla_script_selinux.8
new file mode 100644
-index 0000000..59fd0b3
+index 0000000..8562f3c
--- /dev/null
-+++ b/man/man8/keyboardd_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "keyboardd_selinux" "8" "keyboardd" "dwalsh at redhat.com" "keyboardd SELinux Policy documentation"
++++ b/man/man8/httpd_bugzilla_script_selinux.8
+@@ -0,0 +1,88 @@
++.TH "httpd_bugzilla_script_selinux" "8" "httpd_bugzilla_script" "dwalsh at redhat.com" "httpd_bugzilla_script SELinux Policy documentation"
+.SH "NAME"
-+keyboardd_selinux \- Security Enhanced Linux Policy for the keyboardd processes
++httpd_bugzilla_script_selinux \- Security Enhanced Linux Policy for the httpd_bugzilla_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the keyboardd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_bugzilla_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -24835,17 +30068,17 @@ index 0000000..59fd0b3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux keyboardd policy is very flexible allowing users to setup their keyboardd processes in as secure a method as possible.
++SELinux httpd_bugzilla_script policy is very flexible allowing users to setup their httpd_bugzilla_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for keyboardd:
++The following file types are defined for httpd_bugzilla_script:
+
+
+.EX
+.PP
-+.B keyboardd_exec_t
++.B httpd_bugzilla_script_exec_t
+.EE
+
-+- Set files with the keyboardd_exec_t type, if you want to transition an executable to the keyboardd_t domain.
++- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
+
+
+.PP
@@ -24861,18 +30094,32 @@ index 0000000..59fd0b3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux keyboardd policy is very flexible allowing users to setup their keyboardd processes in as secure a method as possible.
++SELinux httpd_bugzilla_script policy is very flexible allowing users to setup their httpd_bugzilla_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for keyboardd:
++The following process types are defined for httpd_bugzilla_script:
+
+.EX
-+.B keyboardd_t
++.B httpd_bugzilla_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_bugzilla_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_bugzilla_rw_content_t
++
++ /var/lib/bugzilla(/.*)?
++.br
++
++.br
++.B httpd_bugzilla_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -24888,89 +30135,45 @@ index 0000000..59fd0b3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/keystone_selinux.8 b/man/man8/keystone_selinux.8
++selinux(8), httpd_bugzilla_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_cobbler_script_selinux.8 b/man/man8/httpd_cobbler_script_selinux.8
new file mode 100644
-index 0000000..b521f85
+index 0000000..711c98c
--- /dev/null
-+++ b/man/man8/keystone_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "keystone_selinux" "8" "keystone" "dwalsh at redhat.com" "keystone SELinux Policy documentation"
++++ b/man/man8/httpd_cobbler_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_cobbler_script_selinux" "8" "httpd_cobbler_script" "dwalsh at redhat.com" "httpd_cobbler_script SELinux Policy documentation"
+.SH "NAME"
-+keystone_selinux \- Security Enhanced Linux Policy for the keystone processes
++httpd_cobbler_script_selinux \- Security Enhanced Linux Policy for the httpd_cobbler_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the keystone processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_cobbler_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the keystone_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the keystone_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
++SELinux httpd_cobbler_script policy is very flexible allowing users to setup their httpd_cobbler_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for keystone:
-+
-+
-+.EX
-+.PP
-+.B keystone_exec_t
-+.EE
-+
-+- Set files with the keystone_exec_t type, if you want to transition an executable to the keystone_t domain.
-+
-+
-+.EX
-+.PP
-+.B keystone_log_t
-+.EE
-+
-+- Set files with the keystone_log_t type, if you want to treat the data as keystone log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B keystone_tmp_t
-+.EE
-+
-+- Set files with the keystone_tmp_t type, if you want to store keystone temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B keystone_unit_file_t
-+.EE
-+
-+- Set files with the keystone_unit_file_t type, if you want to treat the files as keystone unit content.
++The following file types are defined for httpd_cobbler_script:
+
+
+.EX
+.PP
-+.B keystone_var_lib_t
++.B httpd_cobbler_script_exec_t
+.EE
+
-+- Set files with the keystone_var_lib_t type, if you want to store the keystone files under the /var/lib directory.
++- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain.
+
+
+.PP
@@ -24980,49 +30183,32 @@ index 0000000..b521f85
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
-+.PP
-+The following port types are defined for keystone:
-+
-+.EX
-+.TP 5
-+.B keystone_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 5000
-+.EE
-+udp 5000
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
++SELinux httpd_cobbler_script policy is very flexible allowing users to setup their httpd_cobbler_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for keystone:
++The following process types are defined for httpd_cobbler_script:
+
+.EX
-+.B keystone_t
++.B httpd_cobbler_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_cobbler_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_cobbler_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25033,113 +30219,50 @@ index 0000000..b521f85
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), keystone(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kismet_selinux.8 b/man/man8/kismet_selinux.8
++selinux(8), httpd_cobbler_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_collectd_script_selinux.8 b/man/man8/httpd_collectd_script_selinux.8
new file mode 100644
-index 0000000..7edd41b
+index 0000000..c17f89a
--- /dev/null
-+++ b/man/man8/kismet_selinux.8
-@@ -0,0 +1,161 @@
-+.TH "kismet_selinux" "8" "kismet" "dwalsh at redhat.com" "kismet SELinux Policy documentation"
++++ b/man/man8/httpd_collectd_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_collectd_script_selinux" "8" "httpd_collectd_script" "dwalsh at redhat.com" "httpd_collectd_script SELinux Policy documentation"
+.SH "NAME"
-+kismet_selinux \- Security Enhanced Linux Policy for the kismet processes
++httpd_collectd_script_selinux \- Security Enhanced Linux Policy for the httpd_collectd_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kismet processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_collectd_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kismet_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the kismet_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible.
++SELinux httpd_collectd_script policy is very flexible allowing users to setup their httpd_collectd_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for kismet:
-+
-+
-+.EX
-+.PP
-+.B kismet_exec_t
-+.EE
-+
-+- Set files with the kismet_exec_t type, if you want to transition an executable to the kismet_t domain.
-+
-+
-+.EX
-+.PP
-+.B kismet_home_t
-+.EE
-+
-+- Set files with the kismet_home_t type, if you want to store kismet files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B kismet_log_t
-+.EE
-+
-+- Set files with the kismet_log_t type, if you want to treat the data as kismet log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B kismet_tmp_t
-+.EE
-+
-+- Set files with the kismet_tmp_t type, if you want to store kismet temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B kismet_tmpfs_t
-+.EE
-+
-+- Set files with the kismet_tmpfs_t type, if you want to store kismet files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B kismet_var_lib_t
-+.EE
-+
-+- Set files with the kismet_var_lib_t type, if you want to store the kismet files under the /var/lib directory.
++The following file types are defined for httpd_collectd_script:
+
+
+.EX
+.PP
-+.B kismet_var_run_t
++.B httpd_collectd_script_exec_t
+.EE
+
-+- Set files with the kismet_var_run_t type, if you want to store the kismet files under the /run directory.
++- Set files with the httpd_collectd_script_exec_t type, if you want to transition an executable to the httpd_collectd_script_t domain.
+
+
+.PP
@@ -25149,47 +30272,32 @@ index 0000000..7edd41b
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible.
-+.PP
-+The following port types are defined for kismet:
-+
-+.EX
-+.TP 5
-+.B kismet_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 2501
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible.
++SELinux httpd_collectd_script policy is very flexible allowing users to setup their httpd_collectd_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for kismet:
++The following process types are defined for httpd_collectd_script:
+
+.EX
-+.B kismet_t
++.B httpd_collectd_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_collectd_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_collectd_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25200,30 +30308,29 @@ index 0000000..7edd41b
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/klogd_selinux.8 b/man/man8/klogd_selinux.8
++selinux(8), httpd_collectd_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_cvs_script_selinux.8 b/man/man8/httpd_cvs_script_selinux.8
new file mode 100644
-index 0000000..5dbcedd
+index 0000000..02bb966
--- /dev/null
-+++ b/man/man8/klogd_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "klogd_selinux" "8" "klogd" "dwalsh at redhat.com" "klogd SELinux Policy documentation"
++++ b/man/man8/httpd_cvs_script_selinux.8
+@@ -0,0 +1,90 @@
++.TH "httpd_cvs_script_selinux" "8" "httpd_cvs_script" "dwalsh at redhat.com" "httpd_cvs_script SELinux Policy documentation"
+.SH "NAME"
-+klogd_selinux \- Security Enhanced Linux Policy for the klogd processes
++httpd_cvs_script_selinux \- Security Enhanced Linux Policy for the httpd_cvs_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the klogd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_cvs_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -25234,38 +30341,22 @@ index 0000000..5dbcedd
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux klogd policy is very flexible allowing users to setup their klogd processes in as secure a method as possible.
++SELinux httpd_cvs_script policy is very flexible allowing users to setup their httpd_cvs_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for klogd:
++The following file types are defined for httpd_cvs_script:
+
+
+.EX
+.PP
-+.B klogd_exec_t
++.B httpd_cvs_script_exec_t
+.EE
+
-+- Set files with the klogd_exec_t type, if you want to transition an executable to the klogd_t domain.
++- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/rklogd, /usr/sbin/klogd, /sbin/klogd, /sbin/rklogd
-+
-+.EX
-+.PP
-+.B klogd_tmp_t
-+.EE
-+
-+- Set files with the klogd_tmp_t type, if you want to store klogd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B klogd_var_run_t
-+.EE
-+
-+- Set files with the klogd_var_run_t type, if you want to store the klogd files under the /run directory.
-+
++/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25280,18 +30371,30 @@ index 0000000..5dbcedd
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux klogd policy is very flexible allowing users to setup their klogd processes in as secure a method as possible.
++SELinux httpd_cvs_script policy is very flexible allowing users to setup their httpd_cvs_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for klogd:
++The following process types are defined for httpd_cvs_script:
+
+.EX
-+.B klogd_t
++.B httpd_cvs_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_cvs_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cvs_tmp_t
++
++
++.br
++.B httpd_cvs_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25307,22 +30410,24 @@ index 0000000..5dbcedd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/kpropd_selinux.8 b/man/man8/kpropd_selinux.8
++selinux(8), httpd_cvs_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_dirsrvadmin_script_selinux.8 b/man/man8/httpd_dirsrvadmin_script_selinux.8
new file mode 100644
-index 0000000..1606af5
+index 0000000..04f4409
--- /dev/null
-+++ b/man/man8/kpropd_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "kpropd_selinux" "8" "kpropd" "dwalsh at redhat.com" "kpropd SELinux Policy documentation"
++++ b/man/man8/httpd_dirsrvadmin_script_selinux.8
+@@ -0,0 +1,128 @@
++.TH "httpd_dirsrvadmin_script_selinux" "8" "httpd_dirsrvadmin_script" "dwalsh at redhat.com" "httpd_dirsrvadmin_script SELinux Policy documentation"
+.SH "NAME"
-+kpropd_selinux \- Security Enhanced Linux Policy for the kpropd processes
++httpd_dirsrvadmin_script_selinux \- Security Enhanced Linux Policy for the httpd_dirsrvadmin_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kpropd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_dirsrvadmin_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -25333,18 +30438,22 @@ index 0000000..1606af5
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
++SELinux httpd_dirsrvadmin_script policy is very flexible allowing users to setup their httpd_dirsrvadmin_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for kpropd:
++The following file types are defined for httpd_dirsrvadmin_script:
+
+
+.EX
+.PP
-+.B kpropd_exec_t
++.B httpd_dirsrvadmin_script_exec_t
+.EE
+
-+- Set files with the kpropd_exec_t type, if you want to transition an executable to the kpropd_t domain.
++- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25353,47 +30462,74 @@ index 0000000..1606af5
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for kpropd:
-+
-+.EX
-+.TP 5
-+.B kprop_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 754
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
++SELinux httpd_dirsrvadmin_script policy is very flexible allowing users to setup their httpd_dirsrvadmin_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for kpropd:
++The following process types are defined for httpd_dirsrvadmin_script:
+
+.EX
-+.B kpropd_t
++.B httpd_dirsrvadmin_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_dirsrvadmin_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dirsrv_config_t
++
++ /etc/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_lib_t
++
++ /var/lib/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_log_t
++
++ /var/log/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_run_t
++
++ /var/run/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrvadmin_config_t
++
++ /etc/dirsrv/dsgw(/.*)?
++.br
++ /etc/dirsrv/admin-serv(/.*)?
++.br
++
++.br
++.B dirsrvadmin_lock_t
++
++ /var/lock/subsys/dirsrv
++.br
++
++.br
++.B dirsrvadmin_tmp_t
++
++
++.br
++.B httpd_dirsrvadmin_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25404,30 +30540,29 @@ index 0000000..1606af5
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/krb5kdc_selinux.8 b/man/man8/krb5kdc_selinux.8
++selinux(8), httpd_dirsrvadmin_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_dspam_script_selinux.8 b/man/man8/httpd_dspam_script_selinux.8
new file mode 100644
-index 0000000..f3acfe7
+index 0000000..f888455
--- /dev/null
-+++ b/man/man8/krb5kdc_selinux.8
-@@ -0,0 +1,133 @@
-+.TH "krb5kdc_selinux" "8" "krb5kdc" "dwalsh at redhat.com" "krb5kdc SELinux Policy documentation"
++++ b/man/man8/httpd_dspam_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_dspam_script_selinux" "8" "httpd_dspam_script" "dwalsh at redhat.com" "httpd_dspam_script SELinux Policy documentation"
+.SH "NAME"
-+krb5kdc_selinux \- Security Enhanced Linux Policy for the krb5kdc processes
++httpd_dspam_script_selinux \- Security Enhanced Linux Policy for the httpd_dspam_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the krb5kdc processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_dspam_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -25438,77 +30573,17 @@ index 0000000..f3acfe7
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux krb5kdc policy is very flexible allowing users to setup their krb5kdc processes in as secure a method as possible.
++SELinux httpd_dspam_script policy is very flexible allowing users to setup their httpd_dspam_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for krb5kdc:
++The following file types are defined for httpd_dspam_script:
+
+
+.EX
+.PP
-+.B krb5kdc_conf_t
++.B httpd_dspam_script_exec_t
+.EE
+
-+- Set files with the krb5kdc_conf_t type, if you want to treat the files as krb5kdc configuration data, usually stored under the /etc directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/kerberos/krb5kdc(/.*)?, /etc/krb5kdc(/.*)?, /usr/local/var/krb5kdc(/.*)?
-+
-+.EX
-+.PP
-+.B krb5kdc_exec_t
-+.EE
-+
-+- Set files with the krb5kdc_exec_t type, if you want to transition an executable to the krb5kdc_t domain.
-+
-+
-+.EX
-+.PP
-+.B krb5kdc_lock_t
-+.EE
-+
-+- Set files with the krb5kdc_lock_t type, if you want to treat the files as krb5kdc lock data, stored under the /var/lock directory
-+
-+.br
-+.TP 5
-+Paths:
-+/var/kerberos/krb5kdc/principal.*\.ok, /var/kerberos/krb5kdc/from_master.*
-+
-+.EX
-+.PP
-+.B krb5kdc_log_t
-+.EE
-+
-+- Set files with the krb5kdc_log_t type, if you want to treat the data as krb5kdc log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B krb5kdc_principal_t
-+.EE
-+
-+- Set files with the krb5kdc_principal_t type, if you want to treat the files as krb5kdc principal data.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/local/var/krb5kdc/principal.*, /etc/krb5kdc/principal.*, /var/kerberos/krb5kdc/principal.*
-+
-+.EX
-+.PP
-+.B krb5kdc_tmp_t
-+.EE
-+
-+- Set files with the krb5kdc_tmp_t type, if you want to store krb5kdc temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B krb5kdc_var_run_t
-+.EE
-+
-+- Set files with the krb5kdc_var_run_t type, if you want to store the krb5kdc files under the /run directory.
++- Set files with the httpd_dspam_script_exec_t type, if you want to transition an executable to the httpd_dspam_script_t domain.
+
+
+.PP
@@ -25524,18 +30599,26 @@ index 0000000..f3acfe7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux krb5kdc policy is very flexible allowing users to setup their krb5kdc processes in as secure a method as possible.
++SELinux httpd_dspam_script policy is very flexible allowing users to setup their httpd_dspam_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for krb5kdc:
++The following process types are defined for httpd_dspam_script:
+
+.EX
-+.B krb5kdc_t
++.B httpd_dspam_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_dspam_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_dspam_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25551,38 +30634,40 @@ index 0000000..f3acfe7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ksmtuned_selinux.8 b/man/man8/ksmtuned_selinux.8
++selinux(8), httpd_dspam_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_git_script_selinux.8 b/man/man8/httpd_git_script_selinux.8
new file mode 100644
-index 0000000..3d5dd35
+index 0000000..ba6885e
--- /dev/null
-+++ b/man/man8/ksmtuned_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "ksmtuned_selinux" "8" "ksmtuned" "dwalsh at redhat.com" "ksmtuned SELinux Policy documentation"
++++ b/man/man8/httpd_git_script_selinux.8
+@@ -0,0 +1,104 @@
++.TH "httpd_git_script_selinux" "8" "httpd_git_script" "dwalsh at redhat.com" "httpd_git_script SELinux Policy documentation"
+.SH "NAME"
-+ksmtuned_selinux \- Security Enhanced Linux Policy for the ksmtuned processes
++httpd_git_script_selinux \- Security Enhanced Linux Policy for the httpd_git_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ksmtuned processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_git_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ksmtuned_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_git_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ksmtuned_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the httpd_git_script_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -25591,42 +30676,22 @@ index 0000000..3d5dd35
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ksmtuned policy is very flexible allowing users to setup their ksmtuned processes in as secure a method as possible.
++SELinux httpd_git_script policy is very flexible allowing users to setup their httpd_git_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for ksmtuned:
-+
-+
-+.EX
-+.PP
-+.B ksmtuned_exec_t
-+.EE
-+
-+- Set files with the ksmtuned_exec_t type, if you want to transition an executable to the ksmtuned_t domain.
-+
-+
-+.EX
-+.PP
-+.B ksmtuned_initrc_exec_t
-+.EE
-+
-+- Set files with the ksmtuned_initrc_exec_t type, if you want to transition an executable to the ksmtuned_initrc_t domain.
++The following file types are defined for httpd_git_script:
+
+
+.EX
+.PP
-+.B ksmtuned_log_t
-+.EE
-+
-+- Set files with the ksmtuned_log_t type, if you want to treat the data as ksmtuned log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B ksmtuned_var_run_t
++.B httpd_git_script_exec_t
+.EE
+
-+- Set files with the ksmtuned_var_run_t type, if you want to store the ksmtuned files under the /run directory.
++- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain.
+
++.br
++.TP 5
++Paths:
++/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25641,18 +30706,30 @@ index 0000000..3d5dd35
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ksmtuned policy is very flexible allowing users to setup their ksmtuned processes in as secure a method as possible.
++SELinux httpd_git_script policy is very flexible allowing users to setup their httpd_git_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for ksmtuned:
++The following process types are defined for httpd_git_script:
+
+.EX
-+.B ksmtuned_t
++.B httpd_git_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_git_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_git_rw_content_t
++
++ /var/cache/cgit(/.*)?
++.br
++ /var/cache/gitweb-caching(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25668,85 +30745,45 @@ index 0000000..3d5dd35
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ktalkd_selinux.8 b/man/man8/ktalkd_selinux.8
++selinux(8), httpd_git_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_helper_selinux.8 b/man/man8/httpd_helper_selinux.8
new file mode 100644
-index 0000000..c5dca5b
+index 0000000..11da9c3
--- /dev/null
-+++ b/man/man8/ktalkd_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "ktalkd_selinux" "8" "ktalkd" "dwalsh at redhat.com" "ktalkd SELinux Policy documentation"
++++ b/man/man8/httpd_helper_selinux.8
+@@ -0,0 +1,78 @@
++.TH "httpd_helper_selinux" "8" "httpd_helper" "dwalsh at redhat.com" "httpd_helper SELinux Policy documentation"
+.SH "NAME"
-+ktalkd_selinux \- Security Enhanced Linux Policy for the ktalkd processes
++httpd_helper_selinux \- Security Enhanced Linux Policy for the httpd_helper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ktalkd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_helper processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ktalkd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the ktalkd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
++SELinux httpd_helper policy is very flexible allowing users to setup their httpd_helper processes in as secure a method as possible.
+.PP
-+The following file types are defined for ktalkd:
-+
-+
-+.EX
-+.PP
-+.B ktalkd_exec_t
-+.EE
-+
-+- Set files with the ktalkd_exec_t type, if you want to transition an executable to the ktalkd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.talkd, /usr/bin/ktalkd, /usr/sbin/in\.ntalkd
-+
-+.EX
-+.PP
-+.B ktalkd_log_t
-+.EE
-+
-+- Set files with the ktalkd_log_t type, if you want to treat the data as ktalkd log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B ktalkd_tmp_t
-+.EE
-+
-+- Set files with the ktalkd_tmp_t type, if you want to store ktalkd temporary files in the /tmp directories.
++The following file types are defined for httpd_helper:
+
+
+.EX
+.PP
-+.B ktalkd_var_run_t
++.B httpd_helper_exec_t
+.EE
+
-+- Set files with the ktalkd_var_run_t type, if you want to store the ktalkd files under the /run directory.
++- Set files with the httpd_helper_exec_t type, if you want to transition an executable to the httpd_helper_t domain.
+
+
+.PP
@@ -25756,47 +30793,28 @@ index 0000000..c5dca5b
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ktalkd:
-+
-+.EX
-+.TP 5
-+.B ktalkd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 517,518
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
++SELinux httpd_helper policy is very flexible allowing users to setup their httpd_helper processes in as secure a method as possible.
+.PP
-+The following process types are defined for ktalkd:
++The following process types are defined for httpd_helper:
+
+.EX
-+.B ktalkd_t
++.B httpd_helper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25807,30 +30825,29 @@ index 0000000..c5dca5b
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/l2tpd_selinux.8 b/man/man8/l2tpd_selinux.8
++selinux(8), httpd_helper(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_man2html_script_selinux.8 b/man/man8/httpd_man2html_script_selinux.8
new file mode 100644
-index 0000000..e87fd5d
+index 0000000..28ffb0d
--- /dev/null
-+++ b/man/man8/l2tpd_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "l2tpd_selinux" "8" "l2tpd" "dwalsh at redhat.com" "l2tpd SELinux Policy documentation"
++++ b/man/man8/httpd_man2html_script_selinux.8
+@@ -0,0 +1,100 @@
++.TH "httpd_man2html_script_selinux" "8" "httpd_man2html_script" "dwalsh at redhat.com" "httpd_man2html_script SELinux Policy documentation"
+.SH "NAME"
-+l2tpd_selinux \- Security Enhanced Linux Policy for the l2tpd processes
++httpd_man2html_script_selinux \- Security Enhanced Linux Policy for the httpd_man2html_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the l2tpd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_man2html_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -25841,54 +30858,30 @@ index 0000000..e87fd5d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
++SELinux httpd_man2html_script policy is very flexible allowing users to setup their httpd_man2html_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for l2tpd:
-+
-+
-+.EX
-+.PP
-+.B l2tpd_exec_t
-+.EE
++The following file types are defined for httpd_man2html_script:
+
-+- Set files with the l2tpd_exec_t type, if you want to transition an executable to the l2tpd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/xl2tpd, /usr/sbin/prol2tpd, /usr/sbin/openl2tpd
-+
-+.EX
-+.PP
-+.B l2tpd_initrc_exec_t
-+.EE
-+
-+- Set files with the l2tpd_initrc_exec_t type, if you want to transition an executable to the l2tpd_initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/prol2tpd, /etc/rc\.d/init\.d/openl2tpd, /etc/rc\.d/init\.d/xl2tpd
+
+.EX
+.PP
-+.B l2tpd_tmp_t
++.B httpd_man2html_script_cache_t
+.EE
+
-+- Set files with the l2tpd_tmp_t type, if you want to store l2tpd temporary files in the /tmp directories.
++- Set files with the httpd_man2html_script_cache_t type, if you want to store the files under the /var/cache directory.
+
+
+.EX
+.PP
-+.B l2tpd_var_run_t
++.B httpd_man2html_script_exec_t
+.EE
+
-+- Set files with the l2tpd_var_run_t type, if you want to store the l2tpd files under the /run directory.
++- Set files with the httpd_man2html_script_exec_t type, if you want to transition an executable to the httpd_man2html_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/prol2tpd(/.*)?, /var/run/prol2tpd\.pid, /var/run/prol2tpd\.ctl, /var/run/xl2tpd\.pid, /var/run/openl2tpd\.pid, /var/run/xl2tpd(/.*)?
++/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25897,49 +30890,38 @@ index 0000000..e87fd5d
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for l2tpd:
-+
-+.EX
-+.TP 5
-+.B l2tp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1701
-+.EE
-+udp 1701
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
++SELinux httpd_man2html_script policy is very flexible allowing users to setup their httpd_man2html_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for l2tpd:
++The following process types are defined for httpd_man2html_script:
+
+.EX
-+.B l2tpd_t
++.B httpd_man2html_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_man2html_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_man2html_rw_content_t
++
++
++.br
++.B httpd_man2html_script_cache_t
++
++ /var/cache/man2html(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -25950,30 +30932,29 @@ index 0000000..e87fd5d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ldconfig_selinux.8 b/man/man8/ldconfig_selinux.8
++selinux(8), httpd_man2html_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_mediawiki_script_selinux.8 b/man/man8/httpd_mediawiki_script_selinux.8
new file mode 100644
-index 0000000..67c928e
+index 0000000..8196eca
--- /dev/null
-+++ b/man/man8/ldconfig_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "ldconfig_selinux" "8" "ldconfig" "dwalsh at redhat.com" "ldconfig SELinux Policy documentation"
++++ b/man/man8/httpd_mediawiki_script_selinux.8
+@@ -0,0 +1,88 @@
++.TH "httpd_mediawiki_script_selinux" "8" "httpd_mediawiki_script" "dwalsh at redhat.com" "httpd_mediawiki_script SELinux Policy documentation"
+.SH "NAME"
-+ldconfig_selinux \- Security Enhanced Linux Policy for the ldconfig processes
++httpd_mediawiki_script_selinux \- Security Enhanced Linux Policy for the httpd_mediawiki_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ldconfig processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_mediawiki_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -25984,38 +30965,22 @@ index 0000000..67c928e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ldconfig policy is very flexible allowing users to setup their ldconfig processes in as secure a method as possible.
++SELinux httpd_mediawiki_script policy is very flexible allowing users to setup their httpd_mediawiki_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for ldconfig:
-+
-+
-+.EX
-+.PP
-+.B ldconfig_cache_t
-+.EE
-+
-+- Set files with the ldconfig_cache_t type, if you want to store the files under the /var/cache directory.
++The following file types are defined for httpd_mediawiki_script:
+
+
+.EX
+.PP
-+.B ldconfig_exec_t
++.B httpd_mediawiki_script_exec_t
+.EE
+
-+- Set files with the ldconfig_exec_t type, if you want to transition an executable to the ldconfig_t domain.
++- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/ldconfig, /sbin/ldconfig
-+
-+.EX
-+.PP
-+.B ldconfig_tmp_t
-+.EE
-+
-+- Set files with the ldconfig_tmp_t type, if you want to store ldconfig temporary files in the /tmp directories.
-+
++/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26030,18 +30995,28 @@ index 0000000..67c928e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ldconfig policy is very flexible allowing users to setup their ldconfig processes in as secure a method as possible.
++SELinux httpd_mediawiki_script policy is very flexible allowing users to setup their httpd_mediawiki_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for ldconfig:
++The following process types are defined for httpd_mediawiki_script:
+
+.EX
-+.B ldconfig_t
++.B httpd_mediawiki_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_mediawiki_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_mediawiki_rw_content_t
++
++ /var/www/wiki(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26057,133 +31032,140 @@ index 0000000..67c928e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/libra_selinux.8 b/man/man8/libra_selinux.8
++selinux(8), httpd_mediawiki_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_mojomojo_script_selinux.8 b/man/man8/httpd_mojomojo_script_selinux.8
new file mode 100644
-index 0000000..cef3619
+index 0000000..bdeab45
--- /dev/null
-+++ b/man/man8/libra_selinux.8
-@@ -0,0 +1,185 @@
-+.TH "libra_selinux" "8" "libra" "dwalsh at redhat.com" "libra SELinux Policy documentation"
++++ b/man/man8/httpd_mojomojo_script_selinux.8
+@@ -0,0 +1,88 @@
++.TH "httpd_mojomojo_script_selinux" "8" "httpd_mojomojo_script" "dwalsh at redhat.com" "httpd_mojomojo_script SELinux Policy documentation"
+.SH "NAME"
-+libra_selinux \- Security Enhanced Linux Policy for the libra processes
++httpd_mojomojo_script_selinux \- Security Enhanced Linux Policy for the httpd_mojomojo_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the libra processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_mojomojo_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the libra_t, libra_mail_t, libra_net_t, libra_min_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the libra_t, libra_mail_t, libra_net_t, libra_min_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux libra policy is very flexible allowing users to setup their libra processes in as secure a method as possible.
++SELinux httpd_mojomojo_script policy is very flexible allowing users to setup their httpd_mojomojo_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for libra:
++The following file types are defined for httpd_mojomojo_script:
+
+
+.EX
+.PP
-+.B libra_cgroup_read_exec_t
++.B httpd_mojomojo_script_exec_t
+.EE
+
-+- Set files with the libra_cgroup_read_exec_t type, if you want to transition an executable to the libra_cgroup_read_t domain.
++- Set files with the httpd_mojomojo_script_exec_t type, if you want to transition an executable to the httpd_mojomojo_script_t domain.
+
+
-+.EX
+.PP
-+.B libra_initrc_exec_t
-+.EE
-+
-+- Set files with the libra_initrc_exec_t type, if you want to transition an executable to the libra_initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/rhc-restorer, /etc/rc\.d/init\.d/mcollective, /etc/rc\.d/init\.d/libra
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B libra_initrc_tmp_t
-+.EE
-+
-+- Set files with the libra_initrc_tmp_t type, if you want to store libra initrc temporary files in the /tmp directories.
-+
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B libra_log_t
-+.EE
-+
-+- Set files with the libra_log_t type, if you want to treat the data as libra log data, usually stored under the /var/log directory.
-+
++Policy governs the access confined processes have to files.
++SELinux httpd_mojomojo_script policy is very flexible allowing users to setup their httpd_mojomojo_script processes in as secure a method as possible.
++.PP
++The following process types are defined for httpd_mojomojo_script:
+
+.EX
-+.PP
-+.B libra_mail_tmp_t
++.B httpd_mojomojo_script_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the libra_mail_tmp_t type, if you want to store libra mail temporary files in the /tmp directories.
++.SH "MANAGED FILES"
+
++The SELinux user type httpd_mojomojo_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B libra_private_file_t
-+.EE
++.br
++.B httpd_mojomojo_rw_content_t
+
-+- Set files with the libra_private_file_t type, if you want to treat the files as libra private content.
++ /var/lib/mojomojo(/.*)?
++.br
+
++.br
++.B httpd_mojomojo_tmp_t
+
-+.EX
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B libra_rw_file_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the libra_rw_file_t type, if you want to treat the files as libra rw content.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B libra_tmp_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), httpd_mojomojo_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_munin_script_selinux.8 b/man/man8/httpd_munin_script_selinux.8
+new file mode 100644
+index 0000000..9e0ce07
+--- /dev/null
++++ b/man/man8/httpd_munin_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_munin_script_selinux" "8" "httpd_munin_script" "dwalsh at redhat.com" "httpd_munin_script SELinux Policy documentation"
++.SH "NAME"
++httpd_munin_script_selinux \- Security Enhanced Linux Policy for the httpd_munin_script processes
++.SH "DESCRIPTION"
+
-+- Set files with the libra_tmp_t type, if you want to store libra temporary files in the /tmp directories.
++Security-Enhanced Linux secures the httpd_munin_script processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B libra_var_lib_t
-+.EE
-+
-+- Set files with the libra_var_lib_t type, if you want to store the libra files under the /var/lib directory.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux httpd_munin_script policy is very flexible allowing users to setup their httpd_munin_script processes in as secure a method as possible.
++.PP
++The following file types are defined for httpd_munin_script:
+
+
+.EX
+.PP
-+.B libra_var_run_t
++.B httpd_munin_script_exec_t
+.EE
+
-+- Set files with the libra_var_run_t type, if you want to store the libra files under the /run directory.
++- Set files with the httpd_munin_script_exec_t type, if you want to transition an executable to the httpd_munin_script_t domain.
+
+
+.PP
@@ -26193,43 +31175,32 @@ index 0000000..cef3619
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux libra policy is very flexible allowing users to setup their libra processes in as secure a method as possible.
-+.PP
-+The following port types are defined for libra:
-+
-+.EX
-+.TP 5
-+.B libra_port_t
-+.TP 10
-+.EE
-+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux libra policy is very flexible allowing users to setup their libra processes in as secure a method as possible.
++SELinux httpd_munin_script policy is very flexible allowing users to setup their httpd_munin_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for libra:
++The following process types are defined for httpd_munin_script:
+
+.EX
-+.B libra_t, libra_initrc_t, libra_mail_t, libra_net_app_t, libra_min_app_t, libra_app_t, libra_min_t, libra_net_t, libra_cgroup_read_t
++.B httpd_munin_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_munin_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_munin_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26240,30 +31211,29 @@ index 0000000..cef3619
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), libra(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lircd_selinux.8 b/man/man8/lircd_selinux.8
++selinux(8), httpd_munin_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_nagios_script_selinux.8 b/man/man8/httpd_nagios_script_selinux.8
new file mode 100644
-index 0000000..630fc83
+index 0000000..d628d37
--- /dev/null
-+++ b/man/man8/lircd_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "lircd_selinux" "8" "lircd" "dwalsh at redhat.com" "lircd SELinux Policy documentation"
++++ b/man/man8/httpd_nagios_script_selinux.8
+@@ -0,0 +1,86 @@
++.TH "httpd_nagios_script_selinux" "8" "httpd_nagios_script" "dwalsh at redhat.com" "httpd_nagios_script SELinux Policy documentation"
+.SH "NAME"
-+lircd_selinux \- Security Enhanced Linux Policy for the lircd processes
++httpd_nagios_script_selinux \- Security Enhanced Linux Policy for the httpd_nagios_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lircd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_nagios_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -26274,50 +31244,22 @@ index 0000000..630fc83
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
++SELinux httpd_nagios_script policy is very flexible allowing users to setup their httpd_nagios_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for lircd:
-+
-+
-+.EX
-+.PP
-+.B lircd_etc_t
-+.EE
-+
-+- Set files with the lircd_etc_t type, if you want to store lircd files in the /etc directories.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/lircd\.conf, /etc/lirc(/.*)?
-+
-+.EX
-+.PP
-+.B lircd_exec_t
-+.EE
-+
-+- Set files with the lircd_exec_t type, if you want to transition an executable to the lircd_t domain.
-+
-+
-+.EX
-+.PP
-+.B lircd_initrc_exec_t
-+.EE
-+
-+- Set files with the lircd_initrc_exec_t type, if you want to transition an executable to the lircd_initrc_t domain.
++The following file types are defined for httpd_nagios_script:
+
+
+.EX
+.PP
-+.B lircd_var_run_t
++.B httpd_nagios_script_exec_t
+.EE
+
-+- Set files with the lircd_var_run_t type, if you want to store the lircd files under the /run directory.
++- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/lirc(/.*)?, /var/run/lircd(/.*)?, /var/run/lircd\.pid
++/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26326,46 +31268,31 @@ index 0000000..630fc83
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
++Policy governs the access confined processes have to files.
++SELinux httpd_nagios_script policy is very flexible allowing users to setup their httpd_nagios_script processes in as secure a method as possible.
+.PP
-+The following port types are defined for lircd:
++The following process types are defined for httpd_nagios_script:
+
+.EX
-+.TP 5
-+.B lirc_port_t
-+.TP 10
++.B httpd_nagios_script_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+Default Defined Ports:
-+tcp 8765
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lircd:
++The SELinux user type httpd_nagios_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_nagios_rw_content_t
+
-+.EX
-+.B lircd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -26377,30 +31304,29 @@ index 0000000..630fc83
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/livecd_selinux.8 b/man/man8/livecd_selinux.8
++selinux(8), httpd_nagios_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_nutups_cgi_script_selinux.8 b/man/man8/httpd_nutups_cgi_script_selinux.8
new file mode 100644
-index 0000000..6e7333b
+index 0000000..db3d43e
--- /dev/null
-+++ b/man/man8/livecd_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "livecd_selinux" "8" "livecd" "dwalsh at redhat.com" "livecd SELinux Policy documentation"
++++ b/man/man8/httpd_nutups_cgi_script_selinux.8
+@@ -0,0 +1,86 @@
++.TH "httpd_nutups_cgi_script_selinux" "8" "httpd_nutups_cgi_script" "dwalsh at redhat.com" "httpd_nutups_cgi_script SELinux Policy documentation"
+.SH "NAME"
-+livecd_selinux \- Security Enhanced Linux Policy for the livecd processes
++httpd_nutups_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_nutups_cgi_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the livecd processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_nutups_cgi_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -26411,26 +31337,22 @@ index 0000000..6e7333b
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux livecd policy is very flexible allowing users to setup their livecd processes in as secure a method as possible.
++SELinux httpd_nutups_cgi_script policy is very flexible allowing users to setup their httpd_nutups_cgi_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for livecd:
-+
-+
-+.EX
-+.PP
-+.B livecd_exec_t
-+.EE
-+
-+- Set files with the livecd_exec_t type, if you want to transition an executable to the livecd_t domain.
++The following file types are defined for httpd_nutups_cgi_script:
+
+
+.EX
+.PP
-+.B livecd_tmp_t
++.B httpd_nutups_cgi_script_exec_t
+.EE
+
-+- Set files with the livecd_tmp_t type, if you want to store livecd temporary files in the /tmp directories.
++- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain.
+
++.br
++.TP 5
++Paths:
++/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26445,18 +31367,26 @@ index 0000000..6e7333b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux livecd policy is very flexible allowing users to setup their livecd processes in as secure a method as possible.
++SELinux httpd_nutups_cgi_script policy is very flexible allowing users to setup their httpd_nutups_cgi_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for livecd:
++The following process types are defined for httpd_nutups_cgi_script:
+
+.EX
-+.B livecd_t
++.B httpd_nutups_cgi_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_nutups_cgi_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_nutups_cgi_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26472,22 +31402,24 @@ index 0000000..6e7333b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lldpad_selinux.8 b/man/man8/lldpad_selinux.8
++selinux(8), httpd_nutups_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_openshift_script_selinux.8 b/man/man8/httpd_openshift_script_selinux.8
new file mode 100644
-index 0000000..748b532
+index 0000000..6330401
--- /dev/null
-+++ b/man/man8/lldpad_selinux.8
-@@ -0,0 +1,105 @@
-+.TH "lldpad_selinux" "8" "lldpad" "dwalsh at redhat.com" "lldpad SELinux Policy documentation"
++++ b/man/man8/httpd_openshift_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_openshift_script_selinux" "8" "httpd_openshift_script" "dwalsh at redhat.com" "httpd_openshift_script SELinux Policy documentation"
+.SH "NAME"
-+lldpad_selinux \- Security Enhanced Linux Policy for the lldpad processes
++httpd_openshift_script_selinux \- Security Enhanced Linux Policy for the httpd_openshift_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lldpad processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_openshift_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -26498,49 +31430,17 @@ index 0000000..748b532
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux lldpad policy is very flexible allowing users to setup their lldpad processes in as secure a method as possible.
++SELinux httpd_openshift_script policy is very flexible allowing users to setup their httpd_openshift_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for lldpad:
-+
-+
-+.EX
-+.PP
-+.B lldpad_exec_t
-+.EE
-+
-+- Set files with the lldpad_exec_t type, if you want to transition an executable to the lldpad_t domain.
-+
-+
-+.EX
-+.PP
-+.B lldpad_initrc_exec_t
-+.EE
-+
-+- Set files with the lldpad_initrc_exec_t type, if you want to transition an executable to the lldpad_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B lldpad_tmpfs_t
-+.EE
-+
-+- Set files with the lldpad_tmpfs_t type, if you want to store lldpad files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B lldpad_var_lib_t
-+.EE
-+
-+- Set files with the lldpad_var_lib_t type, if you want to store the lldpad files under the /var/lib directory.
++The following file types are defined for httpd_openshift_script:
+
+
+.EX
+.PP
-+.B lldpad_var_run_t
++.B httpd_openshift_script_exec_t
+.EE
+
-+- Set files with the lldpad_var_run_t type, if you want to store the lldpad files under the /run directory.
++- Set files with the httpd_openshift_script_exec_t type, if you want to transition an executable to the httpd_openshift_script_t domain.
+
+
+.PP
@@ -26556,18 +31456,26 @@ index 0000000..748b532
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux lldpad policy is very flexible allowing users to setup their lldpad processes in as secure a method as possible.
++SELinux httpd_openshift_script policy is very flexible allowing users to setup their httpd_openshift_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for lldpad:
++The following process types are defined for httpd_openshift_script:
+
+.EX
-+.B lldpad_t
++.B httpd_openshift_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_openshift_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_openshift_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26583,85 +31491,60 @@ index 0000000..748b532
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/load_selinux.8 b/man/man8/load_selinux.8
++selinux(8), httpd_openshift_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_passwd_selinux.8 b/man/man8/httpd_passwd_selinux.8
new file mode 100644
-index 0000000..119294b
+index 0000000..e666549
--- /dev/null
-+++ b/man/man8/load_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "load_selinux" "8" "load" "dwalsh at redhat.com" "load SELinux Policy documentation"
++++ b/man/man8/httpd_passwd_selinux.8
+@@ -0,0 +1,100 @@
++.TH "httpd_passwd_selinux" "8" "httpd_passwd" "dwalsh at redhat.com" "httpd_passwd SELinux Policy documentation"
+.SH "NAME"
-+load_selinux \- Security Enhanced Linux Policy for the load processes
++httpd_passwd_selinux \- Security Enhanced Linux Policy for the httpd_passwd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the load processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_passwd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. load policy is extremely flexible and has several booleans that allow you to manipulate the policy and run load with the tightest access possible.
-+
-+
-+.PP
-+If you want to boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back, you must turn on the secure_mode_policyload boolean.
-+
-+.EX
-+.B setsebool -P secure_mode_policyload 1
-+.EE
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_passwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P xdm_exec_bootloader 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean.
++If you want to allow confined applications to run with kerberos for the httpd_passwd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P domain_kernel_load_modules 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux load policy is very flexible allowing users to setup their load processes in as secure a method as possible.
++SELinux httpd_passwd policy is very flexible allowing users to setup their httpd_passwd processes in as secure a method as possible.
+.PP
-+The following file types are defined for load:
-+
-+
-+.EX
-+.PP
-+.B load_policy_exec_t
-+.EE
-+
-+- Set files with the load_policy_exec_t type, if you want to transition an executable to the load_policy_t domain.
++The following file types are defined for httpd_passwd:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/load_policy, /sbin/load_policy
+
+.EX
+.PP
-+.B loadkeys_exec_t
++.B httpd_passwd_exec_t
+.EE
+
-+- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain.
++- Set files with the httpd_passwd_exec_t type, if you want to transition an executable to the httpd_passwd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/unikeys, /usr/bin/loadkeys
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26676,18 +31559,30 @@ index 0000000..119294b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux load policy is very flexible allowing users to setup their load processes in as secure a method as possible.
++SELinux httpd_passwd policy is very flexible allowing users to setup their httpd_passwd processes in as secure a method as possible.
+.PP
-+The following process types are defined for load:
++The following process types are defined for httpd_passwd:
+
+.EX
-+.B loadkeys_t, load_policy_t
++.B httpd_passwd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_passwd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26698,58 +31593,73 @@ index 0000000..119294b
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), load(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), httpd_passwd(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/loadkeys_selinux.8 b/man/man8/loadkeys_selinux.8
+diff --git a/man/man8/httpd_php_selinux.8 b/man/man8/httpd_php_selinux.8
new file mode 100644
-index 0000000..488849f
+index 0000000..8af1f84
--- /dev/null
-+++ b/man/man8/loadkeys_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "loadkeys_selinux" "8" "loadkeys" "dwalsh at redhat.com" "loadkeys SELinux Policy documentation"
++++ b/man/man8/httpd_php_selinux.8
+@@ -0,0 +1,104 @@
++.TH "httpd_php_selinux" "8" "httpd_php" "dwalsh at redhat.com" "httpd_php SELinux Policy documentation"
+.SH "NAME"
-+loadkeys_selinux \- Security Enhanced Linux Policy for the loadkeys processes
++httpd_php_selinux \- Security Enhanced Linux Policy for the httpd_php processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the loadkeys processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_php processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_php_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the httpd_php_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux loadkeys policy is very flexible allowing users to setup their loadkeys processes in as secure a method as possible.
++SELinux httpd_php policy is very flexible allowing users to setup their httpd_php processes in as secure a method as possible.
+.PP
-+The following file types are defined for loadkeys:
++The following file types are defined for httpd_php:
+
+
+.EX
+.PP
-+.B loadkeys_exec_t
++.B httpd_php_exec_t
+.EE
+
-+- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain.
++- Set files with the httpd_php_exec_t type, if you want to transition an executable to the httpd_php_t domain.
++
++
++.EX
++.PP
++.B httpd_php_tmp_t
++.EE
++
++- Set files with the httpd_php_tmp_t type, if you want to store httpd php temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/unikeys, /usr/bin/loadkeys
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26764,18 +31674,26 @@ index 0000000..488849f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux loadkeys policy is very flexible allowing users to setup their loadkeys processes in as secure a method as possible.
++SELinux httpd_php policy is very flexible allowing users to setup their httpd_php processes in as secure a method as possible.
+.PP
-+The following process types are defined for loadkeys:
++The following process types are defined for httpd_php:
+
+.EX
-+.B loadkeys_t
++.B httpd_php_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_php_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_php_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26791,38 +31709,40 @@ index 0000000..488849f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/locate_selinux.8 b/man/man8/locate_selinux.8
++selinux(8), httpd_php(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_prewikka_script_selinux.8 b/man/man8/httpd_prewikka_script_selinux.8
new file mode 100644
-index 0000000..ac8776b
+index 0000000..513a6e8
--- /dev/null
-+++ b/man/man8/locate_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "locate_selinux" "8" "locate" "dwalsh at redhat.com" "locate SELinux Policy documentation"
++++ b/man/man8/httpd_prewikka_script_selinux.8
+@@ -0,0 +1,96 @@
++.TH "httpd_prewikka_script_selinux" "8" "httpd_prewikka_script" "dwalsh at redhat.com" "httpd_prewikka_script SELinux Policy documentation"
+.SH "NAME"
-+locate_selinux \- Security Enhanced Linux Policy for the locate processes
++httpd_prewikka_script_selinux \- Security Enhanced Linux Policy for the httpd_prewikka_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the locate processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_prewikka_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the locate_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_prewikka_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the locate_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the httpd_prewikka_script_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -26831,33 +31751,17 @@ index 0000000..ac8776b
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux locate policy is very flexible allowing users to setup their locate processes in as secure a method as possible.
++SELinux httpd_prewikka_script policy is very flexible allowing users to setup their httpd_prewikka_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for locate:
-+
-+
-+.EX
-+.PP
-+.B locate_exec_t
-+.EE
-+
-+- Set files with the locate_exec_t type, if you want to transition an executable to the locate_t domain.
-+
-+
-+.EX
-+.PP
-+.B locate_log_t
-+.EE
-+
-+- Set files with the locate_log_t type, if you want to treat the data as locate log data, usually stored under the /var/log directory.
++The following file types are defined for httpd_prewikka_script:
+
+
+.EX
+.PP
-+.B locate_var_lib_t
++.B httpd_prewikka_script_exec_t
+.EE
+
-+- Set files with the locate_var_lib_t type, if you want to store the locate files under the /var/lib directory.
++- Set files with the httpd_prewikka_script_exec_t type, if you want to transition an executable to the httpd_prewikka_script_t domain.
+
+
+.PP
@@ -26873,18 +31777,26 @@ index 0000000..ac8776b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux locate policy is very flexible allowing users to setup their locate processes in as secure a method as possible.
++SELinux httpd_prewikka_script policy is very flexible allowing users to setup their httpd_prewikka_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for locate:
++The following process types are defined for httpd_prewikka_script:
+
+.EX
-+.B locate_t
++.B httpd_prewikka_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_prewikka_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_prewikka_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26900,22 +31812,24 @@ index 0000000..ac8776b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), locate(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lockdev_selinux.8 b/man/man8/lockdev_selinux.8
++selinux(8), httpd_prewikka_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_rotatelogs_selinux.8 b/man/man8/httpd_rotatelogs_selinux.8
new file mode 100644
-index 0000000..ad0ae47
+index 0000000..fa3fa7c
--- /dev/null
-+++ b/man/man8/lockdev_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "lockdev_selinux" "8" "lockdev" "dwalsh at redhat.com" "lockdev SELinux Policy documentation"
++++ b/man/man8/httpd_rotatelogs_selinux.8
+@@ -0,0 +1,106 @@
++.TH "httpd_rotatelogs_selinux" "8" "httpd_rotatelogs" "dwalsh at redhat.com" "httpd_rotatelogs SELinux Policy documentation"
+.SH "NAME"
-+lockdev_selinux \- Security Enhanced Linux Policy for the lockdev processes
++httpd_rotatelogs_selinux \- Security Enhanced Linux Policy for the httpd_rotatelogs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lockdev processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_rotatelogs processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -26926,25 +31840,17 @@ index 0000000..ad0ae47
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux lockdev policy is very flexible allowing users to setup their lockdev processes in as secure a method as possible.
++SELinux httpd_rotatelogs policy is very flexible allowing users to setup their httpd_rotatelogs processes in as secure a method as possible.
+.PP
-+The following file types are defined for lockdev:
-+
-+
-+.EX
-+.PP
-+.B lockdev_exec_t
-+.EE
-+
-+- Set files with the lockdev_exec_t type, if you want to transition an executable to the lockdev_t domain.
++The following file types are defined for httpd_rotatelogs:
+
+
+.EX
+.PP
-+.B lockdev_lock_t
++.B httpd_rotatelogs_exec_t
+.EE
+
-+- Set files with the lockdev_lock_t type, if you want to treat the files as lockdev lock data, stored under the /var/lock directory
++- Set files with the httpd_rotatelogs_exec_t type, if you want to transition an executable to the httpd_rotatelogs_t domain.
+
+
+.PP
@@ -26960,18 +31866,50 @@ index 0000000..ad0ae47
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux lockdev policy is very flexible allowing users to setup their lockdev processes in as secure a method as possible.
++SELinux httpd_rotatelogs policy is very flexible allowing users to setup their httpd_rotatelogs processes in as secure a method as possible.
+.PP
-+The following process types are defined for lockdev:
++The following process types are defined for httpd_rotatelogs:
+
+.EX
-+.B lockdev_t
++.B httpd_rotatelogs_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_rotatelogs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_log_t
++
++ /var/www(/.*)?/logs(/.*)?
++.br
++ /var/log/cacti(/.*)?
++.br
++ /var/log/httpd(/.*)?
++.br
++ /var/log/apache(2)?(/.*)?
++.br
++ /var/log/cherokee(/.*)?
++.br
++ /var/log/lighttpd(/.*)?
++.br
++ /var/log/suphp\.log.*
++.br
++ /var/log/apache-ssl(2)?(/.*)?
++.br
++ /var/log/cgiwrap\.log.*
++.br
++ /var/log/roundcubemail(/.*)?
++.br
++ /var/log/dirsrv/admin-serv(/.*)?
++.br
++ /etc/httpd/logs
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -26987,1803 +31925,1607 @@ index 0000000..ad0ae47
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/logadm_selinux.8 b/man/man8/logadm_selinux.8
-new file mode 100644
-index 0000000..0edd73f
---- /dev/null
-+++ b/man/man8/logadm_selinux.8
-@@ -0,0 +1,65 @@
-+.TH "logadm_selinux" "8" "logadm" "mgrepl at redhat.com" "logadm SELinux Policy documentation"
-+.SH "NAME"
-+logadm_r \- \fBLog administrator role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
++selinux(8), httpd_rotatelogs(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
+index 16e8b13..3e3056c 100644
+--- a/man/man8/httpd_selinux.8
++++ b/man/man8/httpd_selinux.8
+@@ -1,120 +1,1969 @@
+-.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
+-.de EX
+-.nf
+-.ft CW
+-..
+-.de EE
+-.ft R
+-.fi
+-..
++.TH "httpd_selinux" "8" "httpd" "dwalsh at redhat.com" "httpd SELinux Policy documentation"
+ .SH "NAME"
+-httpd_selinux \- Security Enhanced Linux Policy for the httpd daemon
++httpd_selinux \- Security Enhanced Linux Policy for the httpd processes
+ .SH "DESCRIPTION"
+
+-Security-Enhanced Linux secures the httpd server via flexible mandatory access
++Security-Enhanced Linux secures the httpd processes via flexible mandatory access
+ control.
+-.SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type.
+-Policy governs the access daemons have to these files.
+-SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
+-.PP
+-The following file contexts types are defined for httpd:
+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
+
-+Note: The examples in the man page will user the staff_u user.
+
-+Non login roles are usually used for administrative tasks.
++.PP
++If you want to allow httpd to act as a relay, you must turn on the httpd_can_network_relay boolean.
+
-+Roles usually have default types assigned to them.
++.EX
++.B setsebool -P httpd_can_network_relay 1
++.EE
+
-+The default type for the logadm_r role is logadm_t.
++.PP
++If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
++.EX
++.B setsebool -P httpd_use_oddjob 1
++.EE
+
-+.B newrole -r logadm_r -t logadm_t
++.PP
++If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean.
+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
++.EX
++.B setsebool -P httpd_can_network_connect_db 1
++.EE
+
-+USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
++.PP
++If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++.EX
++.B setsebool -P httpd_use_gpg 1
++.EE
+
-+You can see all of the assigned SELinux roles using the following
++.PP
++If you want to allow httpd cgi support, you must turn on the httpd_enable_cgi boolean.
+
-+.B semanage user -l
++.EX
++.B setsebool -P httpd_enable_cgi 1
++.EE
+
-+If you wanted to add logadm_r to the staff_u user, you would execute:
++.PP
++If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean.
+
-+.B $ semanage user -m -R 'staff_r logadm_r' staff_u
++.EX
++.B setsebool -P httpd_use_cifs 1
++.EE
+
++.PP
++If you want to allow httpd processes to manage IPA content, you must turn on the httpd_manage_ipa boolean.
+
++.EX
++.B setsebool -P httpd_manage_ipa 1
++.EE
+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
++.PP
++If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
+
-+.B sesearch --role_allow
++.EX
++.B setsebool -P httpd_run_stickshift 1
++.EE
+
-+SELinux policy allows the staff_r role can transition to the logadm_r role.
++.PP
++If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean.
+
++.EX
++.B setsebool -P httpd_enable_homedirs 1
++.EE
+
-+.SH "COMMANDS"
++.PP
++If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
++.EX
++.B setsebool -P httpd_dbus_avahi 1
++.EE
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.PP
++If you want to unify HTTPD handling of all content files, you must turn on the httpd_unified boolean.
+
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.EX
++.B setsebool -P httpd_unified 1
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++.PP
++If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
+
-+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/logrotate_selinux.8 b/man/man8/logrotate_selinux.8
-new file mode 100644
-index 0000000..caaa89d
---- /dev/null
-+++ b/man/man8/logrotate_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "logrotate_selinux" "8" "logrotate" "dwalsh at redhat.com" "logrotate SELinux Policy documentation"
-+.SH "NAME"
-+logrotate_selinux \- Security Enhanced Linux Policy for the logrotate processes
-+.SH "DESCRIPTION"
++.EX
++.B setsebool -P httpd_mod_auth_pam 1
++.EE
+
-+Security-Enhanced Linux secures the logrotate processes via flexible mandatory access
-+control.
++.PP
++If you want to allow HTTPD scripts and modules to connect to the network using TCP, you must turn on the httpd_can_network_connect boolean.
+
-+.SH NSSWITCH DOMAIN
++.EX
++.B setsebool -P httpd_can_network_connect 1
++.EE
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the logrotate_t, logrotate_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow httpd scripts and modules execmem/execstack, you must turn on the httpd_execmem boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P httpd_execmem 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the logrotate_t, logrotate_mail_t, you must turn on the kerberos_enabled boolean.
++If you want to allow httpd to access FUSE file systems, you must turn on the httpd_use_fusefs boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P httpd_use_fusefs 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux logrotate policy is very flexible allowing users to setup their logrotate processes in as secure a method as possible.
-+.PP
-+The following file types are defined for logrotate:
-+
++If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
+
+.EX
-+.PP
-+.B logrotate_exec_t
++.B setsebool -P httpd_mod_auth_ntlm_winbind 1
+.EE
+
-+- Set files with the logrotate_exec_t type, if you want to transition an executable to the logrotate_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/logrotate, /etc/cron\.(daily|weekly)/sysklogd
++.PP
++If you want to unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal, you must turn on the httpd_tty_comm boolean.
+
+.EX
-+.PP
-+.B logrotate_lock_t
++.B setsebool -P httpd_tty_comm 1
+.EE
+
-+- Set files with the logrotate_lock_t type, if you want to treat the files as logrotate lock data, stored under the /var/lock directory
-+
++.PP
++If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
+
+.EX
-+.PP
-+.B logrotate_mail_tmp_t
++.B setsebool -P httpd_graceful_shutdown 1
+.EE
+
-+- Set files with the logrotate_mail_tmp_t type, if you want to store logrotate mail temporary files in the /tmp directories.
-+
++.PP
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
+
+.EX
-+.PP
-+.B logrotate_tmp_t
++.B setsebool -P httpd_can_connect_ftp 1
+.EE
+
-+- Set files with the logrotate_tmp_t type, if you want to store logrotate temporary files in the /tmp directories.
-+
++.PP
++If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
+
+.EX
-+.PP
-+.B logrotate_var_lib_t
++.B setsebool -P httpd_read_user_content 1
+.EE
+
-+- Set files with the logrotate_var_lib_t type, if you want to store the logrotate files under the /var/lib directory.
++.PP
++If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
+
++.EX
++.B setsebool -P httpd_use_nfs 1
++.EE
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
++
++.EX
++.B setsebool -P httpd_tmp_exec 1
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux logrotate policy is very flexible allowing users to setup their logrotate processes in as secure a method as possible.
-+.PP
-+The following process types are defined for logrotate:
++If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
+
+.EX
-+.B logrotate_t, logrotate_mail_t
++.B setsebool -P httpd_can_sendmail 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/logwatch_selinux.8 b/man/man8/logwatch_selinux.8
-new file mode 100644
-index 0000000..ee56475
---- /dev/null
-+++ b/man/man8/logwatch_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "logwatch_selinux" "8" "logwatch" "dwalsh at redhat.com" "logwatch SELinux Policy documentation"
-+.SH "NAME"
-+logwatch_selinux \- Security Enhanced Linux Policy for the logwatch processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the logwatch processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
++.EX
++.B setsebool -P httpd_builtin_scripting 1
++.EE
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the logwatch_mail_t, logwatch_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow httpd to connect to the ldap port, you must turn on the httpd_can_connect_ldap boolean.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
+ .EX
+-httpd_sys_content_t
+-.EE
+-- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access.
++.B setsebool -P httpd_can_connect_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the logwatch_mail_t, logwatch_t, you must turn on the kerberos_enabled boolean.
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P httpd_can_check_spam 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux logwatch policy is very flexible allowing users to setup their logwatch processes in as secure a method as possible.
-+.PP
-+The following file types are defined for logwatch:
-+
++If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
+
+.EX
-+.PP
-+.B logwatch_cache_t
++.B setsebool -P named_bind_http_port 1
+.EE
+
-+- Set files with the logwatch_cache_t type, if you want to store the files under the /var/cache directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/epylog(/.*)?, /var/lib/logcheck(/.*)?, /var/cache/logwatch(/.*)?
-+
-+.EX
+.PP
-+.B logwatch_exec_t
-+.EE
-+
-+- Set files with the logwatch_exec_t type, if you want to transition an executable to the logwatch_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/logcheck, /usr/sbin/epylog, /usr/share/logwatch/scripts/logwatch\.pl
++If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
+
+.EX
-+.PP
-+.B logwatch_lock_t
++.B setsebool -P httpd_can_network_memcache 1
+.EE
+
-+- Set files with the logwatch_lock_t type, if you want to treat the files as logwatch lock data, stored under the /var/lock directory
-+
-+
-+.EX
+.PP
-+.B logwatch_mail_tmp_t
-+.EE
-+
-+- Set files with the logwatch_mail_tmp_t type, if you want to store logwatch mail temporary files in the /tmp directories.
-+
++If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
+
+.EX
-+.PP
-+.B logwatch_tmp_t
++.B setsebool -P httpd_can_network_connect_cobbler 1
+.EE
+
-+- Set files with the logwatch_tmp_t type, if you want to store logwatch temporary files in the /tmp directories.
-+
++.PP
++If you want to allow HTTPD to run SSI executables in the same domain as system CGI scripts, you must turn on the httpd_ssi_exec boolean.
+
+.EX
-+.PP
-+.B logwatch_var_run_t
++.B setsebool -P httpd_ssi_exec 1
+.EE
+
-+- Set files with the logwatch_var_run_t type, if you want to store the logwatch files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux logwatch policy is very flexible allowing users to setup their logwatch processes in as secure a method as possible.
-+.PP
-+The following process types are defined for logwatch:
++If you want to allow httpd to access openstack ports, you must turn on the httpd_use_openstack boolean.
+
+.EX
-+.B logwatch_t, logwatch_mail_t
++.B setsebool -P httpd_use_openstack 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lpd_selinux.8 b/man/man8/lpd_selinux.8
-new file mode 100644
-index 0000000..45fa127
---- /dev/null
-+++ b/man/man8/lpd_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "lpd_selinux" "8" "lpd" "dwalsh at redhat.com" "lpd SELinux Policy documentation"
-+.SH "NAME"
-+lpd_selinux \- Security Enhanced Linux Policy for the lpd processes
-+.SH "DESCRIPTION"
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
+
-+Security-Enhanced Linux secures the lpd processes via flexible mandatory access
-+control.
+ .EX
+-httpd_sys_script_exec_t
+-.EE
+-- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
++.B setsebool -P httpd_enable_ftp_server 1
++.EE
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. lpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run lpd with the tightest access possible.
++.PP
++If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
+
+ .EX
+-httpd_sys_content_rw_t
++.B setsebool -P httpd_can_connect_zabbix 1
+ .EE
+-- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
+
+.PP
-+If you want to use lpd server instead of cups, you must turn on the use_lpd_server boolean.
++If you want to allow httpd daemon to change its resource limits, you must turn on the httpd_setrlimit boolean.
+
-+.EX
-+.B setsebool -P use_lpd_server 1
-+.EE
+ .EX
+-httpd_sys_content_ra_t
++.B setsebool -P httpd_setrlimit 1
+ .EE
+-- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the lpr_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_prewikka_script_t, httpd_passwd_t, httpd_t, httpd_php_t, httpd_git_script_t, httpd_suexec_t, httpd_sys_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
+ .EX
+-httpd_unconfined_script_exec_t
+-.EE
+-- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the lpr_t, you must turn on the kerberos_enabled boolean.
-+
++If you want to allow confined applications to run with kerberos for the httpd_prewikka_script_t, httpd_passwd_t, httpd_t, httpd_php_t, httpd_git_script_t, httpd_suexec_t, httpd_sys_script_t, you must turn on the kerberos_enabled boolean.
+
+-.SH NOTE
+-With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+ .SH SHARING FILES
+-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow httpd servers to read the /var/httpd directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/httpd(/.*)?"
++.br
++.B restorecon -F -R -v /var/httpd
++.pp
++.TP
++Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpdd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/httpd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/httpd/incoming
+
++
++.PP
++If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
+
+ .EX
+-setsebool -P allow_httpd_anon_write=1
++.B setsebool -P httpd_sys_script_anon_write 1
+ .EE
+
+-or
++.PP
++If you want to allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t., you must turn on the httpd_anon_write boolean.
+
+ .EX
+-setsebool -P allow_httpd_sys_script_anon_write=1
++.B setsebool -P httpd_anon_write 1
+ .EE
+
+-.SH BOOLEANS
+-SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux lpd policy is very flexible allowing users to setup their lpd processes in as secure a method as possible.
++SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for lpd:
++The following file types are defined for httpd:
+
+
+.EX
-+.PP
-+.B lpd_exec_t
+ .PP
+-httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
++.B httpd_apcupsd_cgi_content_t
+.EE
+
-+- Set files with the lpd_exec_t type, if you want to transition an executable to the lpd_t domain.
++- Set files with the httpd_apcupsd_cgi_content_t type, if you want to treat the files as httpd apcupsd cgi content.
+
+
+.EX
+.PP
-+.B lpd_tmp_t
++.B httpd_apcupsd_cgi_htaccess_t
+.EE
+
-+- Set files with the lpd_tmp_t type, if you want to store lpd temporary files in the /tmp directories.
++- Set files with the httpd_apcupsd_cgi_htaccess_t type, if you want to treat the file as a httpd apcupsd cgi access file.
+
+
+.EX
+.PP
-+.B lpd_var_run_t
++.B httpd_apcupsd_cgi_ra_content_t
+.EE
+
-+- Set files with the lpd_var_run_t type, if you want to store the lpd files under the /run directory.
++- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content.
++
+
+ .EX
+-setsebool -P httpd_enable_cgi 1
++.PP
++.B httpd_apcupsd_cgi_rw_content_t
+ .EE
+
++- Set files with the httpd_apcupsd_cgi_rw_content_t type, if you want to treat the files as httpd apcupsd cgi read/write content.
++
++
++.EX
+ .PP
+-SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
++.B httpd_apcupsd_cgi_script_exec_t
++.EE
++
++- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/spool/turboprint(/.*)?, /var/run/lprng(/.*)?
-+
++/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
+
+ .EX
+-setsebool -P httpd_enable_homedirs 1
+-chcon -R -t httpd_sys_content_t ~user/public_html
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B httpd_awstats_content_t
+ .EE
+
++- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lpd policy is very flexible allowing users to setup their lpd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lpd:
+
+.EX
-+.B lpd_t, lpr_t
+ .PP
+-SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
++.B httpd_awstats_htaccess_t
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file.
+
+
+ .EX
+-setsebool -P httpd_tty_comm 1
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.B httpd_awstats_ra_content_t
+ .EE
+
++- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content.
+
-+.SH "SEE ALSO"
-+selinux(8), lpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/lpr_selinux.8 b/man/man8/lpr_selinux.8
-new file mode 100644
-index 0000000..e2d3b05
---- /dev/null
-+++ b/man/man8/lpr_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "lpr_selinux" "8" "lpr" "dwalsh at redhat.com" "lpr SELinux Policy documentation"
-+.SH "NAME"
-+lpr_selinux \- Security Enhanced Linux Policy for the lpr processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lpr processes via flexible mandatory access
-+control.
++.EX
+ .PP
+-httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
++.B httpd_awstats_rw_content_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the httpd_awstats_rw_content_t type, if you want to treat the files as httpd awstats read/write content.
+
+
+ .EX
+-setsebool -P httpd_unified 0
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the lpr_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.B httpd_awstats_script_exec_t
+ .EE
+
++- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
+ .PP
+-SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean.
++.B httpd_bugzilla_content_t
++.EE
++
++- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content.
++
+
+ .EX
+-setsebool -P httpd_can_sendmail 1
+ .PP
+-httpd can be configured to turn off internal scripting (PHP). PHP and other
+-loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
++.B httpd_bugzilla_htaccess_t
+.EE
+
++- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file.
++
+
+ .EX
+-setsebool -P httpd_builtin_scripting 0
+.PP
-+If you want to allow confined applications to run with kerberos for the lpr_t, you must turn on the kerberos_enabled boolean.
++.B httpd_bugzilla_ra_content_t
+ .EE
+
++- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
+ .PP
+-SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
+-This would prevent a hacker from breaking into you httpd server and attacking
+-other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
++.B httpd_bugzilla_rw_content_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content.
++
+
+ .EX
+-setsebool -P httpd_can_network_connect 1
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lpr policy is very flexible allowing users to setup their lpr processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lpr:
++.B httpd_bugzilla_script_exec_t
+ .EE
+
++- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
+
+
+.EX
+ .PP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++.B httpd_bugzilla_tmp_t
++.EE
+
+-.SH "SEE ALSO"
+-selinux(8), httpd(8), chcon(1), setsebool(8)
++- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories.
+
+
++.EX
+.PP
-+.B lpr_exec_t
++.B httpd_cache_t
+.EE
+
-+- Set files with the lpr_exec_t type, if you want to transition an executable to the lpr_t domain.
++- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/accept, /opt/gutenprint/s?bin(/.*)?, /usr/bin/cancel(\.cups)?, /usr/bin/lp(\.cups)?, /usr/bin/lpstat(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/local/linuxprinter/bin/l?lpr, /usr/bin/lpoptions, /usr/bin/lpq(\.cups)?, /usr/sbin/lpadmin, /usr/sbin/lpinfo, /usr/bin/lpr(\.cups)?, /usr/sbin/lpmove, /usr/bin/lprm(\.cups)?
++/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)?
+
+.EX
+.PP
-+.B lpr_tmp_t
++.B httpd_cobbler_content_t
+.EE
+
-+- Set files with the lpr_tmp_t type, if you want to store lpr temporary files in the /tmp directories.
++- Set files with the httpd_cobbler_content_t type, if you want to treat the files as httpd cobbler content.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B httpd_cobbler_htaccess_t
++.EE
++
++- Set files with the httpd_cobbler_htaccess_t type, if you want to treat the file as a httpd cobbler access file.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lpr policy is very flexible allowing users to setup their lpr processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lpr:
+
+.EX
-+.B lpr_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B httpd_cobbler_ra_content_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++- Set files with the httpd_cobbler_ra_content_t type, if you want to treat the files as httpd cobbler read/append content.
+
++
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B httpd_cobbler_rw_content_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the httpd_cobbler_rw_content_t type, if you want to treat the files as httpd cobbler read/write content.
+
-+.SH "SEE ALSO"
-+selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lsassd_selinux.8 b/man/man8/lsassd_selinux.8
-new file mode 100644
-index 0000000..a2c5403
---- /dev/null
-+++ b/man/man8/lsassd_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "lsassd_selinux" "8" "lsassd" "dwalsh at redhat.com" "lsassd SELinux Policy documentation"
-+.SH "NAME"
-+lsassd_selinux \- Security Enhanced Linux Policy for the lsassd processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lsassd processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B httpd_cobbler_script_exec_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lsassd policy is very flexible allowing users to setup their lsassd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lsassd:
++.B httpd_collectd_content_t
++.EE
++
++- Set files with the httpd_collectd_content_t type, if you want to treat the files as httpd collectd content.
+
+
+.EX
+.PP
-+.B lsassd_exec_t
++.B httpd_collectd_htaccess_t
+.EE
+
-+- Set files with the lsassd_exec_t type, if you want to transition an executable to the lsassd_t domain.
++- Set files with the httpd_collectd_htaccess_t type, if you want to treat the file as a httpd collectd access file.
+
+
+.EX
+.PP
-+.B lsassd_tmp_t
++.B httpd_collectd_ra_content_t
+.EE
+
-+- Set files with the lsassd_tmp_t type, if you want to store lsassd temporary files in the /tmp directories.
++- Set files with the httpd_collectd_ra_content_t type, if you want to treat the files as httpd collectd read/append content.
+
+
+.EX
+.PP
-+.B lsassd_var_lib_t
++.B httpd_collectd_rw_content_t
+.EE
+
-+- Set files with the lsassd_var_lib_t type, if you want to store the lsassd files under the /var/lib directory.
++- Set files with the httpd_collectd_rw_content_t type, if you want to treat the files as httpd collectd read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/krb5ccr_lsass, /var/lib/likewise-open/db/lsass-adstate\.filedb, /var/lib/likewise-open/lsasd\.err, /var/lib/likewise-open/db/lsass-adcache\.db, /var/lib/likewise-open/db/sam\.db
+
+.EX
+.PP
-+.B lsassd_var_run_t
++.B httpd_collectd_script_exec_t
+.EE
+
-+- Set files with the lsassd_var_run_t type, if you want to store the lsassd files under the /run directory.
++- Set files with the httpd_collectd_script_exec_t type, if you want to transition an executable to the httpd_collectd_script_t domain.
+
+
+.EX
+.PP
-+.B lsassd_var_socket_t
++.B httpd_config_t
+.EE
+
-+- Set files with the lsassd_var_socket_t type, if you want to treat the files as lsassd var socket data.
++- Set files with the httpd_config_t type, if you want to treat the files as httpd configuration data, usually stored under the /etc directory.
+
+.br
+.TP 5
+Paths:
-+/var/lib/likewise-open/\.lsassd, /var/lib/likewise-open/\.ntlmd, /var/lib/likewise-open/rpc/lsass
++/etc/vhosts, /etc/httpd(/.*)?, /etc/apache(2)?(/.*)?, /etc/apache-ssl(2)?(/.*)?, /etc/lighttpd(/.*)?, /var/lib/stickshift/.httpd.d(/.*)?, /etc/cherokee(/.*)?
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lsassd policy is very flexible allowing users to setup their lsassd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lsassd:
-+
-+.EX
-+.B lsassd_t
++.B httpd_cvs_content_t
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++- Set files with the httpd_cvs_content_t type, if you want to treat the files as httpd cvs content.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
+
-+.SH "SEE ALSO"
-+selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lvm_selinux.8 b/man/man8/lvm_selinux.8
-new file mode 100644
-index 0000000..143acc0
---- /dev/null
-+++ b/man/man8/lvm_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "lvm_selinux" "8" "lvm" "dwalsh at redhat.com" "lvm SELinux Policy documentation"
-+.SH "NAME"
-+lvm_selinux \- Security Enhanced Linux Policy for the lvm processes
-+.SH "DESCRIPTION"
++.EX
++.PP
++.B httpd_cvs_htaccess_t
++.EE
+
-+Security-Enhanced Linux secures the lvm processes via flexible mandatory access
-+control.
++- Set files with the httpd_cvs_htaccess_t type, if you want to treat the file as a httpd cvs access file.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lvm policy is very flexible allowing users to setup their lvm processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lvm:
++.B httpd_cvs_ra_content_t
++.EE
++
++- Set files with the httpd_cvs_ra_content_t type, if you want to treat the files as httpd cvs read/append content.
+
+
+.EX
+.PP
-+.B lvm_etc_t
++.B httpd_cvs_rw_content_t
+.EE
+
-+- Set files with the lvm_etc_t type, if you want to store lvm files in the /etc directories.
++- Set files with the httpd_cvs_rw_content_t type, if you want to treat the files as httpd cvs read/write content.
+
+
+.EX
+.PP
-+.B lvm_exec_t
++.B httpd_cvs_script_exec_t
+.EE
+
-+- Set files with the lvm_exec_t type, if you want to transition an executable to the lvm_t domain.
++- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/dmsetup, /usr/sbin/dmsetup, /usr/sbin/pvchange, /sbin/dmraid, /sbin/pvremove, /sbin/vgextend, /sbin/vgscan\.static, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /usr/lib/lvm-10/.*, /sbin/pvs, /sbin/lvmdiskscan, /sbin/lvresize, /sbin/vgmknodes, /usr/sbin/lvdisplay, /usr/sbin/mount\.crypt, /usr/sbin/pvs, /usr/sbin/vgsplit, /usr/lib/systemd/systemd-cryptsetup, /sbin/pvmove, /sbin/multipath\.static, /usr/sbin/pvcreate, /usr/sbin/lvmdiskscan, /usr/sbin/vgcfgbackup, /usr/sbin/lvmiopversion, /usr/sbin/vgimport, /sbin/vgck, /sbin/pvscan, /usr/sbin/lvmchange, /sbin/lvreduce, /sbin/vgremove, /sbin/vgscan, /sbin/vgsplit, /lib/lvm-200/.*, /usr/sbin/lvremove, /sbin/vgmerge, /usr/sbin/vgchange\.static, /sbin/pvcreate, /usr/sbin/lvm, /usr/sbin/lvrename, /usr/sbin/lvmsadc, /usr/lib/lvm-200/.*, /usr/sbin/pvdata, /usr/sbin/lvmetad, /sbin/vgchange, /sbin/lvm\.static, /sbin/vgcfgbackup, /sbin/e2fsadm, /sbin/lvm, /sbin/pvdata, /usr/sbin/lvcreate, /usr/sbin/vgextend, /sbin/lvextend, /u
sr/lib/udev/udisks-lvm-pv-export, /sbin/vgcfgrestore, /usr/sbin/vgscan, /sbin/vgs, /sbin/lvmchange, /sbin/vgimport, /usr/sbin/lvscan, /usr/sbin/pvscan, /usr/sbin/vgreduce, /usr/sbin/dmsetup\.static, /usr/sbin/vgexport, /usr/sbin/lvextend, /usr/sbin/cryptsetup, /usr/sbin/dmraid, /usr/sbin/lvresize, /sbin/dmsetup\.static, /sbin/lvmsar, /usr/sbin/vgs, /usr/sbin/vgrename, /usr/sbin/lvs, /sbin/vgchange\.static, /usr/sbin/pvmove, /sbin/lvmsadc, /usr/sbin/vgmknodes, /sbin/lvmetad, /sbin/lvmiopversion, /usr/sbin/pvdisplay, /usr/sbin/vgremove, /usr/sbin/vgscan\.static, /sbin/pvdisplay, /usr/sbin/vgcfgrestore, /usr/sbin/kpartx, /sbin/cryptsetup, /lib/udev/udisks-lvm-pv-export, /sbin/vgwrapper, /sbin/lvchange, /sbin/pvchange, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/mount\.crypt, /sbin/vgcreate, /usr/sbin/vgwrapper, /sbin/vgreduce, /usr/sbin/lvreduce, /sbin/lvrename, /sbin/multipathd, /usr/sbin/vgcreate, /usr/sbin/vgmerge, /usr/sbin/multipath\.static, /sbin/vgexport, /usr/sbi
n/lvchange, /sbin/lvs, /usr/sbin/lvmsar, /usr/sbin/vgchange, /sbin/kpartx, /lib/lvm-10/.*, /sbin/lvscan, /sbin/lvcreate, /sbin/vgdisplay, /usr/sbin/vgdisplay, /sbin/lvremove, /usr/sbin/pvremove, /usr/sbin/e2fsadm
++/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
+
+.EX
+.PP
-+.B lvm_lock_t
++.B httpd_dirsrvadmin_content_t
+.EE
+
-+- Set files with the lvm_lock_t type, if you want to treat the files as lvm lock data, stored under the /var/lock directory
++- Set files with the httpd_dirsrvadmin_content_t type, if you want to treat the files as httpd dirsrvadmin content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lock/lvm(/.*)?, /etc/lvm/lock(/.*)?
+
+.EX
+.PP
-+.B lvm_metadata_t
++.B httpd_dirsrvadmin_htaccess_t
+.EE
+
-+- Set files with the lvm_metadata_t type, if you want to treat the files as lvm metadata data.
++- Set files with the httpd_dirsrvadmin_htaccess_t type, if you want to treat the file as a httpd dirsrvadmin access file.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/lvm/backup(/.*)?, /var/cache/multipathd(/.*)?, /etc/lvmtab\.d(/.*)?, /etc/lvmtab(/.*)?, /etc/lvm/\.cache, /etc/lvm/archive(/.*)?, /etc/lvm/cache(/.*)?
+
+.EX
+.PP
-+.B lvm_tmp_t
++.B httpd_dirsrvadmin_ra_content_t
+.EE
+
-+- Set files with the lvm_tmp_t type, if you want to store lvm temporary files in the /tmp directories.
++- Set files with the httpd_dirsrvadmin_ra_content_t type, if you want to treat the files as httpd dirsrvadmin read/append content.
+
+
+.EX
+.PP
-+.B lvm_var_lib_t
++.B httpd_dirsrvadmin_rw_content_t
+.EE
+
-+- Set files with the lvm_var_lib_t type, if you want to store the lvm files under the /var/lib directory.
++- Set files with the httpd_dirsrvadmin_rw_content_t type, if you want to treat the files as httpd dirsrvadmin read/write content.
+
+
+.EX
+.PP
-+.B lvm_var_run_t
++.B httpd_dirsrvadmin_script_exec_t
+.EE
+
-+- Set files with the lvm_var_run_t type, if you want to store the lvm files under the /run directory.
++- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/lvm(/.*)?, /var/run/multipathd\.sock, /var/run/dmevent.*
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lvm policy is very flexible allowing users to setup their lvm processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lvm:
++/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
+
+.EX
-+.B lvm_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lwiod_selinux.8 b/man/man8/lwiod_selinux.8
-new file mode 100644
-index 0000000..f030703
---- /dev/null
-+++ b/man/man8/lwiod_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "lwiod_selinux" "8" "lwiod" "dwalsh at redhat.com" "lwiod SELinux Policy documentation"
-+.SH "NAME"
-+lwiod_selinux \- Security Enhanced Linux Policy for the lwiod processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the lwiod processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
++.B httpd_dspam_content_t
++.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lwiod policy is very flexible allowing users to setup their lwiod processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lwiod:
++- Set files with the httpd_dspam_content_t type, if you want to treat the files as httpd dspam content.
+
+
+.EX
+.PP
-+.B lwiod_exec_t
++.B httpd_dspam_htaccess_t
+.EE
+
-+- Set files with the lwiod_exec_t type, if you want to transition an executable to the lwiod_t domain.
++- Set files with the httpd_dspam_htaccess_t type, if you want to treat the file as a httpd dspam access file.
+
+
+.EX
+.PP
-+.B lwiod_var_lib_t
++.B httpd_dspam_ra_content_t
+.EE
+
-+- Set files with the lwiod_var_lib_t type, if you want to store the lwiod files under the /var/lib directory.
++- Set files with the httpd_dspam_ra_content_t type, if you want to treat the files as httpd dspam read/append content.
+
+
+.EX
+.PP
-+.B lwiod_var_run_t
++.B httpd_dspam_rw_content_t
+.EE
+
-+- Set files with the lwiod_var_run_t type, if you want to store the lwiod files under the /run directory.
++- Set files with the httpd_dspam_rw_content_t type, if you want to treat the files as httpd dspam read/write content.
+
+
+.EX
+.PP
-+.B lwiod_var_socket_t
++.B httpd_dspam_script_exec_t
+.EE
+
-+- Set files with the lwiod_var_socket_t type, if you want to treat the files as lwiod var socket data.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the httpd_dspam_script_exec_t type, if you want to transition an executable to the httpd_dspam_script_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lwiod policy is very flexible allowing users to setup their lwiod processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lwiod:
+
+.EX
-+.B lwiod_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B httpd_exec_t
++.EE
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++- Set files with the httpd_exec_t type, if you want to transition an executable to the httpd_t domain.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.TP 5
++Paths:
++/usr/sbin/apache(2)?, /usr/share/jetty/bin/jetty.sh, /usr/bin/mongrel_rails, /usr/lib/apache-ssl/.+, /usr/sbin/httpd\.event, /usr/sbin/httpd(\.worker)?, /usr/sbin/cherokee, /usr/sbin/apache-ssl(2)?, /usr/sbin/lighttpd
+
-+.SH "SEE ALSO"
-+selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lwregd_selinux.8 b/man/man8/lwregd_selinux.8
-new file mode 100644
-index 0000000..3cff5a3
---- /dev/null
-+++ b/man/man8/lwregd_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "lwregd_selinux" "8" "lwregd" "dwalsh at redhat.com" "lwregd SELinux Policy documentation"
-+.SH "NAME"
-+lwregd_selinux \- Security Enhanced Linux Policy for the lwregd processes
-+.SH "DESCRIPTION"
++.EX
++.PP
++.B httpd_git_content_t
++.EE
+
-+Security-Enhanced Linux secures the lwregd processes via flexible mandatory access
-+control.
++- Set files with the httpd_git_content_t type, if you want to treat the files as httpd git content.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lwregd policy is very flexible allowing users to setup their lwregd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lwregd:
++.B httpd_git_htaccess_t
++.EE
++
++- Set files with the httpd_git_htaccess_t type, if you want to treat the file as a httpd git access file.
+
+
+.EX
+.PP
-+.B lwregd_exec_t
++.B httpd_git_ra_content_t
+.EE
+
-+- Set files with the lwregd_exec_t type, if you want to transition an executable to the lwregd_t domain.
++- Set files with the httpd_git_ra_content_t type, if you want to treat the files as httpd git read/append content.
+
+
+.EX
+.PP
-+.B lwregd_var_lib_t
++.B httpd_git_rw_content_t
+.EE
+
-+- Set files with the lwregd_var_lib_t type, if you want to store the lwregd files under the /var/lib directory.
++- Set files with the httpd_git_rw_content_t type, if you want to treat the files as httpd git read/write content.
+
+.br
+.TP 5
+Paths:
-+/var/lib/likewise-open/db/registry\.db, /var/lib/likewise-open/regsd\.err
++/var/cache/gitweb-caching(/.*)?, /var/cache/cgit(/.*)?
+
+.EX
+.PP
-+.B lwregd_var_run_t
++.B httpd_git_script_exec_t
+.EE
+
-+- Set files with the lwregd_var_run_t type, if you want to store the lwregd files under the /run directory.
++- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain.
+
++.br
++.TP 5
++Paths:
++/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
+
+.EX
+.PP
-+.B lwregd_var_socket_t
++.B httpd_helper_exec_t
+.EE
+
-+- Set files with the lwregd_var_socket_t type, if you want to treat the files as lwregd var socket data.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the httpd_helper_exec_t type, if you want to transition an executable to the httpd_helper_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lwregd policy is very flexible allowing users to setup their lwregd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lwregd:
+
+.EX
-+.B lwregd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/lwsmd_selinux.8 b/man/man8/lwsmd_selinux.8
-new file mode 100644
-index 0000000..9d5967e
---- /dev/null
-+++ b/man/man8/lwsmd_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "lwsmd_selinux" "8" "lwsmd" "dwalsh at redhat.com" "lwsmd SELinux Policy documentation"
-+.SH "NAME"
-+lwsmd_selinux \- Security Enhanced Linux Policy for the lwsmd processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the lwsmd processes via flexible mandatory access
-+control.
-+
-+.SH NSSWITCH DOMAIN
++.B httpd_initrc_exec_t
++.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux lwsmd policy is very flexible allowing users to setup their lwsmd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for lwsmd:
++- Set files with the httpd_initrc_exec_t type, if you want to transition an executable to the httpd_initrc_t domain.
+
++.br
++.TP 5
++Paths:
++/etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd
+
+.EX
+.PP
-+.B lwsmd_exec_t
++.B httpd_keytab_t
+.EE
+
-+- Set files with the lwsmd_exec_t type, if you want to transition an executable to the lwsmd_t domain.
++- Set files with the httpd_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B lwsmd_var_lib_t
++.B httpd_lock_t
+.EE
+
-+- Set files with the lwsmd_var_lib_t type, if you want to store the lwsmd files under the /var/lib directory.
++- Set files with the httpd_lock_t type, if you want to treat the files as httpd lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B lwsmd_var_run_t
++.B httpd_log_t
+.EE
+
-+- Set files with the lwsmd_var_run_t type, if you want to store the lwsmd files under the /run directory.
++- Set files with the httpd_log_t type, if you want to treat the data as httpd log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/apache-ssl(2)?(/.*)?, /var/log/suphp\.log.*, /var/log/httpd(/.*)?, /var/log/apache(2)?(/.*)?, /var/log/cherokee(/.*)?, /var/log/roundcubemail(/.*)?, /var/log/cgiwrap\.log.*, /var/log/lighttpd(/.*)?, /var/www(/.*)?/logs(/.*)?, /var/log/cacti(/.*)?, /var/log/dirsrv/admin-serv(/.*)?, /etc/httpd/logs
+
+.EX
+.PP
-+.B lwsmd_var_socket_t
++.B httpd_man2html_content_t
+.EE
+
-+- Set files with the lwsmd_var_socket_t type, if you want to treat the files as lwsmd var socket data.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the httpd_man2html_content_t type, if you want to treat the files as httpd man2html content.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux lwsmd policy is very flexible allowing users to setup their lwsmd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for lwsmd:
+
+.EX
-+.B lwsmd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.B httpd_man2html_htaccess_t
++.EE
+
-+.SH "SEE ALSO"
-+selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mail_selinux.8 b/man/man8/mail_selinux.8
-new file mode 100644
-index 0000000..6bed566
---- /dev/null
-+++ b/man/man8/mail_selinux.8
-@@ -0,0 +1,293 @@
-+.TH "mail_selinux" "8" "mail" "dwalsh at redhat.com" "mail SELinux Policy documentation"
-+.SH "NAME"
-+mail_selinux \- Security Enhanced Linux Policy for the mail processes
-+.SH "DESCRIPTION"
++- Set files with the httpd_man2html_htaccess_t type, if you want to treat the file as a httpd man2html access file.
+
-+Security-Enhanced Linux secures the mail processes via flexible mandatory access
-+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mail policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mail with the tightest access possible.
++.EX
++.PP
++.B httpd_man2html_ra_content_t
++.EE
+
++- Set files with the httpd_man2html_ra_content_t type, if you want to treat the files as httpd man2html read/append content.
+
-+.PP
-+If you want to allow postfix_local domain full write access to mail_spool directories, you must turn on the postfix_local_write_mail_spool boolean.
+
+.EX
-+.B setsebool -P postfix_local_write_mail_spool 1
++.PP
++.B httpd_man2html_rw_content_t
+.EE
+
-+.PP
-+If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
++- Set files with the httpd_man2html_rw_content_t type, if you want to treat the files as httpd man2html read/write content.
++
+
+.EX
-+.B setsebool -P httpd_can_sendmail 1
++.PP
++.B httpd_man2html_script_cache_t
+.EE
+
-+.PP
-+If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
++- Set files with the httpd_man2html_script_cache_t type, if you want to store the files under the /var/cache directory.
++
+
+.EX
-+.B setsebool -P logging_syslogd_can_sendmail 1
++.PP
++.B httpd_man2html_script_exec_t
+.EE
+
-+.PP
-+If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
++- Set files with the httpd_man2html_script_exec_t type, if you want to transition an executable to the httpd_man2html_script_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
+
+.EX
-+.B setsebool -P gitosis_can_sendmail 1
++.PP
++.B httpd_mediawiki_content_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the httpd_mediawiki_content_t type, if you want to treat the files as httpd mediawiki content.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mailman_mail_t, mailman_cgi_t, mailman_queue_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.TP 5
++Paths:
++/var/www/wiki/.*\.php, /usr/share/mediawiki(/.*)?
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B httpd_mediawiki_htaccess_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the mailman_mail_t, mailman_cgi_t, mailman_queue_t, you must turn on the kerberos_enabled boolean.
++- Set files with the httpd_mediawiki_htaccess_t type, if you want to treat the file as a httpd mediawiki access file.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B httpd_mediawiki_ra_content_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux mail policy is very flexible allowing users to setup their mail processes in as secure a method as possible.
-+.PP
-+The following file types are defined for mail:
++- Set files with the httpd_mediawiki_ra_content_t type, if you want to treat the files as httpd mediawiki read/append content.
+
+
+.EX
+.PP
-+.B mail_home_rw_t
++.B httpd_mediawiki_rw_content_t
+.EE
+
-+- Set files with the mail_home_rw_t type, if you want to treat the files as mail home read/write content.
++- Set files with the httpd_mediawiki_rw_content_t type, if you want to treat the files as httpd mediawiki read/write content.
+
+
+.EX
+.PP
-+.B mail_home_t
++.B httpd_mediawiki_script_exec_t
+.EE
+
-+- Set files with the mail_home_t type, if you want to store mail files in the users home directory.
++- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/root/\.mailrc, /root/dead\.letter, /root/\.esmtp_queue, /root/\.forward
++/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
+
+.EX
+.PP
-+.B mail_munin_plugin_exec_t
++.B httpd_modules_t
+.EE
+
-+- Set files with the mail_munin_plugin_exec_t type, if you want to transition an executable to the mail_munin_plugin_t domain.
++- Set files with the httpd_modules_t type, if you want to treat the files as httpd modules.
+
+.br
+.TP 5
+Paths:
-+/usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailscanner, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/sendmail_.*
++/usr/lib/cherokee(/.*)?, /usr/lib/lighttpd(/.*)?, /usr/lib/apache(/.*)?, /etc/httpd/modules, /usr/lib/httpd(/.*)?, /usr/lib/apache2/modules(/.*)?
+
+.EX
+.PP
-+.B mail_munin_plugin_tmp_t
++.B httpd_mojomojo_content_t
+.EE
+
-+- Set files with the mail_munin_plugin_tmp_t type, if you want to store mail munin plugin temporary files in the /tmp directories.
++- Set files with the httpd_mojomojo_content_t type, if you want to treat the files as httpd mojomojo content.
+
+
+.EX
+.PP
-+.B mail_spool_t
++.B httpd_mojomojo_htaccess_t
+.EE
+
-+- Set files with the mail_spool_t type, if you want to store the mail files under the /var/spool directory.
++- Set files with the httpd_mojomojo_htaccess_t type, if you want to treat the file as a httpd mojomojo access file.
+
-+.br
-+.TP 5
-+Paths:
-+/var/mail(/.*)?, /var/spool/imap(/.*)?, /var/spool/mail(/.*)?
+
+.EX
+.PP
-+.B mailman_archive_t
++.B httpd_mojomojo_ra_content_t
+.EE
+
-+- Set files with the mailman_archive_t type, if you want to treat the files as mailman archive data.
++- Set files with the httpd_mojomojo_ra_content_t type, if you want to treat the files as httpd mojomojo read/append content.
+
+
+.EX
+.PP
-+.B mailman_cgi_exec_t
++.B httpd_mojomojo_rw_content_t
+.EE
+
-+- Set files with the mailman_cgi_exec_t type, if you want to transition an executable to the mailman_cgi_t domain.
++- Set files with the httpd_mojomojo_rw_content_t type, if you want to treat the files as httpd mojomojo read/write content.
+
+
+.EX
+.PP
-+.B mailman_cgi_tmp_t
++.B httpd_mojomojo_script_exec_t
+.EE
+
-+- Set files with the mailman_cgi_tmp_t type, if you want to store mailman cgi temporary files in the /tmp directories.
++- Set files with the httpd_mojomojo_script_exec_t type, if you want to transition an executable to the httpd_mojomojo_script_t domain.
+
+
+.EX
+.PP
-+.B mailman_data_t
++.B httpd_mojomojo_tmp_t
+.EE
+
-+- Set files with the mailman_data_t type, if you want to treat the files as mailman content.
++- Set files with the httpd_mojomojo_tmp_t type, if you want to store httpd mojomojo temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/mailman.*, /var/spool/mailman.*, /var/lib/mailman.*
+
+.EX
+.PP
-+.B mailman_lock_t
++.B httpd_munin_content_t
+.EE
+
-+- Set files with the mailman_lock_t type, if you want to treat the files as mailman lock data, stored under the /var/lock directory
++- Set files with the httpd_munin_content_t type, if you want to treat the files as httpd munin content.
+
+
+.EX
+.PP
-+.B mailman_log_t
++.B httpd_munin_htaccess_t
+.EE
+
-+- Set files with the mailman_log_t type, if you want to treat the data as mailman log data, usually stored under the /var/log directory.
++- Set files with the httpd_munin_htaccess_t type, if you want to treat the file as a httpd munin access file.
+
+
+.EX
+.PP
-+.B mailman_mail_exec_t
++.B httpd_munin_ra_content_t
+.EE
+
-+- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain.
++- Set files with the httpd_munin_ra_content_t type, if you want to treat the files as httpd munin read/append content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman
+
+.EX
+.PP
-+.B mailman_mail_tmp_t
++.B httpd_munin_rw_content_t
+.EE
+
-+- Set files with the mailman_mail_tmp_t type, if you want to store mailman mail temporary files in the /tmp directories.
++- Set files with the httpd_munin_rw_content_t type, if you want to treat the files as httpd munin read/write content.
+
+
+.EX
+.PP
-+.B mailman_queue_exec_t
++.B httpd_munin_script_exec_t
+.EE
+
-+- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain.
++- Set files with the httpd_munin_script_exec_t type, if you want to transition an executable to the httpd_munin_script_t domain.
++
++
++.EX
++.PP
++.B httpd_nagios_content_t
++.EE
++
++- Set files with the httpd_nagios_content_t type, if you want to treat the files as httpd nagios content.
++
++
++.EX
++.PP
++.B httpd_nagios_htaccess_t
++.EE
++
++- Set files with the httpd_nagios_htaccess_t type, if you want to treat the file as a httpd nagios access file.
++
++
++.EX
++.PP
++.B httpd_nagios_ra_content_t
++.EE
++
++- Set files with the httpd_nagios_ra_content_t type, if you want to treat the files as httpd nagios read/append content.
++
++
++.EX
++.PP
++.B httpd_nagios_rw_content_t
++.EE
++
++- Set files with the httpd_nagios_rw_content_t type, if you want to treat the files as httpd nagios read/write content.
++
++
++.EX
++.PP
++.B httpd_nagios_script_exec_t
++.EE
++
++- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/mailman.*/cron/.*, /usr/lib/mailman.*/bin/qrunner
++/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
+
+.EX
+.PP
-+.B mailman_queue_tmp_t
++.B httpd_nutups_cgi_content_t
+.EE
+
-+- Set files with the mailman_queue_tmp_t type, if you want to store mailman queue temporary files in the /tmp directories.
++- Set files with the httpd_nutups_cgi_content_t type, if you want to treat the files as httpd nutups cgi content.
+
+
+.EX
+.PP
-+.B mailman_var_run_t
++.B httpd_nutups_cgi_htaccess_t
+.EE
+
-+- Set files with the mailman_var_run_t type, if you want to store the mailman files under the /run directory.
++- Set files with the httpd_nutups_cgi_htaccess_t type, if you want to treat the file as a httpd nutups cgi access file.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B httpd_nutups_cgi_ra_content_t
++.EE
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++- Set files with the httpd_nutups_cgi_ra_content_t type, if you want to treat the files as httpd nutups cgi read/append content.
+
-+.B semanage port -l
+
++.EX
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux mail policy is very flexible allowing users to setup their mail processes in as secure a method as possible.
-+.PP
-+The following port types are defined for mail:
++.B httpd_nutups_cgi_rw_content_t
++.EE
++
++- Set files with the httpd_nutups_cgi_rw_content_t type, if you want to treat the files as httpd nutups cgi read/write content.
++
+
+.EX
++.PP
++.B httpd_nutups_cgi_script_exec_t
++.EE
++
++- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain.
++
++.br
+.TP 5
-+.B mail_port_t
-+.TP 10
++Paths:
++/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
++
++.EX
++.PP
++.B httpd_openshift_content_t
+.EE
+
++- Set files with the httpd_openshift_content_t type, if you want to treat the files as httpd openshift content.
+
-+Default Defined Ports:
-+tcp 2000,3905
++
++.EX
++.PP
++.B httpd_openshift_htaccess_t
+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
++
++- Set files with the httpd_openshift_htaccess_t type, if you want to treat the file as a httpd openshift access file.
++
++
++.EX
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.B httpd_openshift_ra_content_t
++.EE
++
++- Set files with the httpd_openshift_ra_content_t type, if you want to treat the files as httpd openshift read/append content.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux mail policy is very flexible allowing users to setup their mail processes in as secure a method as possible.
-+.PP
-+The following process types are defined for mail:
++.B httpd_openshift_rw_content_t
++.EE
++
++- Set files with the httpd_openshift_rw_content_t type, if you want to treat the files as httpd openshift read/write content.
++
+
+.EX
-+.B mailman_cgi_t, mailman_mail_t, mail_munin_plugin_t, mailman_queue_t
++.PP
++.B httpd_openshift_script_exec_t
+.EE
++
++- Set files with the httpd_openshift_script_exec_t type, if you want to transition an executable to the httpd_openshift_script_t domain.
++
++
++.EX
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B httpd_passwd_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
++- Set files with the httpd_passwd_exec_t type, if you want to transition an executable to the httpd_passwd_t domain.
++
++
++.EX
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.B httpd_php_exec_t
++.EE
++
++- Set files with the httpd_php_exec_t type, if you want to transition an executable to the httpd_php_t domain.
++
++
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B httpd_php_tmp_t
++.EE
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++- Set files with the httpd_php_tmp_t type, if you want to store httpd php temporary files in the /tmp directories.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B httpd_prewikka_content_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the httpd_prewikka_content_t type, if you want to treat the files as httpd prewikka content.
+
-+.SH "SEE ALSO"
-+selinux(8), mail(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/mailman_selinux.8 b/man/man8/mailman_selinux.8
-new file mode 100644
-index 0000000..4333059
---- /dev/null
-+++ b/man/man8/mailman_selinux.8
-@@ -0,0 +1,179 @@
-+.TH "mailman_selinux" "8" "mailman" "dwalsh at redhat.com" "mailman SELinux Policy documentation"
-+.SH "NAME"
-+mailman_selinux \- Security Enhanced Linux Policy for the mailman processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mailman processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B httpd_prewikka_htaccess_t
++.EE
++
++- Set files with the httpd_prewikka_htaccess_t type, if you want to treat the file as a httpd prewikka access file.
+
-+.SH NSSWITCH DOMAIN
+
++.EX
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mailman_mail_t, mailman_cgi_t, mailman_queue_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.B httpd_prewikka_ra_content_t
++.EE
++
++- Set files with the httpd_prewikka_ra_content_t type, if you want to treat the files as httpd prewikka read/append content.
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B httpd_prewikka_rw_content_t
+.EE
+
++- Set files with the httpd_prewikka_rw_content_t type, if you want to treat the files as httpd prewikka read/write content.
++
++
++.EX
+.PP
-+If you want to allow confined applications to run with kerberos for the mailman_mail_t, mailman_cgi_t, mailman_queue_t, you must turn on the kerberos_enabled boolean.
++.B httpd_prewikka_script_exec_t
++.EE
++
++- Set files with the httpd_prewikka_script_exec_t type, if you want to transition an executable to the httpd_prewikka_script_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B httpd_rotatelogs_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++- Set files with the httpd_rotatelogs_exec_t type, if you want to transition an executable to the httpd_rotatelogs_t domain.
++
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B httpd_smokeping_cgi_content_t
++.EE
++
++- Set files with the httpd_smokeping_cgi_content_t type, if you want to treat the files as httpd smokeping cgi content.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux mailman policy is very flexible allowing users to setup their mailman processes in as secure a method as possible.
-+.PP
-+The following file types are defined for mailman:
++.B httpd_smokeping_cgi_htaccess_t
++.EE
++
++- Set files with the httpd_smokeping_cgi_htaccess_t type, if you want to treat the file as a httpd smokeping cgi access file.
+
+
+.EX
+.PP
-+.B mailman_archive_t
++.B httpd_smokeping_cgi_ra_content_t
+.EE
+
-+- Set files with the mailman_archive_t type, if you want to treat the files as mailman archive data.
++- Set files with the httpd_smokeping_cgi_ra_content_t type, if you want to treat the files as httpd smokeping cgi read/append content.
+
+
+.EX
+.PP
-+.B mailman_cgi_exec_t
++.B httpd_smokeping_cgi_rw_content_t
+.EE
+
-+- Set files with the mailman_cgi_exec_t type, if you want to transition an executable to the mailman_cgi_t domain.
++- Set files with the httpd_smokeping_cgi_rw_content_t type, if you want to treat the files as httpd smokeping cgi read/write content.
+
+
+.EX
+.PP
-+.B mailman_cgi_tmp_t
++.B httpd_smokeping_cgi_script_exec_t
+.EE
+
-+- Set files with the mailman_cgi_tmp_t type, if you want to store mailman cgi temporary files in the /tmp directories.
++- Set files with the httpd_smokeping_cgi_script_exec_t type, if you want to transition an executable to the httpd_smokeping_cgi_script_t domain.
+
+
+.EX
+.PP
-+.B mailman_data_t
++.B httpd_squid_content_t
+.EE
+
-+- Set files with the mailman_data_t type, if you want to treat the files as mailman content.
++- Set files with the httpd_squid_content_t type, if you want to treat the files as httpd squid content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/mailman.*, /var/spool/mailman.*, /var/lib/mailman.*
+
+.EX
+.PP
-+.B mailman_lock_t
++.B httpd_squid_htaccess_t
+.EE
+
-+- Set files with the mailman_lock_t type, if you want to treat the files as mailman lock data, stored under the /var/lock directory
++- Set files with the httpd_squid_htaccess_t type, if you want to treat the file as a httpd squid access file.
+
+
+.EX
+.PP
-+.B mailman_log_t
++.B httpd_squid_ra_content_t
+.EE
+
-+- Set files with the mailman_log_t type, if you want to treat the data as mailman log data, usually stored under the /var/log directory.
++- Set files with the httpd_squid_ra_content_t type, if you want to treat the files as httpd squid read/append content.
+
+
+.EX
+.PP
-+.B mailman_mail_exec_t
++.B httpd_squid_rw_content_t
+.EE
+
-+- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain.
++- Set files with the httpd_squid_rw_content_t type, if you want to treat the files as httpd squid read/write content.
++
++
++.EX
++.PP
++.B httpd_squid_script_exec_t
++.EE
++
++- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman
++/usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?
+
+.EX
+.PP
-+.B mailman_mail_tmp_t
++.B httpd_squirrelmail_t
+.EE
+
-+- Set files with the mailman_mail_tmp_t type, if you want to store mailman mail temporary files in the /tmp directories.
++- Set files with the httpd_squirrelmail_t type, if you want to treat the files as httpd squirrelmail data.
+
+
+.EX
+.PP
-+.B mailman_queue_exec_t
++.B httpd_suexec_exec_t
+.EE
+
-+- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain.
++- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/lib/mailman.*/cron/.*, /usr/lib/mailman.*/bin/qrunner
++/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
+
+.EX
+.PP
-+.B mailman_queue_tmp_t
++.B httpd_suexec_tmp_t
+.EE
+
-+- Set files with the mailman_queue_tmp_t type, if you want to store mailman queue temporary files in the /tmp directories.
++- Set files with the httpd_suexec_tmp_t type, if you want to store httpd suexec temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B mailman_var_run_t
++.B httpd_sys_content_t
+.EE
+
-+- Set files with the mailman_var_run_t type, if you want to store the mailman files under the /run directory.
++- Set files with the httpd_sys_content_t type, if you want to treat the files as httpd sys content.
+
++.br
++.TP 5
++Paths:
++/usr/share/icecast(/.*)?, /usr/share/htdig(/.*)?, /etc/htdig(/.*)?, /var/www/svn/conf(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/data(/.*)?, /var/lib/htdig(/.*)?, /srv/gallery2(/.*)?, /srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?, /test/symlinked/file, /usr/share/mythweb(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/cacti/rra(/.*)?, /var/lib/trac(/.*)?, /var/www(/.*)?, /var/www/icons(/.*)?
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B httpd_sys_htaccess_t
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++- Set files with the httpd_sys_htaccess_t type, if you want to treat the file as a httpd sys access file.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux mailman policy is very flexible allowing users to setup their mailman processes in as secure a method as possible.
-+.PP
-+The following process types are defined for mailman:
++.B httpd_sys_ra_content_t
++.EE
++
++- Set files with the httpd_sys_ra_content_t type, if you want to treat the files as httpd sys read/append content.
++
+
+.EX
-+.B mailman_cgi_t, mailman_mail_t, mailman_queue_t
++.PP
++.B httpd_sys_rw_content_t
+.EE
++
++- Set files with the httpd_sys_rw_content_t type, if you want to treat the files as httpd sys read/write content.
++
++.br
++.TP 5
++Paths:
++/var/www/html/[^/]*/sites/default/settings\.php, /var/spool/viewvc(/.*)?, /etc/WebCalendar(/.*)?, /etc/mock/koji(/.*)?, /var/lib/svn(/.*)?, /var/spool/gosa(/.*)?, /etc/zabbix/web(/.*)?, /var/lib/pootle/po(/.*)?, /etc/drupal.*, /var/www/gallery/albums(/.*)?, /usr/share/wordpress/wp-content/uploads(/.*)?, /var/www/html/configuration\.php, /usr/share/wordpress/wp-content/upgrade(/.*)?, /var/lib/drupal.*, /usr/share/wordpress-mu/wp-content(/.*)?, /var/lib/dokuwiki(/.*)?, /var/www/moodledata(/.*)?, /var/www/html/[^/]*/sites/default/files(/.*)?, /var/www/svn(/.*)?, /var/www/html/wp-content(/.*)?
++
++.EX
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B httpd_sys_script_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
++- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain.
++
++.br
++.TP 5
++Paths:
++/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php, /opt/.*\.cgi
++
++.EX
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.B httpd_tmp_t
++.EE
++
++- Set files with the httpd_tmp_t type, if you want to store httpd temporary files in the /tmp directories.
++
++
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B httpd_tmpfs_t
++.EE
++
++- Set files with the httpd_tmpfs_t type, if you want to store httpd files on a tmpfs file system.
+
++
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B httpd_unit_file_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the httpd_unit_file_t type, if you want to treat the files as httpd unit content.
+
-+.SH "SEE ALSO"
-+selinux(8), mailman(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/matahari_selinux.8 b/man/man8/matahari_selinux.8
-new file mode 100644
-index 0000000..ffc17aa
---- /dev/null
-+++ b/man/man8/matahari_selinux.8
-@@ -0,0 +1,225 @@
-+.TH "matahari_selinux" "8" "matahari" "dwalsh at redhat.com" "matahari SELinux Policy documentation"
-+.SH "NAME"
-+matahari_selinux \- Security Enhanced Linux Policy for the matahari processes
-+.SH "DESCRIPTION"
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/httpd.*, /usr/lib/systemd/system/jetty.*
+
-+Security-Enhanced Linux secures the matahari processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B httpd_user_content_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the httpd_user_content_t type, if you want to treat the files as httpd user content.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B httpd_user_htaccess_t
++.EE
++
++- Set files with the httpd_user_htaccess_t type, if you want to treat the file as a httpd user access file.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux matahari policy is very flexible allowing users to setup their matahari processes in as secure a method as possible.
-+.PP
-+The following file types are defined for matahari:
++.B httpd_user_ra_content_t
++.EE
++
++- Set files with the httpd_user_ra_content_t type, if you want to treat the files as httpd user read/append content.
+
+
+.EX
+.PP
-+.B matahari_hostd_exec_t
++.B httpd_user_rw_content_t
+.EE
+
-+- Set files with the matahari_hostd_exec_t type, if you want to transition an executable to the matahari_hostd_t domain.
++- Set files with the httpd_user_rw_content_t type, if you want to treat the files as httpd user read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/matahari-qmf-hostd, /usr/sbin/matahari-hostd, /usr/sbin/matahari-dbus-hostd
+
+.EX
+.PP
-+.B matahari_hostd_unit_file_t
++.B httpd_user_script_exec_t
+.EE
+
-+- Set files with the matahari_hostd_unit_file_t type, if you want to treat the files as matahari hostd unit content.
++- Set files with the httpd_user_script_exec_t type, if you want to transition an executable to the httpd_user_script_t domain.
+
+
+.EX
+.PP
-+.B matahari_initrc_exec_t
++.B httpd_var_lib_t
+.EE
+
-+- Set files with the matahari_initrc_exec_t type, if you want to transition an executable to the matahari_initrc_t domain.
++- Set files with the httpd_var_lib_t type, if you want to store the httpd files under the /var/lib directory.
+
+.br
+.TP 5
+Paths:
-+/etc/rc\.d/init\.d/matahari-sysconfig, /etc/rc\.d/init\.d/matahari-host, /etc/rc\.d/init\.d/matahari-service, /etc/rc\.d/init\.d/matahari-net, /etc/rc\.d/init.d/matahari-sysconfig-console
++/var/lib/rt3/data/RT-Shredder(/.*)?, /var/lib/lighttpd(/.*)?, /var/lib/httpd(/.*)?, /var/lib/cherokee(/.*)?, /var/lib/dav(/.*)?, /var/lib/php(/.*)?
+
+.EX
+.PP
-+.B matahari_netd_exec_t
++.B httpd_var_run_t
+.EE
+
-+- Set files with the matahari_netd_exec_t type, if you want to transition an executable to the matahari_netd_t domain.
++- Set files with the httpd_var_run_t type, if you want to store the httpd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/matahari-qmf-networkd, /usr/sbin/matahari-netd, /usr/sbin/matahari-dbus-networkd
++/var/run/mod_.*, /var/run/wsgi.*, /var/run/apache.*, /var/lib/php/session(/.*)?, /var/run/cherokee\.pid, /var/run/lighttpd(/.*)?, /var/run/gcache_port, /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?, /var/run/httpd.*, /var/run/dirsrv/admin-serv.*
+
+.EX
+.PP
-+.B matahari_netd_unit_file_t
++.B httpd_w3c_validator_content_t
+.EE
+
-+- Set files with the matahari_netd_unit_file_t type, if you want to treat the files as matahari netd unit content.
++- Set files with the httpd_w3c_validator_content_t type, if you want to treat the files as httpd w3c validator content.
+
+
+.EX
+.PP
-+.B matahari_rpcd_exec_t
++.B httpd_w3c_validator_htaccess_t
+.EE
+
-+- Set files with the matahari_rpcd_exec_t type, if you want to transition an executable to the matahari_rpcd_t domain.
++- Set files with the httpd_w3c_validator_htaccess_t type, if you want to treat the file as a httpd w3c validator access file.
+
+
+.EX
+.PP
-+.B matahari_rpcd_unit_file_t
++.B httpd_w3c_validator_ra_content_t
+.EE
+
-+- Set files with the matahari_rpcd_unit_file_t type, if you want to treat the files as matahari rpcd unit content.
++- Set files with the httpd_w3c_validator_ra_content_t type, if you want to treat the files as httpd w3c validator read/append content.
+
+
+.EX
+.PP
-+.B matahari_serviced_exec_t
++.B httpd_w3c_validator_rw_content_t
+.EE
+
-+- Set files with the matahari_serviced_exec_t type, if you want to transition an executable to the matahari_serviced_t domain.
++- Set files with the httpd_w3c_validator_rw_content_t type, if you want to treat the files as httpd w3c validator read/write content.
++
++
++.EX
++.PP
++.B httpd_w3c_validator_script_exec_t
++.EE
++
++- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/matahari-serviced, /usr/sbin/matahari-dbus-serviced, /usr/sbin/matahari-qmf-serviced
++/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+
+.EX
+.PP
-+.B matahari_serviced_unit_file_t
++.B httpd_w3c_validator_tmp_t
+.EE
+
-+- Set files with the matahari_serviced_unit_file_t type, if you want to treat the files as matahari serviced unit content.
++- Set files with the httpd_w3c_validator_tmp_t type, if you want to store httpd w3c validator temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B matahari_sysconfigd_exec_t
++.B httpd_zoneminder_content_t
+.EE
+
-+- Set files with the matahari_sysconfigd_exec_t type, if you want to transition an executable to the matahari_sysconfigd_t domain.
++- Set files with the httpd_zoneminder_content_t type, if you want to treat the files as httpd zoneminder content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/matahari-qmf-sysconfig-consoled, /usr/sbin/matahari-dbus-sysconfigd, /usr/sbin/matahari-qmf-sysconfigd
+
+.EX
+.PP
-+.B matahari_sysconfigd_unit_file_t
++.B httpd_zoneminder_htaccess_t
+.EE
+
-+- Set files with the matahari_sysconfigd_unit_file_t type, if you want to treat the files as matahari sysconfigd unit content.
++- Set files with the httpd_zoneminder_htaccess_t type, if you want to treat the file as a httpd zoneminder access file.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/matahari-sysconfig-console.*, /usr/lib/systemd/system/matahari-sysconfig.*
+
+.EX
+.PP
-+.B matahari_var_lib_t
++.B httpd_zoneminder_ra_content_t
+.EE
+
-+- Set files with the matahari_var_lib_t type, if you want to store the matahari files under the /var/lib directory.
++- Set files with the httpd_zoneminder_ra_content_t type, if you want to treat the files as httpd zoneminder read/append content.
+
+
+.EX
+.PP
-+.B matahari_var_run_t
++.B httpd_zoneminder_rw_content_t
+.EE
+
-+- Set files with the matahari_var_run_t type, if you want to store the matahari files under the /run directory.
++- Set files with the httpd_zoneminder_rw_content_t type, if you want to treat the files as httpd zoneminder read/write content.
++
++
++.EX
++.PP
++.B httpd_zoneminder_script_exec_t
++.EE
++
++- Set files with the httpd_zoneminder_script_exec_t type, if you want to transition an executable to the httpd_zoneminder_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/matahari(/.*)?, /var/run/matahari\.pid, /var/run/matahari-broker\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -28801,21 +33543,32 @@ index 0000000..ffc17aa
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux matahari policy is very flexible allowing users to setup their matahari processes in as secure a method as possible.
++SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
+.PP
-+The following port types are defined for matahari:
++The following port types are defined for httpd:
+
+.EX
+.TP 5
-+.B matahari_port_t
++.B http_cache_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 49000
++tcp 8080,8118,10001-10010
++.EE
++udp 3130
+.EE
-+udp 49000
++
++.EX
++.TP 5
++.B http_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 80,81,443,488,8008,8009,8443
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -28823,52 +33576,409 @@ index 0000000..ffc17aa
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux matahari policy is very flexible allowing users to setup their matahari processes in as secure a method as possible.
++SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for matahari:
++The following process types are defined for httpd:
+
+.EX
-+.B matahari_serviced_t, matahari_sysconfigd_t, matahari_hostd_t, matahari_netd_t, matahari_rpcd_t
++.B httpd_collectd_script_t, httpd_cvs_script_t, httpd_rotatelogs_t, httpd_bugzilla_script_t, httpd_smokeping_cgi_script_t, httpd_nagios_script_t, httpd_dirsrvadmin_script_t, httpd_suexec_t, httpd_mojomojo_script_t, httpd_php_t, httpd_w3c_validator_script_t, httpd_user_script_t, httpd_awstats_script_t, httpd_apcupsd_cgi_script_t, httpd_nutups_cgi_script_t, httpd_munin_script_t, httpd_zoneminder_script_t, httpd_openshift_script_t, httpd_sys_script_t, httpd_dspam_script_t, httpd_prewikka_script_t, httpd_git_script_t, httpd_t, httpd_man2html_script_t, httpd_passwd_t, httpd_helper_t, httpd_squid_script_t, httpd_cobbler_script_t, httpd_mediawiki_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++The SELinux user type httpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B abrt_retrace_spool_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++ /var/spool/abrt-retrace(/.*)?
++.br
++ /var/spool/retrace-server(/.*)?
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), matahari(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mcelog_selinux.8 b/man/man8/mcelog_selinux.8
-new file mode 100644
-index 0000000..0d5483c
---- /dev/null
-+++ b/man/man8/mcelog_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "mcelog_selinux" "8" "mcelog" "dwalsh at redhat.com" "mcelog SELinux Policy documentation"
-+.SH "NAME"
-+mcelog_selinux \- Security Enhanced Linux Policy for the mcelog processes
-+.SH "DESCRIPTION"
++.br
++.B dirsrv_config_t
+
-+Security-Enhanced Linux secures the mcelog processes via flexible mandatory access
++ /etc/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_log_t
++
++ /var/log/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrv_var_run_t
++
++ /var/run/dirsrv(/.*)?
++.br
++
++.br
++.B dirsrvadmin_config_t
++
++ /etc/dirsrv/dsgw(/.*)?
++.br
++ /etc/dirsrv/admin-serv(/.*)?
++.br
++
++.br
++.B dirsrvadmin_tmp_t
++
++
++.br
++.B httpd_apcupsd_cgi_rw_content_t
++
++
++.br
++.B httpd_awstats_rw_content_t
++
++
++.br
++.B httpd_bugzilla_rw_content_t
++
++ /var/lib/bugzilla(/.*)?
++.br
++
++.br
++.B httpd_cache_t
++
++ /var/cache/rt3(/.*)?
++.br
++ /var/cache/ssl.*\.sem
++.br
++ /var/cache/mod_.*
++.br
++ /var/cache/php-.*
++.br
++ /var/cache/httpd(/.*)?
++.br
++ /var/cache/mason(/.*)?
++.br
++ /var/cache/mod_ssl(/.*)?
++.br
++ /var/cache/lighttpd(/.*)?
++.br
++ /var/cache/mediawiki(/.*)?
++.br
++ /var/cache/mod_proxy(/.*)?
++.br
++ /var/cache/mod_gnutls(/.*)?
++.br
++ /var/cache/php-mmcache(/.*)?
++.br
++ /var/cache/php-eaccelerator(/.*)?
++.br
++
++.br
++.B httpd_cobbler_rw_content_t
++
++
++.br
++.B httpd_collectd_rw_content_t
++
++
++.br
++.B httpd_cvs_rw_content_t
++
++
++.br
++.B httpd_dirsrvadmin_rw_content_t
++
++
++.br
++.B httpd_dspam_rw_content_t
++
++
++.br
++.B httpd_git_rw_content_t
++
++ /var/cache/cgit(/.*)?
++.br
++ /var/cache/gitweb-caching(/.*)?
++.br
++
++.br
++.B httpd_lock_t
++
++
++.br
++.B httpd_man2html_rw_content_t
++
++
++.br
++.B httpd_mediawiki_rw_content_t
++
++ /var/www/wiki(/.*)?
++.br
++
++.br
++.B httpd_mojomojo_rw_content_t
++
++ /var/lib/mojomojo(/.*)?
++.br
++
++.br
++.B httpd_munin_rw_content_t
++
++
++.br
++.B httpd_nagios_rw_content_t
++
++
++.br
++.B httpd_nutups_cgi_rw_content_t
++
++
++.br
++.B httpd_openshift_rw_content_t
++
++
++.br
++.B httpd_prewikka_rw_content_t
++
++
++.br
++.B httpd_smokeping_cgi_rw_content_t
++
++
++.br
++.B httpd_squid_rw_content_t
++
++
++.br
++.B httpd_squirrelmail_t
++
++ /var/lib/squirrelmail/prefs(/.*)?
++.br
++
++.br
++.B httpd_sys_rw_content_t
++
++ /etc/drupal.*
++.br
++ /var/lib/svn(/.*)?
++.br
++ /var/www/svn(/.*)?
++.br
++ /etc/mock/koji(/.*)?
++.br
++ /var/www/html/[^/]*/sites/default/files(/.*)?
++.br
++ /var/www/html/[^/]*/sites/default/settings\.php
++.br
++ /var/lib/drupal.*
++.br
++ /etc/zabbix/web(/.*)?
++.br
++ /var/spool/gosa(/.*)?
++.br
++ /etc/WebCalendar(/.*)?
++.br
++ /var/lib/dokuwiki(/.*)?
++.br
++ /var/spool/viewvc(/.*)?
++.br
++ /var/lib/pootle/po(/.*)?
++.br
++ /var/www/moodledata(/.*)?
++.br
++ /var/www/gallery/albums(/.*)?
++.br
++ /var/www/html/wp-content(/.*)?
++.br
++ /usr/share/wordpress-mu/wp-content(/.*)?
++.br
++ /usr/share/wordpress/wp-content/uploads(/.*)?
++.br
++ /usr/share/wordpress/wp-content/upgrade(/.*)?
++.br
++ /var/www/html/configuration\.php
++.br
++
++.br
++.B httpd_tmp_t
++
++ /var/run/user/apache(/.*)?
++.br
++
++.br
++.B httpd_tmpfs_t
++
++
++.br
++.B httpd_user_rw_content_t
++
++
++.br
++.B httpd_var_lib_t
++
++ /var/lib/dav(/.*)?
++.br
++ /var/lib/php(/.*)?
++.br
++ /var/lib/httpd(/.*)?
++.br
++ /var/lib/cherokee(/.*)?
++.br
++ /var/lib/lighttpd(/.*)?
++.br
++ /var/lib/rt3/data/RT-Shredder(/.*)?
++.br
++
++.br
++.B httpd_var_run_t
++
++ /var/run/mod_.*
++.br
++ /var/run/wsgi.*
++.br
++ /var/run/httpd.*
++.br
++ /var/run/apache.*
++.br
++ /var/run/lighttpd(/.*)?
++.br
++ /var/lib/php/session(/.*)?
++.br
++ /var/run/dirsrv/admin-serv.*
++.br
++ /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?
++.br
++ /var/run/gcache_port
++.br
++ /var/run/cherokee\.pid
++.br
++
++.br
++.B httpd_w3c_validator_rw_content_t
++
++
++.br
++.B httpd_zoneminder_rw_content_t
++
++
++.br
++.B jetty_cache_t
++
++ /var/cache/jetty(/.*)?
++.br
++
++.br
++.B jetty_log_t
++
++ /var/log/jetty(/.*)?
++.br
++
++.br
++.B jetty_var_lib_t
++
++ /var/lib/jetty(/.*)?
++.br
++
++.br
++.B jetty_var_run_t
++
++ /var/run/jetty(/.*)?
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B passenger_tmp_t
++
++
++.br
++.B passenger_var_run_t
++
++ /var/run/passenger(/.*)?
++.br
++
++.br
++.B squirrelmail_spool_t
++
++ /var/spool/squirrelmail(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B zarafa_var_lib_t
++
++ /var/lib/zarafa(/.*)?
++.br
++ /var/lib/zarafa-webaccess(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), httpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_smokeping_cgi_script_selinux.8 b/man/man8/httpd_smokeping_cgi_script_selinux.8
+new file mode 100644
+index 0000000..c36a046
+--- /dev/null
++++ b/man/man8/httpd_smokeping_cgi_script_selinux.8
+@@ -0,0 +1,88 @@
++.TH "httpd_smokeping_cgi_script_selinux" "8" "httpd_smokeping_cgi_script" "dwalsh at redhat.com" "httpd_smokeping_cgi_script SELinux Policy documentation"
++.SH "NAME"
++httpd_smokeping_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_smokeping_cgi_script processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the httpd_smokeping_cgi_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -28879,34 +33989,117 @@ index 0000000..0d5483c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mcelog policy is very flexible allowing users to setup their mcelog processes in as secure a method as possible.
++SELinux httpd_smokeping_cgi_script policy is very flexible allowing users to setup their httpd_smokeping_cgi_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for mcelog:
++The following file types are defined for httpd_smokeping_cgi_script:
+
+
+.EX
+.PP
-+.B mcelog_exec_t
++.B httpd_smokeping_cgi_script_exec_t
+.EE
+
-+- Set files with the mcelog_exec_t type, if you want to transition an executable to the mcelog_t domain.
++- Set files with the httpd_smokeping_cgi_script_exec_t type, if you want to transition an executable to the httpd_smokeping_cgi_script_t domain.
+
+
-+.EX
+.PP
-+.B mcelog_log_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux httpd_smokeping_cgi_script policy is very flexible allowing users to setup their httpd_smokeping_cgi_script processes in as secure a method as possible.
++.PP
++The following process types are defined for httpd_smokeping_cgi_script:
++
++.EX
++.B httpd_smokeping_cgi_script_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the mcelog_log_t type, if you want to treat the data as mcelog log data, usually stored under the /var/log directory.
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_smokeping_cgi_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_smokeping_cgi_rw_content_t
++
++
++.br
++.B smokeping_var_lib_t
++
++ /var/lib/smokeping(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), httpd_smokeping_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_squid_script_selinux.8 b/man/man8/httpd_squid_script_selinux.8
+new file mode 100644
+index 0000000..5312360
+--- /dev/null
++++ b/man/man8/httpd_squid_script_selinux.8
+@@ -0,0 +1,86 @@
++.TH "httpd_squid_script_selinux" "8" "httpd_squid_script" "dwalsh at redhat.com" "httpd_squid_script SELinux Policy documentation"
++.SH "NAME"
++httpd_squid_script_selinux \- Security Enhanced Linux Policy for the httpd_squid_script processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the httpd_squid_script processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux httpd_squid_script policy is very flexible allowing users to setup their httpd_squid_script processes in as secure a method as possible.
++.PP
++The following file types are defined for httpd_squid_script:
+
+
+.EX
+.PP
-+.B mcelog_var_run_t
++.B httpd_squid_script_exec_t
+.EE
+
-+- Set files with the mcelog_var_run_t type, if you want to store the mcelog files under the /run directory.
++- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -28921,18 +34114,26 @@ index 0000000..0d5483c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mcelog policy is very flexible allowing users to setup their mcelog processes in as secure a method as possible.
++SELinux httpd_squid_script policy is very flexible allowing users to setup their httpd_squid_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for mcelog:
++The following process types are defined for httpd_squid_script:
+
+.EX
-+.B mcelog_t
++.B httpd_squid_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_squid_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_squid_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -28948,38 +34149,40 @@ index 0000000..0d5483c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mdadm_selinux.8 b/man/man8/mdadm_selinux.8
++selinux(8), httpd_squid_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_suexec_selinux.8 b/man/man8/httpd_suexec_selinux.8
new file mode 100644
-index 0000000..beefadb
+index 0000000..0fa636d
--- /dev/null
-+++ b/man/man8/mdadm_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "mdadm_selinux" "8" "mdadm" "dwalsh at redhat.com" "mdadm SELinux Policy documentation"
++++ b/man/man8/httpd_suexec_selinux.8
+@@ -0,0 +1,108 @@
++.TH "httpd_suexec_selinux" "8" "httpd_suexec" "dwalsh at redhat.com" "httpd_suexec SELinux Policy documentation"
+.SH "NAME"
-+mdadm_selinux \- Security Enhanced Linux Policy for the mdadm processes
++httpd_suexec_selinux \- Security Enhanced Linux Policy for the httpd_suexec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mdadm processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_suexec processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mdadm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_suexec_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mdadm_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the httpd_suexec_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -28988,34 +34191,30 @@ index 0000000..beefadb
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mdadm policy is very flexible allowing users to setup their mdadm processes in as secure a method as possible.
++SELinux httpd_suexec policy is very flexible allowing users to setup their httpd_suexec processes in as secure a method as possible.
+.PP
-+The following file types are defined for mdadm:
++The following file types are defined for httpd_suexec:
+
+
+.EX
+.PP
-+.B mdadm_exec_t
++.B httpd_suexec_exec_t
+.EE
+
-+- Set files with the mdadm_exec_t type, if you want to transition an executable to the mdadm_t domain.
++- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/raid-check, /sbin/mdmpd, /usr/sbin/iprinit, /usr/sbin/mdadm, /usr/sbin/iprupdate, /sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump
++/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
+
+.EX
+.PP
-+.B mdadm_var_run_t
++.B httpd_suexec_tmp_t
+.EE
+
-+- Set files with the mdadm_var_run_t type, if you want to store the mdadm files under the /run directory.
++- Set files with the httpd_suexec_tmp_t type, if you want to store httpd suexec temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mdadm(/.*)?, /dev/md/.*, /dev/.mdadm\.map
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29030,18 +34229,26 @@ index 0000000..beefadb
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mdadm policy is very flexible allowing users to setup their mdadm processes in as secure a method as possible.
++SELinux httpd_suexec policy is very flexible allowing users to setup their httpd_suexec processes in as secure a method as possible.
+.PP
-+The following process types are defined for mdadm:
++The following process types are defined for httpd_suexec:
+
+.EX
-+.B mdadm_t
++.B httpd_suexec_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_suexec_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_suexec_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29057,49 +34264,66 @@ index 0000000..beefadb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/memcached_selinux.8 b/man/man8/memcached_selinux.8
++selinux(8), httpd_suexec(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_sys_script_selinux.8 b/man/man8/httpd_sys_script_selinux.8
new file mode 100644
-index 0000000..92c134f
+index 0000000..4282d5b
--- /dev/null
-+++ b/man/man8/memcached_selinux.8
-@@ -0,0 +1,150 @@
-+.TH "memcached_selinux" "8" "memcached" "dwalsh at redhat.com" "memcached SELinux Policy documentation"
++++ b/man/man8/httpd_sys_script_selinux.8
+@@ -0,0 +1,172 @@
++.TH "httpd_sys_script_selinux" "8" "httpd_sys_script" "dwalsh at redhat.com" "httpd_sys_script SELinux Policy documentation"
+.SH "NAME"
-+memcached_selinux \- Security Enhanced Linux Policy for the memcached processes
++httpd_sys_script_selinux \- Security Enhanced Linux Policy for the httpd_sys_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the memcached processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_sys_script processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. memcached policy is extremely flexible and has several booleans that allow you to manipulate the policy and run memcached with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the httpd_sys_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P httpd_can_network_memcache 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the memcached_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow confined applications to run with kerberos for the httpd_sys_script_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow httpd_sys_script servers to read the /var/httpd_sys_script directory by adding the public_content_t file type to the directory and by restoring the file type.
+.PP
-+If you want to allow confined applications to run with kerberos for the memcached_t, you must turn on the kerberos_enabled boolean.
++.B
++semanage fcontext -a -t public_content_t "/var/httpd_sys_script(/.*)?"
++.br
++.B restorecon -F -R -v /var/httpd_sys_script
++.pp
++.TP
++Allow httpd_sys_script servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpd_sys_scriptd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/httpd_sys_script/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/httpd_sys_script/incoming
++
++
++.PP
++If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P httpd_sys_script_anon_write 1
+.EE
+
+.SH FILE CONTEXTS
@@ -29108,38 +34332,22 @@ index 0000000..92c134f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
++SELinux httpd_sys_script policy is very flexible allowing users to setup their httpd_sys_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for memcached:
-+
-+
-+.EX
-+.PP
-+.B memcached_exec_t
-+.EE
-+
-+- Set files with the memcached_exec_t type, if you want to transition an executable to the memcached_t domain.
-+
-+
-+.EX
-+.PP
-+.B memcached_initrc_exec_t
-+.EE
-+
-+- Set files with the memcached_initrc_exec_t type, if you want to transition an executable to the memcached_initrc_t domain.
++The following file types are defined for httpd_sys_script:
+
+
+.EX
+.PP
-+.B memcached_var_run_t
++.B httpd_sys_script_exec_t
+.EE
+
-+- Set files with the memcached_var_run_t type, if you want to store the memcached files under the /run directory.
++- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/ipa_memcached(/.*)?, /var/run/memcached(/.*)?
++/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php, /opt/.*\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29148,49 +34356,78 @@ index 0000000..92c134f
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
-+.PP
-+The following port types are defined for memcached:
-+
-+.EX
-+.TP 5
-+.B memcache_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 11211
-+.EE
-+udp 11211
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
++SELinux httpd_sys_script policy is very flexible allowing users to setup their httpd_sys_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for memcached:
++The following process types are defined for httpd_sys_script:
+
+.EX
-+.B memcached_t
++.B httpd_sys_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_sys_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_sys_rw_content_t
++
++ /etc/drupal.*
++.br
++ /var/lib/svn(/.*)?
++.br
++ /var/www/svn(/.*)?
++.br
++ /etc/mock/koji(/.*)?
++.br
++ /var/www/html/[^/]*/sites/default/files(/.*)?
++.br
++ /var/www/html/[^/]*/sites/default/settings\.php
++.br
++ /var/lib/drupal.*
++.br
++ /etc/zabbix/web(/.*)?
++.br
++ /var/spool/gosa(/.*)?
++.br
++ /etc/WebCalendar(/.*)?
++.br
++ /var/lib/dokuwiki(/.*)?
++.br
++ /var/spool/viewvc(/.*)?
++.br
++ /var/lib/pootle/po(/.*)?
++.br
++ /var/www/moodledata(/.*)?
++.br
++ /var/www/gallery/albums(/.*)?
++.br
++ /var/www/html/wp-content(/.*)?
++.br
++ /usr/share/wordpress-mu/wp-content(/.*)?
++.br
++ /usr/share/wordpress/wp-content/uploads(/.*)?
++.br
++ /usr/share/wordpress/wp-content/upgrade(/.*)?
++.br
++ /var/www/html/configuration\.php
++.br
++
++.br
++.B httpd_tmp_t
++
++ /var/run/user/apache(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29201,35 +34438,29 @@ index 0000000..92c134f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), memcached(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), httpd_sys_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/mencoder_selinux.8 b/man/man8/mencoder_selinux.8
+diff --git a/man/man8/httpd_user_script_selinux.8 b/man/man8/httpd_user_script_selinux.8
new file mode 100644
-index 0000000..01fc97c
+index 0000000..a2e9b4f
--- /dev/null
-+++ b/man/man8/mencoder_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "mencoder_selinux" "8" "mencoder" "dwalsh at redhat.com" "mencoder SELinux Policy documentation"
++++ b/man/man8/httpd_user_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_user_script_selinux" "8" "httpd_user_script" "dwalsh at redhat.com" "httpd_user_script SELinux Policy documentation"
+.SH "NAME"
-+mencoder_selinux \- Security Enhanced Linux Policy for the mencoder processes
++httpd_user_script_selinux \- Security Enhanced Linux Policy for the httpd_user_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mencoder processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_user_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -29240,17 +34471,17 @@ index 0000000..01fc97c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mencoder policy is very flexible allowing users to setup their mencoder processes in as secure a method as possible.
++SELinux httpd_user_script policy is very flexible allowing users to setup their httpd_user_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for mencoder:
++The following file types are defined for httpd_user_script:
+
+
+.EX
+.PP
-+.B mencoder_exec_t
++.B httpd_user_script_exec_t
+.EE
+
-+- Set files with the mencoder_exec_t type, if you want to transition an executable to the mencoder_t domain.
++- Set files with the httpd_user_script_exec_t type, if you want to transition an executable to the httpd_user_script_t domain.
+
+
+.PP
@@ -29266,18 +34497,26 @@ index 0000000..01fc97c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mencoder policy is very flexible allowing users to setup their mencoder processes in as secure a method as possible.
++SELinux httpd_user_script policy is very flexible allowing users to setup their httpd_user_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for mencoder:
++The following process types are defined for httpd_user_script:
+
+.EX
-+.B mencoder_t
++.B httpd_user_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_user_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_user_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29293,109 +34532,50 @@ index 0000000..01fc97c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mock_selinux.8 b/man/man8/mock_selinux.8
++selinux(8), httpd_user_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/httpd_w3c_validator_script_selinux.8 b/man/man8/httpd_w3c_validator_script_selinux.8
new file mode 100644
-index 0000000..f7d8a3b
+index 0000000..8e84866
--- /dev/null
-+++ b/man/man8/mock_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "mock_selinux" "8" "mock" "dwalsh at redhat.com" "mock SELinux Policy documentation"
++++ b/man/man8/httpd_w3c_validator_script_selinux.8
+@@ -0,0 +1,90 @@
++.TH "httpd_w3c_validator_script_selinux" "8" "httpd_w3c_validator_script" "dwalsh at redhat.com" "httpd_w3c_validator_script SELinux Policy documentation"
+.SH "NAME"
-+mock_selinux \- Security Enhanced Linux Policy for the mock processes
++httpd_w3c_validator_script_selinux \- Security Enhanced Linux Policy for the httpd_w3c_validator_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mock processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_w3c_validator_script processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mock with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow mock to read files in home directories, you must turn on the mock_enable_homedirs boolean.
-+
-+.EX
-+.B setsebool -P mock_enable_homedirs 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mock_t, mock_build_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the mock_t, mock_build_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mock policy is very flexible allowing users to setup their mock processes in as secure a method as possible.
++SELinux httpd_w3c_validator_script policy is very flexible allowing users to setup their httpd_w3c_validator_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for mock:
-+
-+
-+.EX
-+.PP
-+.B mock_build_exec_t
-+.EE
-+
-+- Set files with the mock_build_exec_t type, if you want to transition an executable to the mock_build_t domain.
-+
-+
-+.EX
-+.PP
-+.B mock_cache_t
-+.EE
-+
-+- Set files with the mock_cache_t type, if you want to store the files under the /var/cache directory.
-+
-+
-+.EX
-+.PP
-+.B mock_etc_t
-+.EE
-+
-+- Set files with the mock_etc_t type, if you want to store mock files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B mock_exec_t
-+.EE
-+
-+- Set files with the mock_exec_t type, if you want to transition an executable to the mock_t domain.
-+
-+
-+.EX
-+.PP
-+.B mock_tmp_t
-+.EE
-+
-+- Set files with the mock_tmp_t type, if you want to store mock temporary files in the /tmp directories.
++The following file types are defined for httpd_w3c_validator_script:
+
+
+.EX
+.PP
-+.B mock_var_lib_t
++.B httpd_w3c_validator_script_exec_t
+.EE
+
-+- Set files with the mock_var_lib_t type, if you want to store the mock files under the /var/lib directory.
++- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29410,18 +34590,30 @@ index 0000000..f7d8a3b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mock policy is very flexible allowing users to setup their mock processes in as secure a method as possible.
++SELinux httpd_w3c_validator_script policy is very flexible allowing users to setup their httpd_w3c_validator_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for mock:
++The following process types are defined for httpd_w3c_validator_script:
+
+.EX
-+.B mock_t, mock_build_t
++.B httpd_w3c_validator_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_w3c_validator_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_w3c_validator_rw_content_t
++
++
++.br
++.B httpd_w3c_validator_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29432,32 +34624,29 @@ index 0000000..f7d8a3b
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mock(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), httpd_w3c_validator_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/modemmanager_selinux.8 b/man/man8/modemmanager_selinux.8
+diff --git a/man/man8/httpd_zoneminder_script_selinux.8 b/man/man8/httpd_zoneminder_script_selinux.8
new file mode 100644
-index 0000000..e87cce2
+index 0000000..425b531
--- /dev/null
-+++ b/man/man8/modemmanager_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "modemmanager_selinux" "8" "modemmanager" "dwalsh at redhat.com" "modemmanager SELinux Policy documentation"
++++ b/man/man8/httpd_zoneminder_script_selinux.8
+@@ -0,0 +1,82 @@
++.TH "httpd_zoneminder_script_selinux" "8" "httpd_zoneminder_script" "dwalsh at redhat.com" "httpd_zoneminder_script SELinux Policy documentation"
+.SH "NAME"
-+modemmanager_selinux \- Security Enhanced Linux Policy for the modemmanager processes
++httpd_zoneminder_script_selinux \- Security Enhanced Linux Policy for the httpd_zoneminder_script processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the modemmanager processes via flexible mandatory access
++Security-Enhanced Linux secures the httpd_zoneminder_script processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -29468,17 +34657,17 @@ index 0000000..e87cce2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux modemmanager policy is very flexible allowing users to setup their modemmanager processes in as secure a method as possible.
++SELinux httpd_zoneminder_script policy is very flexible allowing users to setup their httpd_zoneminder_script processes in as secure a method as possible.
+.PP
-+The following file types are defined for modemmanager:
++The following file types are defined for httpd_zoneminder_script:
+
+
+.EX
+.PP
-+.B modemmanager_exec_t
++.B httpd_zoneminder_script_exec_t
+.EE
+
-+- Set files with the modemmanager_exec_t type, if you want to transition an executable to the modemmanager_t domain.
++- Set files with the httpd_zoneminder_script_exec_t type, if you want to transition an executable to the httpd_zoneminder_script_t domain.
+
+
+.PP
@@ -29494,18 +34683,26 @@ index 0000000..e87cce2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux modemmanager policy is very flexible allowing users to setup their modemmanager processes in as secure a method as possible.
++SELinux httpd_zoneminder_script policy is very flexible allowing users to setup their httpd_zoneminder_script processes in as secure a method as possible.
+.PP
-+The following process types are defined for modemmanager:
++The following process types are defined for httpd_zoneminder_script:
+
+.EX
-+.B modemmanager_t
++.B httpd_zoneminder_script_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type httpd_zoneminder_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_zoneminder_rw_content_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29521,96 +34718,64 @@ index 0000000..e87cce2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mongod_selinux.8 b/man/man8/mongod_selinux.8
++selinux(8), httpd_zoneminder_script(8), semanage(8), restorecon(8), chcon(1)
++, httpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/hwclock_selinux.8 b/man/man8/hwclock_selinux.8
new file mode 100644
-index 0000000..d9d4da8
+index 0000000..45435cd
--- /dev/null
-+++ b/man/man8/mongod_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "mongod_selinux" "8" "mongod" "dwalsh at redhat.com" "mongod SELinux Policy documentation"
++++ b/man/man8/hwclock_selinux.8
+@@ -0,0 +1,101 @@
++.TH "hwclock_selinux" "8" "hwclock" "dwalsh at redhat.com" "hwclock SELinux Policy documentation"
+.SH "NAME"
-+mongod_selinux \- Security Enhanced Linux Policy for the mongod processes
++hwclock_selinux \- Security Enhanced Linux Policy for the hwclock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mongod processes via flexible mandatory access
++Security-Enhanced Linux secures the hwclock processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
-+.PP
-+The following file types are defined for mongod:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the hwclock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B mongod_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the mongod_exec_t type, if you want to transition an executable to the mongod_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic
-+
-+.EX
+.PP
-+.B mongod_initrc_exec_t
-+.EE
-+
-+- Set files with the mongod_initrc_exec_t type, if you want to transition an executable to the mongod_initrc_t domain.
-+
++If you want to allow confined applications to run with kerberos for the hwclock_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B mongod_log_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the mongod_log_t type, if you want to treat the data as mongod log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/aeolus-conductor/dbomatic\.log.*, /var/log/mongodb(/.*)?
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B mongod_tmp_t
-+.EE
-+
-+- Set files with the mongod_tmp_t type, if you want to store mongod temporary files in the /tmp directories.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B mongod_var_lib_t
-+.EE
-+
-+- Set files with the mongod_var_lib_t type, if you want to store the mongod files under the /var/lib directory.
++Policy governs the access confined processes have to these files.
++SELinux hwclock policy is very flexible allowing users to setup their hwclock processes in as secure a method as possible.
++.PP
++The following file types are defined for hwclock:
+
+
+.EX
+.PP
-+.B mongod_var_run_t
++.B hwclock_exec_t
+.EE
+
-+- Set files with the mongod_var_run_t type, if you want to store the mongod files under the /run directory.
++- Set files with the hwclock_exec_t type, if you want to transition an executable to the hwclock_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/mongodb(/.*)?, /var/run/aeolus/dbomatic\.pid
++/usr/sbin/hwclock, /sbin/hwclock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29619,47 +34784,34 @@ index 0000000..d9d4da8
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
-+.PP
-+The following port types are defined for mongod:
-+
-+.EX
-+.TP 5
-+.B mongod_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 27017
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
++SELinux hwclock policy is very flexible allowing users to setup their hwclock processes in as secure a method as possible.
+.PP
-+The following process types are defined for mongod:
++The following process types are defined for hwclock:
+
+.EX
-+.B mongod_t
++.B hwclock_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type hwclock_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B adjtime_t
++
++ /etc/adjtime
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29670,136 +34822,65 @@ index 0000000..d9d4da8
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mount_selinux.8 b/man/man8/mount_selinux.8
++selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/iceauth_selinux.8 b/man/man8/iceauth_selinux.8
new file mode 100644
-index 0000000..264fa29
+index 0000000..3fa5cf8
--- /dev/null
-+++ b/man/man8/mount_selinux.8
-@@ -0,0 +1,161 @@
-+.TH "mount_selinux" "8" "mount" "dwalsh at redhat.com" "mount SELinux Policy documentation"
++++ b/man/man8/iceauth_selinux.8
+@@ -0,0 +1,105 @@
++.TH "iceauth_selinux" "8" "iceauth" "dwalsh at redhat.com" "iceauth SELinux Policy documentation"
+.SH "NAME"
-+mount_selinux \- Security Enhanced Linux Policy for the mount processes
++iceauth_selinux \- Security Enhanced Linux Policy for the iceauth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mount processes via flexible mandatory access
++Security-Enhanced Linux secures the iceauth processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mount policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mount with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow the mount command to mount any directory or file, you must turn on the mount_anyfile boolean.
-+
-+.EX
-+.B setsebool -P mount_anyfile 1
-+.EE
-+
-+.PP
-+If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
-+
-+.EX
-+.B setsebool -P xguest_mount_media 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mount_t, mount_ecryptfs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the mount_t, mount_ecryptfs_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mount policy is very flexible allowing users to setup their mount processes in as secure a method as possible.
++SELinux iceauth policy is very flexible allowing users to setup their iceauth processes in as secure a method as possible.
+.PP
-+The following file types are defined for mount:
-+
-+
-+.EX
-+.PP
-+.B mount_ecryptfs_exec_t
-+.EE
-+
-+- Set files with the mount_ecryptfs_exec_t type, if you want to transition an executable to the mount_ecryptfs_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
-+
-+.EX
-+.PP
-+.B mount_ecryptfs_tmpfs_t
-+.EE
-+
-+- Set files with the mount_ecryptfs_tmpfs_t type, if you want to store mount ecryptfs files on a tmpfs file system.
++The following file types are defined for iceauth:
+
+
+.EX
+.PP
-+.B mount_exec_t
++.B iceauth_exec_t
+.EE
+
-+- Set files with the mount_exec_t type, if you want to transition an executable to the mount_t domain.
++- Set files with the iceauth_exec_t type, if you want to transition an executable to the iceauth_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/mount.*, /sbin/umount.*, /usr/bin/umount.*, /usr/sbin/umount.*, /bin/umount.*, /usr/bin/mount.*, /bin/mount.*, /usr/sbin/mount.*
-+
-+.EX
-+.PP
-+.B mount_loopback_t
-+.EE
-+
-+- Set files with the mount_loopback_t type, if you want to treat the files as mount loopback data.
-+
-+
-+.EX
-+.PP
-+.B mount_tmp_t
-+.EE
-+
-+- Set files with the mount_tmp_t type, if you want to store mount temporary files in the /tmp directories.
-+
++/usr/bin/iceauth, /usr/X11R6/bin/iceauth
+
+.EX
+.PP
-+.B mount_var_run_t
++.B iceauth_home_t
+.EE
+
-+- Set files with the mount_var_run_t type, if you want to store the mount files under the /run directory.
++- Set files with the iceauth_home_t type, if you want to store iceauth files in the users home directory.
+
+.br
+.TP 5
+Paths:
-+/run/mount(/.*)?, /dev/\.mount(/.*)?, /var/run/mount(/.*)?, /var/run/davfs2(/.*)?, /var/cache/davfs2(/.*)?
++/root/\.DCOP.*, /root/\.ICEauthority.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29814,18 +34895,34 @@ index 0000000..264fa29
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mount policy is very flexible allowing users to setup their mount processes in as secure a method as possible.
++SELinux iceauth policy is very flexible allowing users to setup their iceauth processes in as secure a method as possible.
+.PP
-+The following process types are defined for mount:
++The following process types are defined for iceauth:
+
+.EX
-+.B mount_t, mount_ecryptfs_t
++.B iceauth_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type iceauth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B iceauth_home_t
++
++ /root/\.DCOP.*
++.br
++ /root/\.ICEauthority.*
++.br
++ /home/[^/]*/\.DCOP.*
++.br
++ /home/[^/]*/\.ICEauthority.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -29836,73 +34933,54 @@ index 0000000..264fa29
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mount(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/mozilla_selinux.8 b/man/man8/mozilla_selinux.8
++selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/icecast_selinux.8 b/man/man8/icecast_selinux.8
new file mode 100644
-index 0000000..aabcac2
+index 0000000..4b3b988
--- /dev/null
-+++ b/man/man8/mozilla_selinux.8
-@@ -0,0 +1,196 @@
-+.TH "mozilla_selinux" "8" "mozilla" "dwalsh at redhat.com" "mozilla SELinux Policy documentation"
++++ b/man/man8/icecast_selinux.8
+@@ -0,0 +1,142 @@
++.TH "icecast_selinux" "8" "icecast" "dwalsh at redhat.com" "icecast SELinux Policy documentation"
+.SH "NAME"
-+mozilla_selinux \- Security Enhanced Linux Policy for the mozilla processes
++icecast_selinux \- Security Enhanced Linux Policy for the icecast processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mozilla processes via flexible mandatory access
++Security-Enhanced Linux secures the icecast processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mozilla policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mozilla with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow confined web browsers to read home directory content, you must turn on the mozilla_read_content boolean.
-+
-+.EX
-+.B setsebool -P mozilla_read_content 1
-+.EE
-+
-+.PP
-+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++SELinux policy is customizable based on least access required. icecast policy is extremely flexible and has several booleans that allow you to manipulate the policy and run icecast with the tightest access possible.
+
-+.EX
-+.B setsebool -P unconfined_mozilla_plugin_transition 1
-+.EE
+
+.PP
-+If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
++If you want to allow icecast to connect to all ports, not just sound ports, you must turn on the icecast_connect_any boolean.
+
+.EX
-+.B setsebool -P mozilla_plugin_enable_homedirs 1
++.B setsebool -P icecast_connect_any 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mozilla_plugin_config_t, mozilla_t, mozilla_plugin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the icecast_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mozilla_plugin_config_t, mozilla_t, mozilla_plugin_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the icecast_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -29911,97 +34989,41 @@ index 0000000..aabcac2
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mozilla policy is very flexible allowing users to setup their mozilla processes in as secure a method as possible.
++SELinux icecast policy is very flexible allowing users to setup their icecast processes in as secure a method as possible.
+.PP
-+The following file types are defined for mozilla:
-+
-+
-+.EX
-+.PP
-+.B mozilla_conf_t
-+.EE
-+
-+- Set files with the mozilla_conf_t type, if you want to treat the files as mozilla configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
-+.PP
-+.B mozilla_exec_t
-+.EE
-+
-+- Set files with the mozilla_exec_t type, if you want to transition an executable to the mozilla_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/galeon/galeon, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/netscape, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/epiphany-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/netscape/base-4/wrapper, /usr/bin/mozilla-snapshot, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/bin/mozilla-[0-9].*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/bin/mozilla, /usr/bin/epiphany
-+
-+.EX
-+.PP
-+.B mozilla_home_t
-+.EE
-+
-+- Set files with the mozilla_home_t type, if you want to store mozilla files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B mozilla_plugin_config_exec_t
-+.EE
-+
-+- Set files with the mozilla_plugin_config_exec_t type, if you want to transition an executable to the mozilla_plugin_config_t domain.
-+
-+
-+.EX
-+.PP
-+.B mozilla_plugin_exec_t
-+.EE
-+
-+- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
-+
-+.EX
-+.PP
-+.B mozilla_plugin_rw_t
-+.EE
-+
-+- Set files with the mozilla_plugin_rw_t type, if you want to treat the files as mozilla plugin read/write content.
++The following file types are defined for icecast:
+
+
+.EX
+.PP
-+.B mozilla_plugin_tmp_t
++.B icecast_exec_t
+.EE
+
-+- Set files with the mozilla_plugin_tmp_t type, if you want to store mozilla plugin temporary files in the /tmp directories.
++- Set files with the icecast_exec_t type, if you want to transition an executable to the icecast_t domain.
+
+
+.EX
+.PP
-+.B mozilla_plugin_tmpfs_t
++.B icecast_initrc_exec_t
+.EE
+
-+- Set files with the mozilla_plugin_tmpfs_t type, if you want to store mozilla plugin files on a tmpfs file system.
++- Set files with the icecast_initrc_exec_t type, if you want to transition an executable to the icecast_initrc_t domain.
+
+
+.EX
+.PP
-+.B mozilla_tmp_t
++.B icecast_log_t
+.EE
+
-+- Set files with the mozilla_tmp_t type, if you want to store mozilla temporary files in the /tmp directories.
++- Set files with the icecast_log_t type, if you want to treat the data as icecast log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B mozilla_tmpfs_t
++.B icecast_var_run_t
+.EE
+
-+- Set files with the mozilla_tmpfs_t type, if you want to store mozilla files on a tmpfs file system.
++- Set files with the icecast_var_run_t type, if you want to store the icecast files under the /run directory.
+
+
+.PP
@@ -30017,18 +35039,34 @@ index 0000000..aabcac2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mozilla policy is very flexible allowing users to setup their mozilla processes in as secure a method as possible.
++SELinux icecast policy is very flexible allowing users to setup their icecast processes in as secure a method as possible.
+.PP
-+The following process types are defined for mozilla:
++The following process types are defined for icecast:
+
+.EX
-+.B mozilla_t, mozilla_plugin_config_t, mozilla_plugin_t
++.B icecast_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type icecast_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B icecast_log_t
++
++ /var/log/icecast(/.*)?
++.br
++
++.br
++.B icecast_var_run_t
++
++ /var/run/icecast(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -30047,159 +35085,64 @@ index 0000000..aabcac2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mozilla(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), icecast(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/mpd_selinux.8 b/man/man8/mpd_selinux.8
+diff --git a/man/man8/ifconfig_selinux.8 b/man/man8/ifconfig_selinux.8
new file mode 100644
-index 0000000..90cd776
+index 0000000..ae147cb
--- /dev/null
-+++ b/man/man8/mpd_selinux.8
-@@ -0,0 +1,216 @@
-+.TH "mpd_selinux" "8" "mpd" "dwalsh at redhat.com" "mpd SELinux Policy documentation"
++++ b/man/man8/ifconfig_selinux.8
+@@ -0,0 +1,105 @@
++.TH "ifconfig_selinux" "8" "ifconfig" "dwalsh at redhat.com" "ifconfig SELinux Policy documentation"
+.SH "NAME"
-+mpd_selinux \- Security Enhanced Linux Policy for the mpd processes
++ifconfig_selinux \- Security Enhanced Linux Policy for the ifconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mpd processes via flexible mandatory access
++Security-Enhanced Linux secures the ifconfig processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mpd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ifconfig_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P mplayer_execstack 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
++If you want to allow confined applications to run with kerberos for the ifconfig_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P gssd_read_tmp 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
-+
-+.EX
-+.B setsebool -P httpd_tmp_exec 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
++Policy governs the access confined processes have to these files.
++SELinux ifconfig policy is very flexible allowing users to setup their ifconfig processes in as secure a method as possible.
++.PP
++The following file types are defined for ifconfig:
++
+
+.EX
-+.B setsebool -P unconfined_mplayer 1
++.PP
++.B ifconfig_exec_t
+.EE
+
-+.PP
-+If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean.
-+
-+.EX
-+.B setsebool -P daemons_dump_core 1
-+.EE
-+
-+.SH NSSWITCH DOMAIN
-+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mpd_t, mplayer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the mpd_t, mplayer_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for mpd:
-+
-+
-+.EX
-+.PP
-+.B mpd_data_t
-+.EE
-+
-+- Set files with the mpd_data_t type, if you want to treat the files as mpd content.
++- Set files with the ifconfig_exec_t type, if you want to transition an executable to the ifconfig_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/mpd/playlists(/.*)?, /var/lib/mpd/music(/.*)?
-+
-+.EX
-+.PP
-+.B mpd_etc_t
-+.EE
-+
-+- Set files with the mpd_etc_t type, if you want to store mpd files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B mpd_exec_t
-+.EE
-+
-+- Set files with the mpd_exec_t type, if you want to transition an executable to the mpd_t domain.
-+
-+
-+.EX
-+.PP
-+.B mpd_initrc_exec_t
-+.EE
-+
-+- Set files with the mpd_initrc_exec_t type, if you want to transition an executable to the mpd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B mpd_log_t
-+.EE
-+
-+- Set files with the mpd_log_t type, if you want to treat the data as mpd log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B mpd_tmp_t
-+.EE
-+
-+- Set files with the mpd_tmp_t type, if you want to store mpd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B mpd_tmpfs_t
-+.EE
-+
-+- Set files with the mpd_tmpfs_t type, if you want to store mpd files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B mpd_var_lib_t
-+.EE
-+
-+- Set files with the mpd_var_lib_t type, if you want to store the mpd files under the /var/lib directory.
-+
++/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /usr/sbin/ifconfig, /sbin/ipx_interface, /bin/ip, /usr/bin/ip, /sbin/iwconfig, /usr/sbin/tc, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ip, /sbin/ipx_internal_net
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -30208,47 +35151,38 @@ index 0000000..90cd776
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for mpd:
-+
-+.EX
-+.TP 5
-+.B mpd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 6600
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
++SELinux ifconfig policy is very flexible allowing users to setup their ifconfig processes in as secure a method as possible.
+.PP
-+The following process types are defined for mpd:
++The following process types are defined for ifconfig:
+
+.EX
-+.B mpd_t, mplayer_t
++.B ifconfig_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ifconfig_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ipsec_var_run_t
++
++ /var/racoon(/.*)?
++.br
++ /var/run/pluto(/.*)?
++.br
++ /var/run/racoon\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -30259,69 +35193,43 @@ index 0000000..90cd776
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/mplayer_selinux.8 b/man/man8/mplayer_selinux.8
++selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/inetd_child_selinux.8 b/man/man8/inetd_child_selinux.8
new file mode 100644
-index 0000000..d79c378
+index 0000000..92e550a
--- /dev/null
-+++ b/man/man8/mplayer_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "mplayer_selinux" "8" "mplayer" "dwalsh at redhat.com" "mplayer SELinux Policy documentation"
++++ b/man/man8/inetd_child_selinux.8
+@@ -0,0 +1,148 @@
++.TH "inetd_child_selinux" "8" "inetd_child" "dwalsh at redhat.com" "inetd_child SELinux Policy documentation"
+.SH "NAME"
-+mplayer_selinux \- Security Enhanced Linux Policy for the mplayer processes
++inetd_child_selinux \- Security Enhanced Linux Policy for the inetd_child processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mplayer processes via flexible mandatory access
++Security-Enhanced Linux secures the inetd_child processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mplayer policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mplayer with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
-+
-+.EX
-+.B setsebool -P mplayer_execstack 1
-+.EE
-+
-+.PP
-+If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
-+
-+.EX
-+.B setsebool -P unconfined_mplayer 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mplayer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the inetd_child_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mplayer_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the inetd_child_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -30330,45 +35238,37 @@ index 0000000..d79c378
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mplayer policy is very flexible allowing users to setup their mplayer processes in as secure a method as possible.
++SELinux inetd_child policy is very flexible allowing users to setup their inetd_child processes in as secure a method as possible.
+.PP
-+The following file types are defined for mplayer:
-+
-+
-+.EX
-+.PP
-+.B mplayer_etc_t
-+.EE
-+
-+- Set files with the mplayer_etc_t type, if you want to store mplayer files in the /etc directories.
++The following file types are defined for inetd_child:
+
+
+.EX
+.PP
-+.B mplayer_exec_t
++.B inetd_child_exec_t
+.EE
+
-+- Set files with the mplayer_exec_t type, if you want to transition an executable to the mplayer_t domain.
++- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/vlc, /usr/bin/mplayer, /usr/bin/xine
++/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
+
+.EX
+.PP
-+.B mplayer_home_t
++.B inetd_child_tmp_t
+.EE
+
-+- Set files with the mplayer_home_t type, if you want to store mplayer files in the users home directory.
++- Set files with the inetd_child_tmp_t type, if you want to store inetd child temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B mplayer_tmpfs_t
++.B inetd_child_var_run_t
+.EE
+
-+- Set files with the mplayer_tmpfs_t type, if you want to store mplayer files on a tmpfs file system.
++- Set files with the inetd_child_var_run_t type, if you want to store the inetd child files under the /run directory.
+
+
+.PP
@@ -30378,24 +35278,61 @@ index 0000000..d79c378
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux inetd_child policy is very flexible allowing users to setup their inetd_child processes in as secure a method as possible.
++.PP
++The following port types are defined for inetd_child:
++
++.EX
++.TP 5
++.B inetd_child_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 1,9,13,19,512,543,544,891,892,2105,5666
++.EE
++udp 1,9,13,19,891,892
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mplayer policy is very flexible allowing users to setup their mplayer processes in as secure a method as possible.
++SELinux inetd_child policy is very flexible allowing users to setup their inetd_child processes in as secure a method as possible.
+.PP
-+The following process types are defined for mplayer:
++The following process types are defined for inetd_child:
+
+.EX
-+.B mplayer_t
++.B inetd_child_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type inetd_child_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B inetd_child_tmp_t
++
++
++.br
++.B inetd_child_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -30406,48 +35343,48 @@ index 0000000..d79c378
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.B semanage port
++can also be used to manipulate the port definitions
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mplayer(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), inetd_child(8), semanage(8), restorecon(8), chcon(1)
++, inetd_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/mrtg_selinux.8 b/man/man8/mrtg_selinux.8
+diff --git a/man/man8/inetd_selinux.8 b/man/man8/inetd_selinux.8
new file mode 100644
-index 0000000..58fd320
+index 0000000..17de539
--- /dev/null
-+++ b/man/man8/mrtg_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "mrtg_selinux" "8" "mrtg" "dwalsh at redhat.com" "mrtg SELinux Policy documentation"
++++ b/man/man8/inetd_selinux.8
+@@ -0,0 +1,198 @@
++.TH "inetd_selinux" "8" "inetd" "dwalsh at redhat.com" "inetd SELinux Policy documentation"
+.SH "NAME"
-+mrtg_selinux \- Security Enhanced Linux Policy for the mrtg processes
++inetd_selinux \- Security Enhanced Linux Policy for the inetd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mrtg processes via flexible mandatory access
++Security-Enhanced Linux secures the inetd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mrtg_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the inetd_t, inetd_child_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mrtg_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the inetd_t, inetd_child_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -30456,61 +35393,73 @@ index 0000000..58fd320
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mrtg policy is very flexible allowing users to setup their mrtg processes in as secure a method as possible.
++SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
+.PP
-+The following file types are defined for mrtg:
++The following file types are defined for inetd:
+
+
+.EX
+.PP
-+.B mrtg_etc_t
++.B inetd_child_exec_t
+.EE
+
-+- Set files with the mrtg_etc_t type, if you want to store mrtg files in the /etc directories.
++- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
++
++.EX
++.PP
++.B inetd_child_tmp_t
++.EE
++
++- Set files with the inetd_child_tmp_t type, if you want to store inetd child temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B mrtg_exec_t
++.B inetd_child_var_run_t
+.EE
+
-+- Set files with the mrtg_exec_t type, if you want to transition an executable to the mrtg_t domain.
++- Set files with the inetd_child_var_run_t type, if you want to store the inetd child files under the /run directory.
+
+
+.EX
+.PP
-+.B mrtg_lock_t
++.B inetd_exec_t
+.EE
+
-+- Set files with the mrtg_lock_t type, if you want to treat the files as mrtg lock data, stored under the /var/lock directory
++- Set files with the inetd_exec_t type, if you want to transition an executable to the inetd_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lock/mrtg(/.*)?, /etc/mrtg/mrtg\.ok
++/usr/sbin/inetd, /usr/sbin/xinetd, /usr/sbin/rlinetd
+
+.EX
+.PP
-+.B mrtg_log_t
++.B inetd_log_t
+.EE
+
-+- Set files with the mrtg_log_t type, if you want to treat the data as mrtg log data, usually stored under the /var/log directory.
++- Set files with the inetd_log_t type, if you want to treat the data as inetd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B mrtg_var_lib_t
++.B inetd_tmp_t
+.EE
+
-+- Set files with the mrtg_var_lib_t type, if you want to store the mrtg files under the /var/lib directory.
++- Set files with the inetd_tmp_t type, if you want to store inetd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B mrtg_var_run_t
++.B inetd_var_run_t
+.EE
+
-+- Set files with the mrtg_var_run_t type, if you want to store the mrtg files under the /run directory.
++- Set files with the inetd_var_run_t type, if you want to store the inetd files under the /run directory.
+
+
+.PP
@@ -30520,24 +35469,75 @@ index 0000000..58fd320
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
++.PP
++The following port types are defined for inetd:
++
++.EX
++.TP 5
++.B inetd_child_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 1,9,13,19,512,543,544,891,892,2105,5666
++.EE
++udp 1,9,13,19,891,892
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mrtg policy is very flexible allowing users to setup their mrtg processes in as secure a method as possible.
++SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible.
+.PP
-+The following process types are defined for mrtg:
++The following process types are defined for inetd:
+
+.EX
-+.B mrtg_t
++.B inetd_t, inetd_child_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type inetd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B inetd_log_t
++
++ /var/log/(x)?inetd\.log.*
++.br
++
++.br
++.B inetd_tmp_t
++
++
++.br
++.B inetd_var_run_t
++
++ /var/run/(x)?inetd\.pid
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -30548,61 +35548,66 @@ index 0000000..58fd320
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mscan_selinux.8 b/man/man8/mscan_selinux.8
++selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1)
++, inetd_child_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/init_selinux.8 b/man/man8/init_selinux.8
new file mode 100644
-index 0000000..f950632
+index 0000000..a2f10a4
--- /dev/null
-+++ b/man/man8/mscan_selinux.8
-@@ -0,0 +1,145 @@
-+.TH "mscan_selinux" "8" "mscan" "dwalsh at redhat.com" "mscan SELinux Policy documentation"
++++ b/man/man8/init_selinux.8
+@@ -0,0 +1,483 @@
++.TH "init_selinux" "8" "init" "dwalsh at redhat.com" "init SELinux Policy documentation"
+.SH "NAME"
-+mscan_selinux \- Security Enhanced Linux Policy for the mscan processes
++init_selinux \- Security Enhanced Linux Policy for the init processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mscan processes via flexible mandatory access
++Security-Enhanced Linux secures the init processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mscan with the tightest access possible.
++SELinux policy is customizable based on least access required. init policy is extremely flexible and has several booleans that allow you to manipulate the policy and run init with the tightest access possible.
+
+
+.PP
-+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++If you want to enable support for upstart as the init program, you must turn on the init_upstart boolean.
+
+.EX
-+.B setsebool -P clamscan_read_user_content 1
++.B setsebool -P init_upstart 1
+.EE
+
+.PP
-+If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++If you want to enable support for systemd as the init program, you must turn on the init_systemd boolean.
+
+.EX
-+.B setsebool -P clamscan_can_scan_system 1
++.B setsebool -P init_systemd 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mscan_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the init_t, initrc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mscan_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the init_t, initrc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -30611,262 +35616,417 @@ index 0000000..f950632
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mscan policy is very flexible allowing users to setup their mscan processes in as secure a method as possible.
++SELinux init policy is very flexible allowing users to setup their init processes in as secure a method as possible.
+.PP
-+The following file types are defined for mscan:
++The following file types are defined for init:
+
+
+.EX
+.PP
-+.B mscan_etc_t
++.B init_exec_t
+.EE
+
-+- Set files with the mscan_etc_t type, if you want to store mscan files in the /etc directories.
++- Set files with the init_exec_t type, if you want to transition an executable to the init_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/sysconfig/MailScanner, /etc/MailScanner(/.*)?, /etc/sysconfig/update_spamassassin
++/usr/sbin/init(ng)?, /sbin/init(ng)?, /bin/systemd, /usr/lib/systemd/system-generators/[^/]*, /usr/bin/systemd, /sbin/upstart, /usr/sbin/upstart, /usr/lib/systemd/[^/]*
+
+.EX
+.PP
-+.B mscan_exec_t
++.B init_var_lib_t
+.EE
+
-+- Set files with the mscan_exec_t type, if you want to transition an executable to the mscan_t domain.
++- Set files with the init_var_lib_t type, if you want to store the init files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B mscan_initrc_exec_t
++.B init_var_run_t
+.EE
+
-+- Set files with the mscan_initrc_exec_t type, if you want to transition an executable to the mscan_initrc_t domain.
++- Set files with the init_var_run_t type, if you want to store the init files under the /run directory.
+
+
+.EX
+.PP
-+.B mscan_tmp_t
++.B initctl_t
+.EE
+
-+- Set files with the mscan_tmp_t type, if you want to store mscan temporary files in the /tmp directories.
++- Set files with the initctl_t type, if you want to treat the files as initctl data.
+
+
+.EX
+.PP
-+.B mscan_var_run_t
++.B initrc_devpts_t
+.EE
+
-+- Set files with the mscan_var_run_t type, if you want to store the mscan files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the initrc_devpts_t type, if you want to treat the files as initrc devpts data.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux mscan policy is very flexible allowing users to setup their mscan processes in as secure a method as possible.
-+.PP
-+The following process types are defined for mscan:
+
+.EX
-+.B mscan_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B initrc_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.br
++.TP 5
++Paths:
++/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), mscan(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/munin_selinux.8 b/man/man8/munin_selinux.8
-new file mode 100644
-index 0000000..5be69aa
---- /dev/null
-+++ b/man/man8/munin_selinux.8
-@@ -0,0 +1,175 @@
-+.TH "munin_selinux" "8" "munin" "dwalsh at redhat.com" "munin SELinux Policy documentation"
-+.SH "NAME"
-+munin_selinux \- Security Enhanced Linux Policy for the munin processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the munin processes via flexible mandatory access
-+control.
++.B initrc_state_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the initrc_state_t type, if you want to treat the files as initrc state data.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the munin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the munin_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
++.B initrc_tmp_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
-+.PP
-+The following file types are defined for munin:
++- Set files with the initrc_tmp_t type, if you want to store initrc temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B munin_etc_t
++.B initrc_var_log_t
+.EE
+
-+- Set files with the munin_etc_t type, if you want to store munin files in the /etc directories.
++- Set files with the initrc_var_log_t type, if you want to treat the data as initrc var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B munin_exec_t
++.B initrc_var_run_t
+.EE
+
-+- Set files with the munin_exec_t type, if you want to transition an executable to the munin_t domain.
++- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*, /usr/bin/munin-.*
++/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
-+.EX
+.PP
-+.B munin_initrc_exec_t
-+.EE
-+
-+- Set files with the munin_initrc_exec_t type, if you want to transition an executable to the munin_initrc_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux init policy is very flexible allowing users to setup their init processes in as secure a method as possible.
++.PP
++The following process types are defined for init:
+
+.EX
-+.PP
-+.B munin_log_t
++.B initrc_t, init_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the munin_log_t type, if you want to treat the data as munin log data, usually stored under the /var/log directory.
++.SH "MANAGED FILES"
+
++The SELinux user type init_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B munin_plugin_state_t
-+.EE
++.br
++.B binfmt_misc_fs_t
+
-+- Set files with the munin_plugin_state_t type, if you want to treat the files as munin plugin state data.
+
++.br
++.B boolean_type
+
-+.EX
-+.PP
-+.B munin_tmp_t
-+.EE
+
-+- Set files with the munin_tmp_t type, if you want to store munin temporary files in the /tmp directories.
++.br
++.B cgroup_t
+
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
+
-+.EX
-+.PP
-+.B munin_var_lib_t
-+.EE
++.br
++.B consolekit_log_t
+
-+- Set files with the munin_var_lib_t type, if you want to store the munin files under the /var/lib directory.
++ /var/log/ConsoleKit(/.*)?
++.br
+
++.br
++.B device_t
+
-+.EX
-+.PP
-+.B munin_var_run_t
-+.EE
++ /dev/.*
++.br
++ /lib/udev/devices(/.*)?
++.br
++ /usr/lib/udev/devices(/.*)?
++.br
++ /dev
++.br
++ /etc/udev/devices
++.br
++ /var/named/chroot/dev
++.br
++ /var/spool/postfix/dev
++.br
+
-+- Set files with the munin_var_run_t type, if you want to store the munin files under the /run directory.
++.br
++.B etc_runtime_t
+
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B init_var_lib_t
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++ /var/lib/random-seed
++.br
+
-+.B semanage port -l
++.br
++.B init_var_run_t
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
-+.PP
-+The following port types are defined for munin:
++ /var/run/systemd(/.*)?
++.br
+
-+.EX
-+.TP 5
-+.B munin_port_t
-+.TP 10
-+.EE
++.br
++.B initrc_state_t
+
+
-+Default Defined Ports:
-+tcp 4949
-+.EE
-+udp 4949
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
-+.PP
-+The following process types are defined for munin:
++.br
++.B initrc_var_run_t
+
-+.EX
-+.B munin_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B ld_so_cache_t
++
++ /etc/ld\.so\.cache
++.br
++ /etc/ld\.so\.cache~
++.br
++ /etc/ld\.so\.preload
++.br
++ /etc/ld\.so\.preload~
++.br
++
++.br
++.B locale_t
++
++ /etc/locale.conf
++.br
++ /usr/lib/locale(/.*)?
++.br
++ /usr/share/locale(/.*)?
++.br
++ /usr/share/zoneinfo(/.*)?
++.br
++ /usr/share/X11/locale(/.*)?
++.br
++ /etc/timezone
++.br
++ /etc/localtime
++.br
++ /etc/sysconfig/clock
++.br
++ /etc/avahi/etc/localtime
++.br
++ /var/empty/sshd/etc/localtime
++.br
++ /var/spool/postfix/etc/localtime
++.br
++
++.br
++.B machineid_t
++
++ /etc/machine-id
++.br
++ /var/run/systemd/machine-id
++.br
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B systemd_unit_file_type
++
++
++.br
++.B tmpfs_t
++
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
++
++.br
++.B var_log_t
++
++ /var/log/.*
++.br
++ /nsr/logs(/.*)?
++.br
++ /var/webmin(/.*)?
++.br
++ /var/log/cron[^/]*
++.br
++ /var/log/secure[^/]*
++.br
++ /opt/zimbra/log(/.*)?
++.br
++ /var/log/maillog[^/]*
++.br
++ /var/log/spooler[^/]*
++.br
++ /var/log/messages[^/]*
++.br
++ /usr/centreon/log(/.*)?
++.br
++ /var/spool/rsyslog(/.*)?
++.br
++ /var/axfrdns/log/main(/.*)?
++.br
++ /var/spool/bacula/log(/.*)?
++.br
++ /var/tinydns/log/main(/.*)?
++.br
++ /var/dnscache/log/main(/.*)?
++.br
++ /var/stockmaniac/templates_cache(/.*)?
++.br
++ /opt/Symantec/scspagent/IDS/system(/.*)?
++.br
++ /var/log
++.br
++ /var/log/dmesg
++.br
++ /var/log/syslog
++.br
++ /var/log/boot\.log
++.br
++ /var/named/chroot/var/log
++.br
++ /var/spool/plymouth/boot\.log
++.br
++
++.br
++.B var_run_t
++
++ /run/.*
++.br
++ /var/run/.*
++.br
++ /run
++.br
++ /var/run
++.br
++ /var/run
++.br
++ /var/spool/postfix/pid
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -30878,64 +36038,48 @@ index 0000000..5be69aa
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.B semanage boolean
++can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), munin(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/mysqld_selinux.8 b/man/man8/mysqld_selinux.8
++selinux(8), init(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), initrc_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/initrc_selinux.8 b/man/man8/initrc_selinux.8
new file mode 100644
-index 0000000..8c48ea1
+index 0000000..5016301
--- /dev/null
-+++ b/man/man8/mysqld_selinux.8
-@@ -0,0 +1,230 @@
-+.TH "mysqld_selinux" "8" "mysqld" "dwalsh at redhat.com" "mysqld SELinux Policy documentation"
++++ b/man/man8/initrc_selinux.8
+@@ -0,0 +1,816 @@
++.TH "initrc_selinux" "8" "initrc" "dwalsh at redhat.com" "initrc SELinux Policy documentation"
+.SH "NAME"
-+mysqld_selinux \- Security Enhanced Linux Policy for the mysqld processes
++initrc_selinux \- Security Enhanced Linux Policy for the initrc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mysqld processes via flexible mandatory access
++Security-Enhanced Linux secures the initrc processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. mysqld policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mysqld with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow mysqld to connect to all ports, you must turn on the mysql_connect_any boolean.
-+
-+.EX
-+.B setsebool -P mysql_connect_any 1
-+.EE
-+
-+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the user_mysql_connect boolean.
-+
-+.EX
-+.B setsebool -P user_mysql_connect 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mysqld_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the initrc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the mysqld_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the initrc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -30944,102 +36088,66 @@ index 0000000..8c48ea1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
++SELinux initrc policy is very flexible allowing users to setup their initrc processes in as secure a method as possible.
+.PP
-+The following file types are defined for mysqld:
-+
-+
-+.EX
-+.PP
-+.B mysqld_db_t
-+.EE
-+
-+- Set files with the mysqld_db_t type, if you want to treat the files as mysqld database content.
++The following file types are defined for initrc:
+
+
+.EX
+.PP
-+.B mysqld_etc_t
++.B initrc_devpts_t
+.EE
+
-+- Set files with the mysqld_etc_t type, if you want to store mysqld files in the /etc directories.
++- Set files with the initrc_devpts_t type, if you want to treat the files as initrc devpts data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/my\.cnf, /etc/mysql(/.*)?
+
+.EX
+.PP
-+.B mysqld_exec_t
++.B initrc_exec_t
+.EE
+
-+- Set files with the mysqld_exec_t type, if you want to transition an executable to the mysqld_t domain.
++- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/libexec/mysqld, /usr/bin/mysql_upgrade, /usr/sbin/mysqld(-max)?, /usr/sbin/ndbd
-+
-+.EX
-+.PP
-+.B mysqld_home_t
-+.EE
-+
-+- Set files with the mysqld_home_t type, if you want to store mysqld files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B mysqld_initrc_exec_t
-+.EE
-+
-+- Set files with the mysqld_initrc_exec_t type, if you want to transition an executable to the mysqld_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B mysqld_log_t
-+.EE
-+
-+- Set files with the mysqld_log_t type, if you want to treat the data as mysqld log data, usually stored under the /var/log directory.
-+
++/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
+
+.EX
+.PP
-+.B mysqld_safe_exec_t
++.B initrc_state_t
+.EE
+
-+- Set files with the mysqld_safe_exec_t type, if you want to transition an executable to the mysqld_safe_t domain.
++- Set files with the initrc_state_t type, if you want to treat the files as initrc state data.
+
+
+.EX
+.PP
-+.B mysqld_tmp_t
++.B initrc_tmp_t
+.EE
+
-+- Set files with the mysqld_tmp_t type, if you want to store mysqld temporary files in the /tmp directories.
++- Set files with the initrc_tmp_t type, if you want to store initrc temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B mysqld_unit_file_t
++.B initrc_var_log_t
+.EE
+
-+- Set files with the mysqld_unit_file_t type, if you want to treat the files as mysqld unit content.
++- Set files with the initrc_var_log_t type, if you want to treat the data as initrc var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B mysqld_var_run_t
++.B initrc_var_run_t
+.EE
+
-+- Set files with the mysqld_var_run_t type, if you want to store the mysqld files under the /run directory.
++- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/mysqld(/.*)?, /var/lib/mysql/mysql\.sock
++/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -31048,427 +36156,703 @@ index 0000000..8c48ea1
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
-+.PP
-+The following port types are defined for mysqld:
-+
-+.EX
-+.TP 5
-+.B mysqld_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1186,3306,63132-63164
-+.EE
-+
-+.EX
-+.TP 5
-+.B mysqlmanagerd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 2273
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
++SELinux initrc policy is very flexible allowing users to setup their initrc processes in as secure a method as possible.
+.PP
-+The following process types are defined for mysqld:
++The following process types are defined for initrc:
+
+.EX
-+.B mysqld_safe_t, mysqlmanagerd_t, mysqld_t
++.B initrc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++The SELinux user type initrc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.br
++.B abrt_var_run_t
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++ /var/run/abrt(/.*)?
++.br
++ /var/run/abrtd?\.lock
++.br
++ /var/run/abrtd?\.socket
++.br
++ /var/run/abrt\.pid
++.br
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B alsa_etc_rw_t
+
-+.SH "SEE ALSO"
-+selinux(8), mysqld(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/mysqlmanagerd_selinux.8 b/man/man8/mysqlmanagerd_selinux.8
-new file mode 100644
-index 0000000..20bc2e9
---- /dev/null
-+++ b/man/man8/mysqlmanagerd_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "mysqlmanagerd_selinux" "8" "mysqlmanagerd" "dwalsh at redhat.com" "mysqlmanagerd SELinux Policy documentation"
-+.SH "NAME"
-+mysqlmanagerd_selinux \- Security Enhanced Linux Policy for the mysqlmanagerd processes
-+.SH "DESCRIPTION"
++ /etc/asound(/.*)?
++.br
++ /etc/alsa/pcm(/.*)?
++.br
++ /usr/share/alsa/pcm(/.*)?
++.br
++ /etc/asound\.state
++.br
++ /etc/alsa/asound\.state
++.br
++ /usr/share/alsa/alsa\.conf
++.br
+
-+Security-Enhanced Linux secures the mysqlmanagerd processes via flexible mandatory access
-+control.
++.br
++.B binfmt_misc_fs_t
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for mysqlmanagerd:
++.br
++.B boot_t
+
++ /boot/.*
++.br
++ /vmlinuz.*
++.br
++ /initrd\.img.*
++.br
++ /boot
++.br
+
-+.EX
-+.PP
-+.B mysqlmanagerd_exec_t
-+.EE
++.br
++.B cert_t
+
-+- Set files with the mysqlmanagerd_exec_t type, if you want to transition an executable to the mysqlmanagerd_t domain.
++ /etc/pki(/.*)?
++.br
++ /etc/httpd/alias(/.*)?
++.br
++ /usr/share/ssl/certs(/.*)?
++.br
++ /usr/share/ssl/private(/.*)?
++.br
++ /var/named/chroot/etc/pki(/.*)?
++.br
+
++.br
++.B cgroup_t
+
-+.EX
-+.PP
-+.B mysqlmanagerd_initrc_exec_t
-+.EE
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
+
-+- Set files with the mysqlmanagerd_initrc_exec_t type, if you want to transition an executable to the mysqlmanagerd_initrc_t domain.
++.br
++.B consolekit_log_t
+
++ /var/log/ConsoleKit(/.*)?
++.br
+
-+.EX
-+.PP
-+.B mysqlmanagerd_var_run_t
-+.EE
++.br
++.B cupsd_log_t
+
-+- Set files with the mysqlmanagerd_var_run_t type, if you want to store the mysqlmanagerd files under the /run directory.
++ /var/log/cups(/.*)?
++.br
++ /usr/Brother/fax/.*\.log.*
++.br
++ /var/log/turboprint.*
++.br
+
++.br
++.B cyrus_var_lib_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /var/imap(/.*)?
++.br
++ /var/lib/imap(/.*)?
++.br
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++.br
++.B device_t
+
-+.B semanage port -l
++ /dev/.*
++.br
++ /lib/udev/devices(/.*)?
++.br
++ /usr/lib/udev/devices(/.*)?
++.br
++ /dev
++.br
++ /etc/udev/devices
++.br
++ /var/named/chroot/dev
++.br
++ /var/spool/postfix/dev
++.br
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for mysqlmanagerd:
++.br
++.B dhcp_etc_t
+
-+.EX
-+.TP 5
-+.B mysqlmanagerd_port_t
-+.TP 10
-+.EE
++ /etc/dhcpc.*
++.br
++ /etc/dhcp3(/.*)?
++.br
++ /etc/dhcpd(6)?\.conf
++.br
++ /etc/dhcp3?/dhclient.*
++.br
++ /etc/dhclient.*conf
++.br
++ /etc/dhcp/dhcpd(6)?\.conf
++.br
++ /etc/dhclient-script
++.br
+
++.br
++.B dhcpc_state_t
+
-+Default Defined Ports:
-+tcp 2273
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for mysqlmanagerd:
++ /var/lib/dhcp3?/dhclient.*
++.br
++ /var/lib/dhcpcd(/.*)?
++.br
++ /var/lib/dhclient(/.*)?
++.br
++ /var/lib/wifiroamd(/.*)?
++.br
+
-+.EX
-+.B mysqlmanagerd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B dirsrv_var_run_t
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++ /var/run/dirsrv(/.*)?
++.br
+
-+.B semanage port
-+can also be used to manipulate the port definitions
++.br
++.B etc_aliases_t
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++ /etc/postfix/aliases.*
++.br
++ /etc/aliases
++.br
++ /etc/aliases\.db
++.br
++ /etc/mail/aliases
++.br
++ /etc/mail/aliases\.db
++.br
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B etc_mail_t
+
-+.SH "SEE ALSO"
-+selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nagios_selinux.8 b/man/man8/nagios_selinux.8
-new file mode 100644
-index 0000000..131c93d
---- /dev/null
-+++ b/man/man8/nagios_selinux.8
-@@ -0,0 +1,235 @@
-+.TH "nagios_selinux" "8" "nagios" "dwalsh at redhat.com" "nagios SELinux Policy documentation"
-+.SH "NAME"
-+nagios_selinux \- Security Enhanced Linux Policy for the nagios processes
-+.SH "DESCRIPTION"
++ /etc/mail(/.*)?
++.br
+
-+Security-Enhanced Linux secures the nagios processes via flexible mandatory access
-+control.
++.br
++.B etc_runtime_t
+
-+.SH NSSWITCH DOMAIN
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nagios_services_plugin_t, nagios_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.B exports_t
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++ /etc/exports
++.br
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nagios_services_plugin_t, nagios_t, you must turn on the kerberos_enabled boolean.
++.br
++.B faillog_t
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux nagios policy is very flexible allowing users to setup their nagios processes in as secure a method as possible.
-+.PP
-+The following file types are defined for nagios:
++.br
++.B fonts_t
+
++ /usr/share/fonts(/.*)?
++.br
++ /usr/share/X11/fonts(/.*)?
++.br
++ /usr/X11R6/lib/X11/fonts(/.*)?
++.br
++ /usr/share/ghostscript/fonts(/.*)?
++.br
+
-+.EX
-+.PP
-+.B nagios_admin_plugin_exec_t
-+.EE
++.br
++.B gconf_etc_t
+
-+- Set files with the nagios_admin_plugin_exec_t type, if you want to transition an executable to the nagios_admin_plugin_t domain.
++ /etc/gconf(/.*)?
++.br
+
++.br
++.B glance_var_run_t
+
-+.EX
-+.PP
-+.B nagios_checkdisk_plugin_exec_t
-+.EE
++ /var/run/glance(/.*)?
++.br
++
++.br
++.B initrc_state_t
+
-+- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
++.B initrc_tmp_t
+
-+.EX
-+.PP
-+.B nagios_etc_t
-+.EE
+
-+- Set files with the nagios_etc_t type, if you want to store nagios files in the /etc directories.
++.br
++.B initrc_var_log_t
+
+
-+.EX
-+.PP
-+.B nagios_eventhandler_plugin_exec_t
-+.EE
++.br
++.B initrc_var_run_t
+
-+- Set files with the nagios_eventhandler_plugin_exec_t type, if you want to transition an executable to the nagios_eventhandler_plugin_t domain.
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
++.br
++.B ipsec_var_run_t
+
-+.EX
-+.PP
-+.B nagios_eventhandler_plugin_tmp_t
-+.EE
++ /var/racoon(/.*)?
++.br
++ /var/run/pluto(/.*)?
++.br
++ /var/run/racoon\.pid
++.br
+
-+- Set files with the nagios_eventhandler_plugin_tmp_t type, if you want to store nagios eventhandler plugin temporary files in the /tmp directories.
++.br
++.B lastlog_t
+
++ /var/log/lastlog
++.br
+
-+.EX
-+.PP
-+.B nagios_exec_t
-+.EE
++.br
++.B ld_so_cache_t
+
-+- Set files with the nagios_exec_t type, if you want to transition an executable to the nagios_t domain.
++ /etc/ld\.so\.cache
++.br
++ /etc/ld\.so\.cache~
++.br
++ /etc/ld\.so\.preload
++.br
++ /etc/ld\.so\.preload~
++.br
+
++.br
++.B locale_t
+
-+.EX
-+.PP
-+.B nagios_initrc_exec_t
-+.EE
++ /etc/locale.conf
++.br
++ /usr/lib/locale(/.*)?
++.br
++ /usr/share/locale(/.*)?
++.br
++ /usr/share/zoneinfo(/.*)?
++.br
++ /usr/share/X11/locale(/.*)?
++.br
++ /etc/timezone
++.br
++ /etc/localtime
++.br
++ /etc/sysconfig/clock
++.br
++ /etc/avahi/etc/localtime
++.br
++ /var/empty/sshd/etc/localtime
++.br
++ /var/spool/postfix/etc/localtime
++.br
++
++.br
++.B lockfile
+
-+- Set files with the nagios_initrc_exec_t type, if you want to transition an executable to the nagios_initrc_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/nagios, /etc/rc\.d/init\.d/nrpe
++.B mdadm_var_run_t
+
-+.EX
-+.PP
-+.B nagios_log_t
-+.EE
++ /dev/.mdadm\.map
++.br
++ /dev/md/.*
++.br
++ /var/run/mdadm(/.*)?
++.br
+
-+- Set files with the nagios_log_t type, if you want to treat the data as nagios log data, usually stored under the /var/log directory.
++.br
++.B mnt_t
+
++ /mnt(/[^/]*)
++.br
++ /mnt(/[^/]*)?
++.br
++ /rhev(/[^/]*)?
++.br
++ /media(/[^/]*)
++.br
++ /media(/[^/]*)?
++.br
++ /media/\.hal-.*
++.br
++ /var/run/media(/[^/]*)?
++.br
++ /net
++.br
++ /afs
++.br
++ /rhev
++.br
++ /misc
+.br
-+.TP 5
-+Paths:
-+/var/log/netsaint(/.*)?, /var/log/nagios(/.*)?
+
-+.EX
-+.PP
-+.B nagios_mail_plugin_exec_t
-+.EE
++.br
++.B mysqld_log_t
+
-+- Set files with the nagios_mail_plugin_exec_t type, if you want to transition an executable to the nagios_mail_plugin_t domain.
++ /var/log/mysql.*
++.br
+
++.br
++.B named_conf_t
+
-+.EX
-+.PP
-+.B nagios_services_plugin_exec_t
-+.EE
++ /etc/rndc.*
++.br
++ /etc/unbound(/.*)?
++.br
++ /var/named/chroot(/.*)?
++.br
++ /etc/named\.rfc1912.zones
++.br
++ /var/named/chroot/etc/named\.rfc1912.zones
++.br
++ /etc/named\.conf
++.br
++ /var/named/named\.ca
++.br
++ /etc/named\.root\.hints
++.br
++ /var/named/chroot/etc/named\.conf
++.br
++ /etc/named\.caching-nameserver\.conf
++.br
++ /var/named/chroot/var/named/named\.ca
++.br
++ /var/named/chroot/etc/named\.root\.hints
++.br
++ /var/named/chroot/etc/named\.caching-nameserver\.conf
++.br
+
-+- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain.
++.br
++.B net_conf_t
+
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/lib/nagios/plugins/check_icmp, /usr
/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping, /usr/lib/nagios/plugins/check_dns
+
-+.EX
-+.PP
-+.B nagios_spool_t
-+.EE
++.br
++.B postgresql_db_t
+
-+- Set files with the nagios_spool_t type, if you want to store the nagios files under the /var/spool directory.
++ /var/lib/pgsql(/.*)?
++.br
++ /var/lib/sepgsql(/.*)?
++.br
++ /var/lib/postgres(ql)?(/.*)?
++.br
++ /usr/share/jonas/pgsql(/.*)?
++.br
++ /usr/lib/pgsql/test/regress(/.*)?
++.br
+
++.br
++.B psad_var_log_t
+
-+.EX
-+.PP
-+.B nagios_system_plugin_exec_t
-+.EE
++ /var/log/psad(/.*)?
++.br
+
-+- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain.
++.br
++.B qpidd_var_run_t
+
++ /var/run/qpidd(/.*)?
++.br
++ /var/run/qpidd\.pid
+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
+
-+.EX
-+.PP
-+.B nagios_system_plugin_tmp_t
-+.EE
++.br
++.B quota_flag_t
+
-+- Set files with the nagios_system_plugin_tmp_t type, if you want to store nagios system plugin temporary files in the /tmp directories.
++ /var/lib/quota(/.*)?
++.br
+
++.br
++.B ricci_var_lib_t
+
-+.EX
-+.PP
-+.B nagios_tmp_t
-+.EE
++ /var/lib/ricci(/.*)?
++.br
+
-+- Set files with the nagios_tmp_t type, if you want to store nagios temporary files in the /tmp directories.
++.br
++.B samba_etc_t
+
++ /etc/samba(/.*)?
++.br
+
-+.EX
-+.PP
-+.B nagios_unconfined_plugin_exec_t
-+.EE
++.br
++.B sanlock_var_run_t
+
-+- Set files with the nagios_unconfined_plugin_exec_t type, if you want to transition an executable to the nagios_unconfined_plugin_t domain.
++ /var/run/sanlock(/.*)?
++.br
+
++.br
++.B squid_log_t
+
-+.EX
-+.PP
-+.B nagios_var_lib_t
-+.EE
++ /var/log/squid(/.*)?
++.br
++ /var/log/squidGuard(/.*)?
++.br
+
-+- Set files with the nagios_var_lib_t type, if you want to store the nagios files under the /var/lib directory.
++.br
++.B svc_svc_t
+
++ /service/.*
++.br
++ /var/axfrdns(/.*)?
++.br
++ /var/tinydns(/.*)?
++.br
++ /var/service/.*
++.br
++ /var/dnscache(/.*)?
++.br
++ /var/qmail/supervise(/.*)?
++.br
++ /service
++.br
+
-+.EX
-+.PP
-+.B nagios_var_run_t
-+.EE
++.br
++.B sysctl_type
+
-+- Set files with the nagios_var_run_t type, if you want to store the nagios files under the /run directory.
+
++.br
++.B sysfs_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /sys(/.*)?
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux nagios policy is very flexible allowing users to setup their nagios processes in as secure a method as possible.
-+.PP
-+The following process types are defined for nagios:
++.br
++.B system_conf_t
+
-+.EX
-+.B nagios_t, nagios_mail_plugin_t, nagios_checkdisk_plugin_t, nagios_services_plugin_t, nagios_eventhandler_plugin_t, nagios_system_plugin_t, nagios_unconfined_plugin_t, nagios_admin_plugin_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /etc/sysctl\.conf(\.old)?
++.br
++ /etc/sysconfig/ip6?tables.*
++.br
++ /etc/sysconfig/ipvsadm.*
++.br
++ /etc/sysconfig/ebtables.*
++.br
++ /etc/sysconfig/system-config-firewall.*
++.br
++
++.br
++.B system_dbusd_var_lib_t
++
++ /var/lib/dbus(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B udev_rules_t
++
++ /etc/udev/rules.d(/.*)?
++.br
++
++.br
++.B udev_var_run_t
++
++ /dev/\.udev(/.*)?
++.br
++ /var/run/udev(/.*)?
++.br
++ /var/run/libgpod(/.*)?
++.br
++ /var/run/PackageKit/udev(/.*)?
++.br
++ /dev/\.udevdb
++.br
++ /dev/udev\.tbl
++.br
++
++.br
++.B var_lib_nfs_t
++
++ /var/lib/nfs(/.*)?
++.br
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
++
++.br
++.B var_log_t
++
++ /var/log/.*
++.br
++ /nsr/logs(/.*)?
++.br
++ /var/webmin(/.*)?
++.br
++ /var/log/cron[^/]*
++.br
++ /var/log/secure[^/]*
++.br
++ /opt/zimbra/log(/.*)?
++.br
++ /var/log/maillog[^/]*
++.br
++ /var/log/spooler[^/]*
++.br
++ /var/log/messages[^/]*
++.br
++ /usr/centreon/log(/.*)?
++.br
++ /var/spool/rsyslog(/.*)?
++.br
++ /var/axfrdns/log/main(/.*)?
++.br
++ /var/spool/bacula/log(/.*)?
++.br
++ /var/tinydns/log/main(/.*)?
++.br
++ /var/dnscache/log/main(/.*)?
++.br
++ /var/stockmaniac/templates_cache(/.*)?
++.br
++ /opt/Symantec/scspagent/IDS/system(/.*)?
++.br
++ /var/log
++.br
++ /var/log/dmesg
++.br
++ /var/log/syslog
++.br
++ /var/log/boot\.log
++.br
++ /var/named/chroot/var/log
++.br
++ /var/spool/plymouth/boot\.log
++.br
++
++.br
++.B var_spool_t
++
++ /var/spool(/.*)?
++.br
++
++.br
++.B virt_cache_t
++
++ /var/cache/oz(/.*)?
++.br
++ /var/cache/libvirt(/.*)?
++.br
++
++.br
++.B virt_var_lib_t
++
++ /var/lib/oz(/.*)?
++.br
++ /var/lib/libvirt(/.*)?
++.br
++
++.br
++.B wdmd_var_run_t
++
++ /var/run/wdmd(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -31485,232 +36869,173 @@ index 0000000..131c93d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
-index fce0b48..8828c8c 100644
---- a/man/man8/named_selinux.8
-+++ b/man/man8/named_selinux.8
-@@ -1,30 +1,221 @@
--.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
--.de EX
--.nf
--.ft CW
--..
--.de EE
--.ft R
--.fi
--..
-+.TH "named_selinux" "8" "named" "dwalsh at redhat.com" "named SELinux Policy documentation"
- .SH "NAME"
--named_selinux \- Security Enhanced Linux Policy for the Internet Name server (named) daemon
-+named_selinux \- Security Enhanced Linux Policy for the named processes
- .SH "DESCRIPTION"
-
--Security-Enhanced Linux secures the named server via flexible mandatory access
-+Security-Enhanced Linux secures the named processes via flexible mandatory access
- control.
++selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1)
++, init_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/innd_selinux.8 b/man/man8/innd_selinux.8
+new file mode 100644
+index 0000000..10905b1
+--- /dev/null
++++ b/man/man8/innd_selinux.8
+@@ -0,0 +1,177 @@
++.TH "innd_selinux" "8" "innd" "dwalsh at redhat.com" "innd SELinux Policy documentation"
++.SH "NAME"
++innd_selinux \- Security Enhanced Linux Policy for the innd processes
++.SH "DESCRIPTION"
+
- .SH BOOLEANS
--SELinux policy is customizable based on least access required. So by
--default SELinux policy does not allow named to write master zone files. If you want to have named update the master zone files you need to set the named_write_master_zones boolean.
-+SELinux policy is customizable based on least access required. named policy is extremely flexible and has several booleans that allow you to manipulate the policy and run named with the tightest access possible.
++Security-Enhanced Linux secures the innd processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers, you must turn on the named_write_master_zones boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
++.PP
++The following file types are defined for innd:
+
- .EX
--setsebool -P named_write_master_zones 1
-+.B setsebool -P named_write_master_zones 1
- .EE
+
- .PP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
--.SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
-
--.SH "SEE ALSO"
--selinux(8), named(8), chcon(1), setsebool(8)
+.EX
-+.B setsebool -P named_bind_http_port 1
++.PP
++.B innd_etc_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the innd_etc_t type, if you want to store innd files in the /etc directories.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the namespace_init_t, named_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the namespace_init_t, named_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
++.B innd_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux named policy is very flexible allowing users to setup their named processes in as secure a method as possible.
-+.PP
-+The following file types are defined for named:
++- Set files with the innd_exec_t type, if you want to transition an executable to the innd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/suck, /usr/lib/news/bin/filechan, /usr/lib/news/bin/nntpget, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/convdate, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/shlock, /usr/lib/news/bin/archive, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/actsync, /usr/lib/news/bin/innxbatch, /usr/bin/inews, /usr/lib/news/bin/batcher, /usr/sbin/innd.*, /usr/lib/news/bin/expire, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/ctlinnd, /usr/bin/rpost, /usr/lib/news/bin/buffchan, /usr/lib/news/bin/ovdb_recover, /etc/news/boot, /usr/lib/news/bin/startinnfeed, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/expireover, /usr/lib/news/bin/innd, /usr/lib/news/bin/makedbz, /usr/bin/rnews, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/getlist, /usr/lib/news/bin/sm, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/rnews, /usr/lib/news/bin/newsrequeue, /usr/lib/news/bin/overchan, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/prunehistory, /usr/l
ib/news/bin/inews, /usr/lib/news/bin/shrinkfile, /usr/lib/news/bin/inndf
+
+.EX
+.PP
-+.B named_cache_t
++.B innd_initrc_exec_t
+.EE
+
-+- Set files with the named_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the innd_initrc_exec_t type, if you want to transition an executable to the innd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/named/data(/.*)?, /var/named/chroot/var/tmp(/.*)?, /var/named/data(/.*)?, /var/named/chroot/var/named/slaves(/.*)?, /var/named/dynamic(/.*)?, /var/named/slaves(/.*)?, /var/named/chroot/var/named/dynamic(/.*)?
+
+.EX
+.PP
-+.B named_checkconf_exec_t
++.B innd_log_t
+.EE
+
-+- Set files with the named_checkconf_exec_t type, if you want to transition an executable to the named_checkconf_t domain.
++- Set files with the innd_log_t type, if you want to treat the data as innd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B named_conf_t
++.B innd_var_lib_t
+.EE
+
-+- Set files with the named_conf_t type, if you want to treat the files as named configuration data, usually stored under the /etc directory.
++- Set files with the innd_var_lib_t type, if you want to store the innd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/etc/named\.root\.hints, /var/named/chroot(/.*)?, /var/named/named\.ca, /etc/unbound(/.*)?, /var/named/chroot/etc/named\.caching-nameserver\.conf, /etc/named\.rfc1912.zones, /etc/named\.caching-nameserver\.conf, /etc/named\.conf, /var/named/chroot/var/named/named\.ca, /var/named/chroot/etc/named\.conf, /etc/rndc.*, /var/named/chroot/etc/named\.rfc1912.zones, /etc/named\.root\.hints
+
+.EX
+.PP
-+.B named_exec_t
++.B innd_var_run_t
+.EE
+
-+- Set files with the named_exec_t type, if you want to transition an executable to the named_t domain.
++- Set files with the innd_var_run_t type, if you want to store the innd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/lwresd, /usr/sbin/named, /usr/sbin/unbound
++/var/run/innd(/.*)?, /var/run/news(/.*)?
+
-+.EX
+.PP
-+.B named_initrc_exec_t
-+.EE
-+
-+- Set files with the named_initrc_exec_t type, if you want to transition an executable to the named_initrc_t domain.
-
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound
-
-+.EX
-+.PP
-+.B named_keytab_t
-+.EE
-+
-+- Set files with the named_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B named_log_t
-+.EE
-+
-+- Set files with the named_log_t type, if you want to treat the data as named log data, usually stored under the /var/log directory.
++You can see the types associated with a port by using the following command:
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/named.*, /var/named/chroot/var/log/named.*
++.B semanage port -l
+
-+.EX
+.PP
-+.B named_tmp_t
-+.EE
-+
-+- Set files with the named_tmp_t type, if you want to store named temporary files in the /tmp directories.
-+
++Policy governs the access confined processes have to these ports.
++SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
++.PP
++The following port types are defined for innd:
+
+.EX
-+.PP
-+.B named_unit_file_t
-+.EE
-+
-+- Set files with the named_unit_file_t type, if you want to treat the files as named unit content.
-+
-+.br
+.TP 5
-+Paths:
-+/usr/lib/systemd/system/unbound.*, /usr/lib/systemd/system/named.*
-+
-+.EX
-+.PP
-+.B named_var_run_t
++.B innd_port_t
++.TP 10
+.EE
+
-+- Set files with the named_var_run_t type, if you want to store the named files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/run/named.*, /var/run/ndc, /var/run/bind(/.*)?, /var/run/named(/.*)?, /var/run/unbound(/.*)?
+
-+.EX
-+.PP
-+.B named_zone_t
++Default Defined Ports:
++tcp 119
+.EE
-+
-+- Set files with the named_zone_t type, if you want to treat the files as named zone data.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/named(/.*)?, /var/named(/.*)?
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux named policy is very flexible allowing users to setup their named processes in as secure a method as possible.
++SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible.
+.PP
-+The following process types are defined for named:
++The following process types are defined for innd:
+
+.EX
-+.B named_t, namespace_init_t
++.B innd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type innd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B innd_log_t
++
++ /var/log/news(/.*)?
++.br
++
++.br
++.B innd_var_lib_t
++
++ /var/lib/news(/.*)?
++.br
++
++.br
++.B innd_var_run_t
++
++ /var/run/innd(/.*)?
++.br
++ /var/run/news(/.*)?
++.br
++
++.br
++.B news_spool_t
++
++ /var/spool/news(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -31721,48 +37046,64 @@ index fce0b48..8828c8c 100644
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.B semanage port
++can also be used to manipulate the port definitions
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), named(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/namespace_selinux.8 b/man/man8/namespace_selinux.8
++selinux(8), innd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/insmod_selinux.8 b/man/man8/insmod_selinux.8
new file mode 100644
-index 0000000..3d5eb82
+index 0000000..8c6dfee
--- /dev/null
-+++ b/man/man8/namespace_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "namespace_selinux" "8" "namespace" "dwalsh at redhat.com" "namespace SELinux Policy documentation"
++++ b/man/man8/insmod_selinux.8
+@@ -0,0 +1,171 @@
++.TH "insmod_selinux" "8" "insmod" "dwalsh at redhat.com" "insmod SELinux Policy documentation"
+.SH "NAME"
-+namespace_selinux \- Security Enhanced Linux Policy for the namespace processes
++insmod_selinux \- Security Enhanced Linux Policy for the insmod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the namespace processes via flexible mandatory access
++Security-Enhanced Linux secures the insmod processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. insmod policy is extremely flexible and has several booleans that allow you to manipulate the policy and run insmod with the tightest access possible.
++
++
++.PP
++If you want to disable kernel module loading, you must turn on the secure_mode_insmod boolean.
++
++.EX
++.B setsebool -P secure_mode_insmod 1
++.EE
++
++.PP
++If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
++
++.EX
++.B setsebool -P pppd_can_insmod 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the namespace_init_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the insmod_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the namespace_init_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the insmod_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -31771,17 +37112,29 @@ index 0000000..3d5eb82
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux namespace policy is very flexible allowing users to setup their namespace processes in as secure a method as possible.
++SELinux insmod policy is very flexible allowing users to setup their insmod processes in as secure a method as possible.
+.PP
-+The following file types are defined for namespace:
++The following file types are defined for insmod:
+
+
+.EX
+.PP
-+.B namespace_init_exec_t
++.B insmod_exec_t
+.EE
+
-+- Set files with the namespace_init_exec_t type, if you want to transition an executable to the namespace_init_t domain.
++- Set files with the insmod_exec_t type, if you want to transition an executable to the insmod_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/rmmod.*, /sbin/modprobe.*, /sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod, /usr/sbin/insmod.*, /usr/sbin/rmmod.*
++
++.EX
++.PP
++.B insmod_tmpfs_t
++.EE
++
++- Set files with the insmod_tmpfs_t type, if you want to store insmod files on a tmpfs file system.
+
+
+.PP
@@ -31797,96 +37150,67 @@ index 0000000..3d5eb82
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux namespace policy is very flexible allowing users to setup their namespace processes in as secure a method as possible.
++SELinux insmod policy is very flexible allowing users to setup their insmod processes in as secure a method as possible.
+.PP
-+The following process types are defined for namespace:
++The following process types are defined for insmod:
+
+.EX
-+.B namespace_init_t
++.B insmod_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++The SELinux user type insmod_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B initrc_tmp_t
+
-+.SH "SEE ALSO"
-+selinux(8), namespace(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ncftool_selinux.8 b/man/man8/ncftool_selinux.8
-new file mode 100644
-index 0000000..b4ceef0
---- /dev/null
-+++ b/man/man8/ncftool_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "ncftool_selinux" "8" "ncftool" "dwalsh at redhat.com" "ncftool SELinux Policy documentation"
-+.SH "NAME"
-+ncftool_selinux \- Security Enhanced Linux Policy for the ncftool processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ncftool processes via flexible mandatory access
-+control.
++.br
++.B insmod_tmpfs_t
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux ncftool policy is very flexible allowing users to setup their ncftool processes in as secure a method as possible.
-+.PP
-+The following file types are defined for ncftool:
++.br
++.B kdumpctl_tmp_t
+
+
-+.EX
-+.PP
-+.B ncftool_exec_t
-+.EE
++.br
++.B modules_dep_t
+
-+- Set files with the ncftool_exec_t type, if you want to transition an executable to the ncftool_t domain.
++ /lib/modules/[^/]+/modules\..+
++.br
+
++.br
++.B modules_object_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /lib/modules(/.*)?
++.br
++ /usr/lib/modules(/.*)?
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux ncftool policy is very flexible allowing users to setup their ncftool processes in as secure a method as possible.
-+.PP
-+The following process types are defined for ncftool:
++.br
++.B mtrr_device_t
+
-+.EX
-+.B ncftool_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /dev/cpu/mtrr
++.br
++
++.br
++.B ramfs_t
++
++
++.br
++.B rpm_script_tmp_t
++
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -31898,43 +37222,48 @@ index 0000000..b4ceef0
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ndc_selinux.8 b/man/man8/ndc_selinux.8
++selinux(8), insmod(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/ipsec_mgmt_selinux.8 b/man/man8/ipsec_mgmt_selinux.8
new file mode 100644
-index 0000000..1e7e844
+index 0000000..1d7bb54
--- /dev/null
-+++ b/man/man8/ndc_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "ndc_selinux" "8" "ndc" "dwalsh at redhat.com" "ndc SELinux Policy documentation"
++++ b/man/man8/ipsec_mgmt_selinux.8
+@@ -0,0 +1,180 @@
++.TH "ipsec_mgmt_selinux" "8" "ipsec_mgmt" "dwalsh at redhat.com" "ipsec_mgmt SELinux Policy documentation"
+.SH "NAME"
-+ndc_selinux \- Security Enhanced Linux Policy for the ndc processes
++ipsec_mgmt_selinux \- Security Enhanced Linux Policy for the ipsec_mgmt processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ndc processes via flexible mandatory access
++Security-Enhanced Linux secures the ipsec_mgmt processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ndc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ipsec_mgmt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ndc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the ipsec_mgmt_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -31943,17 +37272,37 @@ index 0000000..1e7e844
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ndc policy is very flexible allowing users to setup their ndc processes in as secure a method as possible.
++SELinux ipsec_mgmt policy is very flexible allowing users to setup their ipsec_mgmt processes in as secure a method as possible.
+.PP
-+The following file types are defined for ndc:
++The following file types are defined for ipsec_mgmt:
+
+
+.EX
+.PP
-+.B ndc_exec_t
++.B ipsec_mgmt_exec_t
+.EE
+
-+- Set files with the ndc_exec_t type, if you want to transition an executable to the ndc_t domain.
++- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
++
++.EX
++.PP
++.B ipsec_mgmt_lock_t
++.EE
++
++- Set files with the ipsec_mgmt_lock_t type, if you want to treat the files as ipsec mgmt lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B ipsec_mgmt_var_run_t
++.EE
++
++- Set files with the ipsec_mgmt_var_run_t type, if you want to store the ipsec mgmt files under the /run directory.
+
+
+.PP
@@ -31969,18 +37318,90 @@ index 0000000..1e7e844
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ndc policy is very flexible allowing users to setup their ndc processes in as secure a method as possible.
++SELinux ipsec_mgmt policy is very flexible allowing users to setup their ipsec_mgmt processes in as secure a method as possible.
+.PP
-+The following process types are defined for ndc:
++The following process types are defined for ipsec_mgmt:
+
+.EX
-+.B ndc_t
++.B ipsec_mgmt_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ipsec_mgmt_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ipsec_key_file_t
++
++ /etc/ipsec\.d(/.*)?
++.br
++ /etc/racoon/certs(/.*)?
++.br
++ /etc/ipsec\.secrets
++.br
++ /etc/racoon/psk\.txt
++.br
++
++.br
++.B ipsec_log_t
++
++ /var/log/pluto\.log
++.br
++
++.br
++.B ipsec_mgmt_lock_t
++
++ /var/lock/subsys/ipsec
++.br
++
++.br
++.B ipsec_mgmt_var_run_t
++
++
++.br
++.B ipsec_tmp_t
++
++
++.br
++.B ipsec_var_run_t
++
++ /var/racoon(/.*)?
++.br
++ /var/run/pluto(/.*)?
++.br
++ /var/run/racoon\.pid
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -31996,155 +37417,156 @@ index 0000000..1e7e844
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/netlabel_selinux.8 b/man/man8/netlabel_selinux.8
++selinux(8), ipsec_mgmt(8), semanage(8), restorecon(8), chcon(1)
++, ipsec_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ipsec_selinux.8 b/man/man8/ipsec_selinux.8
new file mode 100644
-index 0000000..5c0e840
+index 0000000..967d4c0
--- /dev/null
-+++ b/man/man8/netlabel_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "netlabel_selinux" "8" "netlabel" "dwalsh at redhat.com" "netlabel SELinux Policy documentation"
++++ b/man/man8/ipsec_selinux.8
+@@ -0,0 +1,274 @@
++.TH "ipsec_selinux" "8" "ipsec" "dwalsh at redhat.com" "ipsec SELinux Policy documentation"
+.SH "NAME"
-+netlabel_selinux \- Security Enhanced Linux Policy for the netlabel processes
++ipsec_selinux \- Security Enhanced Linux Policy for the ipsec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the netlabel processes via flexible mandatory access
++Security-Enhanced Linux secures the ipsec processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ipsec_t, ipsec_mgmt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ipsec_t, ipsec_mgmt_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux netlabel policy is very flexible allowing users to setup their netlabel processes in as secure a method as possible.
++SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
+.PP
-+The following file types are defined for netlabel:
++The following file types are defined for ipsec:
+
+
+.EX
+.PP
-+.B netlabel_mgmt_exec_t
++.B ipsec_conf_file_t
+.EE
+
-+- Set files with the netlabel_mgmt_exec_t type, if you want to transition an executable to the netlabel_mgmt_t domain.
++- Set files with the ipsec_conf_file_t type, if you want to treat the files as ipsec conf content.
+
+.br
+.TP 5
+Paths:
-+/sbin/netlabelctl, /usr/sbin/netlabelctl
++/etc/ipsec\.conf, /etc/racoon(/.*)?
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B ipsec_exec_t
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux netlabel policy is very flexible allowing users to setup their netlabel processes in as secure a method as possible.
-+.PP
-+The following process types are defined for netlabel:
++- Set files with the ipsec_exec_t type, if you want to transition an executable to the ipsec_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/spi, /usr/lib/ipsec/eroute, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/klipsdebug
+
+.EX
-+.B netlabel_mgmt_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B ipsec_initrc_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++- Set files with the ipsec_initrc_exec_t type, if you want to transition an executable to the ipsec_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/ipsec
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B ipsec_key_file_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the ipsec_key_file_t type, if you want to treat the files as ipsec key content.
+
-+.SH "SEE ALSO"
-+selinux(8), netlabel(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/netlogond_selinux.8 b/man/man8/netlogond_selinux.8
-new file mode 100644
-index 0000000..e698666
---- /dev/null
-+++ b/man/man8/netlogond_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "netlogond_selinux" "8" "netlogond" "dwalsh at redhat.com" "netlogond SELinux Policy documentation"
-+.SH "NAME"
-+netlogond_selinux \- Security Enhanced Linux Policy for the netlogond processes
-+.SH "DESCRIPTION"
++.br
++.TP 5
++Paths:
++/etc/ipsec\.secrets, /etc/racoon/certs(/.*)?, /etc/racoon/psk\.txt, /etc/ipsec\.d(/.*)?
+
-+Security-Enhanced Linux secures the netlogond processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B ipsec_log_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the ipsec_log_t type, if you want to treat the data as ipsec log data, usually stored under the /var/log directory.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux netlogond policy is very flexible allowing users to setup their netlogond processes in as secure a method as possible.
-+.PP
-+The following file types are defined for netlogond:
++.B ipsec_mgmt_exec_t
++.EE
++
++- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
+
+.EX
+.PP
-+.B netlogond_exec_t
++.B ipsec_mgmt_lock_t
+.EE
+
-+- Set files with the netlogond_exec_t type, if you want to transition an executable to the netlogond_t domain.
++- Set files with the ipsec_mgmt_lock_t type, if you want to treat the files as ipsec mgmt lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B netlogond_var_lib_t
++.B ipsec_mgmt_var_run_t
+.EE
+
-+- Set files with the netlogond_var_lib_t type, if you want to store the netlogond files under the /var/lib directory.
++- Set files with the ipsec_mgmt_var_run_t type, if you want to store the ipsec mgmt files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/krb5-affinity.conf, /var/lib/likewise-open/LWNetsd\.err
+
+.EX
+.PP
-+.B netlogond_var_run_t
++.B ipsec_tmp_t
+.EE
+
-+- Set files with the netlogond_var_run_t type, if you want to store the netlogond files under the /run directory.
++- Set files with the ipsec_tmp_t type, if you want to store ipsec temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B netlogond_var_socket_t
++.B ipsec_var_run_t
+.EE
+
-+- Set files with the netlogond_var_socket_t type, if you want to treat the files as netlogond var socket data.
++- Set files with the ipsec_var_run_t type, if you want to store the ipsec files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/racoon\.pid, /var/run/pluto(/.*)?, /var/racoon(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32153,26 +37575,113 @@ index 0000000..e698666
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
++.PP
++The following port types are defined for ipsec:
++
++.EX
++.TP 5
++.B ipsecnat_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 4500
++.EE
++udp 4500
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux netlogond policy is very flexible allowing users to setup their netlogond processes in as secure a method as possible.
++SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible.
+.PP
-+The following process types are defined for netlogond:
++The following process types are defined for ipsec:
+
+.EX
-+.B netlogond_t
++.B ipsec_t, ipsec_mgmt_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
++.SH "MANAGED FILES"
++
++The SELinux user type ipsec_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ipsec_key_file_t
++
++ /etc/ipsec\.d(/.*)?
++.br
++ /etc/racoon/certs(/.*)?
++.br
++ /etc/ipsec\.secrets
++.br
++ /etc/racoon/psk\.txt
++.br
++
++.br
++.B ipsec_tmp_t
++
++
++.br
++.B ipsec_var_run_t
++
++ /var/racoon(/.*)?
++.br
++ /var/run/pluto(/.*)?
++.br
++ /var/run/racoon\.pid
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
+can also be used to manipulate default file context mappings.
+.PP
+.B semanage permissive
@@ -32181,43 +37690,59 @@ index 0000000..e698666
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/netutils_selinux.8 b/man/man8/netutils_selinux.8
++selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1)
++, ipsec_mgmt_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/iptables_selinux.8 b/man/man8/iptables_selinux.8
new file mode 100644
-index 0000000..159b943
+index 0000000..cbb0783
--- /dev/null
-+++ b/man/man8/netutils_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "netutils_selinux" "8" "netutils" "dwalsh at redhat.com" "netutils SELinux Policy documentation"
++++ b/man/man8/iptables_selinux.8
+@@ -0,0 +1,250 @@
++.TH "iptables_selinux" "8" "iptables" "dwalsh at redhat.com" "iptables SELinux Policy documentation"
+.SH "NAME"
-+netutils_selinux \- Security Enhanced Linux Policy for the netutils processes
++iptables_selinux \- Security Enhanced Linux Policy for the iptables processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the netutils processes via flexible mandatory access
++Security-Enhanced Linux secures the iptables processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. iptables policy is extremely flexible and has several booleans that allow you to manipulate the policy and run iptables with the tightest access possible.
++
++
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the netutils_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the iptables_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the netutils_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the iptables_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -32226,29 +37751,61 @@ index 0000000..159b943
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux netutils policy is very flexible allowing users to setup their netutils processes in as secure a method as possible.
++SELinux iptables policy is very flexible allowing users to setup their iptables processes in as secure a method as possible.
+.PP
-+The following file types are defined for netutils:
++The following file types are defined for iptables:
+
+
+.EX
+.PP
-+.B netutils_exec_t
++.B iptables_exec_t
+.EE
+
-+- Set files with the netutils_exec_t type, if you want to transition an executable to the netutils_t domain.
++- Set files with the iptables_exec_t type, if you want to transition an executable to the iptables_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/arping, /usr/sbin/arping, /usr/sbin/tcpdump
++/usr/sbin/ipvsadm-restore, /usr/sbin/ipchains.*, /usr/sbin/ip6?tables, /usr/sbin/ip6?tables-restore, /sbin/ebtables-restore, /usr/sbin/xtables-multi, /sbin/ipchains.*, /sbin/ip6?tables, /usr/sbin/ebtables-restore, /usr/sbin/ebtables, /sbin/ipvsadm, /usr/sbin/ipvsadm-save, /sbin/xtables-multi, /sbin/ipvsadm-restore, /sbin/ebtables, /usr/sbin/ip6?tables-multi, /sbin/ip6?tables-multi, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /sbin/ip6?tables-restore
+
+.EX
+.PP
-+.B netutils_tmp_t
++.B iptables_initrc_exec_t
+.EE
+
-+- Set files with the netutils_tmp_t type, if you want to store netutils temporary files in the /tmp directories.
++- Set files with the iptables_initrc_exec_t type, if you want to transition an executable to the iptables_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/ip6?tables
++
++.EX
++.PP
++.B iptables_tmp_t
++.EE
++
++- Set files with the iptables_tmp_t type, if you want to store iptables temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B iptables_unit_file_t
++.EE
++
++- Set files with the iptables_unit_file_t type, if you want to treat the files as iptables unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/proftpd.*, /usr/lib/systemd/system/ip6tables.*, /usr/lib/systemd/system/vsftpd.*, /usr/lib/systemd/system/slapd.*, /usr/lib/systemd/system/ppp.*, /usr/lib/systemd/system/iptables.*
++
++.EX
++.PP
++.B iptables_var_run_t
++.EE
++
++- Set files with the iptables_var_run_t type, if you want to store the iptables files under the /run directory.
+
+
+.PP
@@ -32264,18 +37821,122 @@ index 0000000..159b943
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux netutils policy is very flexible allowing users to setup their netutils processes in as secure a method as possible.
++SELinux iptables policy is very flexible allowing users to setup their iptables processes in as secure a method as possible.
+.PP
-+The following process types are defined for netutils:
++The following process types are defined for iptables:
+
+.EX
-+.B netutils_t
++.B iptables_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type iptables_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B iptables_tmp_t
++
++
++.br
++.B iptables_var_run_t
++
++
++.br
++.B psad_tmp_t
++
++
++.br
++.B psad_var_log_t
++
++ /var/log/psad(/.*)?
++.br
++
++.br
++.B shorewall_var_lib_t
++
++ /var/lib/shorewall(/.*)?
++.br
++ /var/lib/shorewall6(/.*)?
++.br
++ /var/lib/shorewall-lite(/.*)?
++.br
++
++.br
++.B system_conf_t
++
++ /etc/sysctl\.conf(\.old)?
++.br
++ /etc/sysconfig/ip6?tables.*
++.br
++ /etc/sysconfig/ipvsadm.*
++.br
++ /etc/sysconfig/ebtables.*
++.br
++ /etc/sysconfig/system-config-firewall.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -32286,62 +37947,73 @@ index 0000000..159b943
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/newrole_selinux.8 b/man/man8/newrole_selinux.8
++selinux(8), iptables(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/irc_selinux.8 b/man/man8/irc_selinux.8
new file mode 100644
-index 0000000..e87c6b4
+index 0000000..82e800c
--- /dev/null
-+++ b/man/man8/newrole_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "newrole_selinux" "8" "newrole" "dwalsh at redhat.com" "newrole SELinux Policy documentation"
++++ b/man/man8/irc_selinux.8
+@@ -0,0 +1,133 @@
++.TH "irc_selinux" "8" "irc" "dwalsh at redhat.com" "irc SELinux Policy documentation"
+.SH "NAME"
-+newrole_selinux \- Security Enhanced Linux Policy for the newrole processes
++irc_selinux \- Security Enhanced Linux Policy for the irc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the newrole processes via flexible mandatory access
++Security-Enhanced Linux secures the irc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the newrole_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
++.PP
++The following file types are defined for irc:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B irc_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the newrole_t, you must turn on the kerberos_enabled boolean.
++- Set files with the irc_exec_t type, if you want to transition an executable to the irc_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/tinyirc, /usr/bin/[st]irc, /usr/bin/ircII
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B irc_home_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux newrole policy is very flexible allowing users to setup their newrole processes in as secure a method as possible.
-+.PP
-+The following file types are defined for newrole:
++- Set files with the irc_home_t type, if you want to store irc files in the users home directory.
+
+
+.EX
+.PP
-+.B newrole_exec_t
++.B irc_tmp_t
+.EE
+
-+- Set files with the newrole_exec_t type, if you want to transition an executable to the newrole_t domain.
++- Set files with the irc_tmp_t type, if you want to store irc temporary files in the /tmp directories.
+
+
+.PP
@@ -32351,24 +38023,61 @@ index 0000000..e87c6b4
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
++.PP
++The following port types are defined for irc:
++
++.EX
++.TP 5
++.B ircd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 6667
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux newrole policy is very flexible allowing users to setup their newrole processes in as secure a method as possible.
++SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible.
+.PP
-+The following process types are defined for newrole:
++The following process types are defined for irc:
+
+.EX
-+.B newrole_t
++.B irc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type irc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B irc_home_t
++
++ /home/[^/]*/\.ircmotd
++.br
++
++.br
++.B irc_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -32379,192 +38088,152 @@ index 0000000..e87c6b4
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nfsd_selinux.8 b/man/man8/nfsd_selinux.8
++selinux(8), irc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/irqbalance_selinux.8 b/man/man8/irqbalance_selinux.8
new file mode 100644
-index 0000000..2256e23
+index 0000000..6703be5
--- /dev/null
-+++ b/man/man8/nfsd_selinux.8
-@@ -0,0 +1,304 @@
-+.TH "nfsd_selinux" "8" "nfsd" "dwalsh at redhat.com" "nfsd SELinux Policy documentation"
++++ b/man/man8/irqbalance_selinux.8
+@@ -0,0 +1,89 @@
++.TH "irqbalance_selinux" "8" "irqbalance" "dwalsh at redhat.com" "irqbalance SELinux Policy documentation"
+.SH "NAME"
-+nfsd_selinux \- Security Enhanced Linux Policy for the nfsd processes
++irqbalance_selinux \- Security Enhanced Linux Policy for the irqbalance processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nfsd processes via flexible mandatory access
++Security-Enhanced Linux secures the irqbalance processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. nfsd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nfsd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P xen_use_nfs 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_nfs 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux irqbalance policy is very flexible allowing users to setup their irqbalance processes in as secure a method as possible.
++.PP
++The following file types are defined for irqbalance:
+
-+.PP
-+If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
+
+.EX
-+.B setsebool -P git_system_use_nfs 1
-+.EE
-+
+.PP
-+If you want to allow qemu to use nfs file systems, you must turn on the qemu_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P qemu_use_nfs 1
++.B irqbalance_exec_t
+.EE
+
-+.PP
-+If you want to determine whether Git CGI can access nfs file systems, you must turn on the git_cgi_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P git_cgi_use_nfs 1
-+.EE
++- Set files with the irqbalance_exec_t type, if you want to transition an executable to the irqbalance_t domain.
+
-+.PP
-+If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
+
+.EX
-+.B setsebool -P rsync_use_nfs 1
-+.EE
-+
+.PP
-+If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean.
-+
-+.EX
-+.B setsebool -P use_nfs_home_dirs 1
++.B irqbalance_var_run_t
+.EE
+
-+.PP
-+If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
++- Set files with the irqbalance_var_run_t type, if you want to store the irqbalance files under the /run directory.
+
-+.EX
-+.B setsebool -P cobbler_use_nfs 1
-+.EE
+
+.PP
-+If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P httpd_use_nfs 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow sge to access nfs file systems, you must turn on the sge_use_nfs boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux irqbalance policy is very flexible allowing users to setup their irqbalance processes in as secure a method as possible.
++.PP
++The following process types are defined for irqbalance:
+
+.EX
-+.B setsebool -P sge_use_nfs 1
++.B irqbalance_t
+.EE
-+
+.PP
-+If you want to allow any files/directories to be exported read/write via NFS, you must turn on the nfs_export_all_rw boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.B setsebool -P nfs_export_all_rw 1
-+.EE
++.SH "MANAGED FILES"
+
-+.PP
-+If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++The SELinux user type irqbalance_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.B setsebool -P sanlock_use_nfs 1
-+.EE
++.br
++.B irqbalance_var_run_t
+
-+.PP
-+If you want to allow samba to export NFS volumes, you must turn on the samba_share_nfs boolean.
+
-+.EX
-+.B setsebool -P samba_share_nfs 1
-+.EE
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.EX
-+.B setsebool -P ftpd_use_nfs 1
-+.EE
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.PP
-+If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
++.SH "SEE ALSO"
++selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/irssi_selinux.8 b/man/man8/irssi_selinux.8
+new file mode 100644
+index 0000000..ece4f84
+--- /dev/null
++++ b/man/man8/irssi_selinux.8
+@@ -0,0 +1,128 @@
++.TH "irssi_selinux" "8" "irssi" "dwalsh at redhat.com" "irssi SELinux Policy documentation"
++.SH "NAME"
++irssi_selinux \- Security Enhanced Linux Policy for the irssi processes
++.SH "DESCRIPTION"
+
-+.EX
-+.B setsebool -P polipo_use_nfs 1
-+.EE
++Security-Enhanced Linux secures the irssi processes via flexible mandatory access
++control.
+
-+.PP
-+If you want to allow the portage domains to use NFS mounts (regular nfs_t), you must turn on the portage_use_nfs boolean.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. irssi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run irssi with the tightest access possible.
+
-+.EX
-+.B setsebool -P portage_use_nfs 1
-+.EE
+
+.PP
-+If you want to allow any files/directories to be exported read/only via NFS, you must turn on the nfs_export_all_ro boolean.
++If you want to allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port, you must turn on the irssi_use_full_network boolean.
+
+.EX
-+.B setsebool -P nfs_export_all_ro 1
++.B setsebool -P irssi_use_full_network 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nfsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nfsd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the irssi_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow nfsd servers to read the /var/nfsd directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/nfsd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/nfsd
-+.pp
-+.TP
-+Allow nfsd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_nfsdd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/nfsd/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/nfsd/incoming
-+
-+
+.PP
-+If you want to allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the nfsd_anon_write boolean.
++If you want to allow confined applications to run with kerberos for the irssi_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P nfsd_anon_write 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -32573,53 +38242,33 @@ index 0000000..2256e23
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
++SELinux irssi policy is very flexible allowing users to setup their irssi processes in as secure a method as possible.
+.PP
-+The following file types are defined for nfsd:
-+
-+
-+.EX
-+.PP
-+.B nfsd_exec_t
-+.EE
-+
-+- Set files with the nfsd_exec_t type, if you want to transition an executable to the nfsd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.mountd, /usr/sbin/rpc\.nfsd
-+
-+.EX
-+.PP
-+.B nfsd_initrc_exec_t
-+.EE
-+
-+- Set files with the nfsd_initrc_exec_t type, if you want to transition an executable to the nfsd_initrc_t domain.
++The following file types are defined for irssi:
+
+
+.EX
+.PP
-+.B nfsd_ro_t
++.B irssi_etc_t
+.EE
+
-+- Set files with the nfsd_ro_t type, if you want to treat the files as nfsd read/only content.
++- Set files with the irssi_etc_t type, if you want to store irssi files in the /etc directories.
+
+
+.EX
+.PP
-+.B nfsd_rw_t
++.B irssi_exec_t
+.EE
+
-+- Set files with the nfsd_rw_t type, if you want to treat the files as nfsd read/write content.
++- Set files with the irssi_exec_t type, if you want to transition an executable to the irssi_t domain.
+
+
+.EX
+.PP
-+.B nfsd_unit_file_t
++.B irssi_home_t
+.EE
+
-+- Set files with the nfsd_unit_file_t type, if you want to treat the files as nfsd unit content.
++- Set files with the irssi_home_t type, if you want to store irssi files in the users home directory.
+
+
+.PP
@@ -32629,30 +38278,140 @@ index 0000000..2256e23
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
++Policy governs the access confined processes have to files.
++SELinux irssi policy is very flexible allowing users to setup their irssi processes in as secure a method as possible.
+.PP
-+The following port types are defined for nfsd:
++The following process types are defined for irssi:
+
+.EX
-+.TP 5
-+.B nfs_port_t
++.B irssi_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type irssi_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B irssi_home_t
++
++ /home/[^/]*/\.irssi(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), irssi(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/iscsid_selinux.8 b/man/man8/iscsid_selinux.8
+new file mode 100644
+index 0000000..56493a2
+--- /dev/null
++++ b/man/man8/iscsid_selinux.8
+@@ -0,0 +1,151 @@
++.TH "iscsid_selinux" "8" "iscsid" "dwalsh at redhat.com" "iscsid SELinux Policy documentation"
++.SH "NAME"
++iscsid_selinux \- Security Enhanced Linux Policy for the iscsid processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the iscsid processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the iscsid_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the iscsid_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
++.PP
++The following file types are defined for iscsid:
++
++
++.EX
++.PP
++.B iscsid_exec_t
++.EE
++
++- Set files with the iscsid_exec_t type, if you want to transition an executable to the iscsid_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
++.PP
++The following port types are defined for iscsid:
++
++.EX
++.TP 5
++.B iscsi_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 2049,20048-20049
-+.EE
-+udp 2049,20048-20049
++tcp 3260
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -32660,18 +38419,52 @@ index 0000000..2256e23
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
++SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible.
+.PP
-+The following process types are defined for nfsd:
++The following process types are defined for iscsid:
+
+.EX
-+.B nfsd_t
++.B iscsid_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type iscsid_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B iscsi_lock_t
++
++ /var/lock/iscsi(/.*)?
++.br
++
++.br
++.B iscsi_log_t
++
++ /var/log/iscsiuio\.log.*
++.br
++ /var/log/brcm-iscsi\.log.*
++.br
++
++.br
++.B iscsi_tmp_t
++
++
++.br
++.B iscsi_var_run_t
++
++ /var/run/iscsid\.pid
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -32685,33 +38478,30 @@ index 0000000..2256e23
+.B semanage port
+can also be used to manipulate the port definitions
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nfsd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/nginx_selinux.8 b/man/man8/nginx_selinux.8
++selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/iwhd_selinux.8 b/man/man8/iwhd_selinux.8
new file mode 100644
-index 0000000..87983d6
+index 0000000..e6502cf
--- /dev/null
-+++ b/man/man8/nginx_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "nginx_selinux" "8" "nginx" "dwalsh at redhat.com" "nginx SELinux Policy documentation"
++++ b/man/man8/iwhd_selinux.8
+@@ -0,0 +1,127 @@
++.TH "iwhd_selinux" "8" "iwhd" "dwalsh at redhat.com" "iwhd SELinux Policy documentation"
+.SH "NAME"
-+nginx_selinux \- Security Enhanced Linux Policy for the nginx processes
++iwhd_selinux \- Security Enhanced Linux Policy for the iwhd processes
+.SH "DESCRIPTION"
+
++Security-Enhanced Linux secures the iwhd processes via flexible mandatory access
++control.
+
-+
++.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -32719,53 +38509,53 @@ index 0000000..87983d6
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nginx policy is very flexible allowing users to setup their nginx processes in as secure a method as possible.
++SELinux iwhd policy is very flexible allowing users to setup their iwhd processes in as secure a method as possible.
+.PP
-+The following file types are defined for nginx:
++The following file types are defined for iwhd:
+
+
+.EX
+.PP
-+.B nginx_exec_t
++.B iwhd_exec_t
+.EE
+
-+- Set files with the nginx_exec_t type, if you want to transition an executable to the nginx_t domain.
++- Set files with the iwhd_exec_t type, if you want to transition an executable to the iwhd_t domain.
+
+
+.EX
+.PP
-+.B nginx_initrc_exec_t
++.B iwhd_initrc_exec_t
+.EE
+
-+- Set files with the nginx_initrc_exec_t type, if you want to transition an executable to the nginx_initrc_t domain.
++- Set files with the iwhd_initrc_exec_t type, if you want to transition an executable to the iwhd_initrc_t domain.
+
+
+.EX
+.PP
-+.B nginx_log_t
++.B iwhd_log_t
+.EE
+
-+- Set files with the nginx_log_t type, if you want to treat the data as nginx log data, usually stored under the /var/log directory.
++- Set files with the iwhd_log_t type, if you want to treat the data as iwhd log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B nginx_var_lib_t
++.B iwhd_var_lib_t
+.EE
+
-+- Set files with the nginx_var_lib_t type, if you want to store the nginx files under the /var/lib directory.
++- Set files with the iwhd_var_lib_t type, if you want to store the iwhd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B nginx_var_run_t
++.B iwhd_var_run_t
+.EE
+
-+- Set files with the nginx_var_run_t type, if you want to store the nginx files under the /run directory.
++- Set files with the iwhd_var_run_t type, if you want to store the iwhd files under the /run directory.
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32777,18 +38567,40 @@ index 0000000..87983d6
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nginx policy is very flexible allowing users to setup their nginx processes in as secure a method as possible.
++SELinux iwhd policy is very flexible allowing users to setup their iwhd processes in as secure a method as possible.
+.PP
-+The following process types are defined for nginx:
++The following process types are defined for iwhd:
+
+.EX
-+.B nginx_t
++.B iwhd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type iwhd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B iwhd_log_t
++
++ /var/log/iwhd\.log.*
++.br
++
++.br
++.B iwhd_var_lib_t
++
++ /var/lib/iwhd(/.*)?
++.br
++
++.br
++.B iwhd_var_run_t
++
++ /var/run/iwhd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -32804,39 +38616,120 @@ index 0000000..87983d6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nginx(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nmbd_selinux.8 b/man/man8/nmbd_selinux.8
++selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/jabberd_router_selinux.8 b/man/man8/jabberd_router_selinux.8
new file mode 100644
-index 0000000..7fbdb85
+index 0000000..40033fc
--- /dev/null
-+++ b/man/man8/nmbd_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "nmbd_selinux" "8" "nmbd" "dwalsh at redhat.com" "nmbd SELinux Policy documentation"
++++ b/man/man8/jabberd_router_selinux.8
+@@ -0,0 +1,88 @@
++.TH "jabberd_router_selinux" "8" "jabberd_router" "dwalsh at redhat.com" "jabberd_router SELinux Policy documentation"
+.SH "NAME"
-+nmbd_selinux \- Security Enhanced Linux Policy for the nmbd processes
++jabberd_router_selinux \- Security Enhanced Linux Policy for the jabberd_router processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nmbd processes via flexible mandatory access
++Security-Enhanced Linux secures the jabberd_router processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nmbd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux jabberd_router policy is very flexible allowing users to setup their jabberd_router processes in as secure a method as possible.
++.PP
++The following file types are defined for jabberd_router:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B jabberd_router_exec_t
+.EE
+
++- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/c2s, /usr/bin/router
++
+.PP
-+If you want to allow confined applications to run with kerberos for the nmbd_t, you must turn on the kerberos_enabled boolean.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux jabberd_router policy is very flexible allowing users to setup their jabberd_router processes in as secure a method as possible.
++.PP
++The following process types are defined for jabberd_router:
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B jabberd_router_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type jabberd_router_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B jabberd_var_lib_t
++
++ /var/lib/jabberd(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), jabberd_router(8), semanage(8), restorecon(8), chcon(1)
++, jabberd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/jabberd_selinux.8 b/man/man8/jabberd_selinux.8
+new file mode 100644
+index 0000000..c9ed7c3
+--- /dev/null
++++ b/man/man8/jabberd_selinux.8
+@@ -0,0 +1,164 @@
++.TH "jabberd_selinux" "8" "jabberd" "dwalsh at redhat.com" "jabberd SELinux Policy documentation"
++.SH "NAME"
++jabberd_selinux \- Security Enhanced Linux Policy for the jabberd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the jabberd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -32844,30 +38737,50 @@ index 0000000..7fbdb85
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
++SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
+.PP
-+The following file types are defined for nmbd:
++The following file types are defined for jabberd:
+
+
+.EX
+.PP
-+.B nmbd_exec_t
++.B jabberd_exec_t
+.EE
+
-+- Set files with the nmbd_exec_t type, if you want to transition an executable to the nmbd_t domain.
++- Set files with the jabberd_exec_t type, if you want to transition an executable to the jabberd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/s2s, /usr/bin/sm
+
+.EX
+.PP
-+.B nmbd_var_run_t
++.B jabberd_initrc_exec_t
+.EE
+
-+- Set files with the nmbd_var_run_t type, if you want to store the nmbd files under the /run directory.
++- Set files with the jabberd_initrc_exec_t type, if you want to transition an executable to the jabberd_initrc_t domain.
++
++
++.EX
++.PP
++.B jabberd_router_exec_t
++.EE
++
++- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/samba/nmbd(/.*)?, /var/run/samba/messages\.tdb, /var/run/samba/namelist\.debug, /var/run/nmbd(/.*)?, /var/run/samba/unexpected\.tdb, /var/run/samba/nmbd\.pid
++/usr/bin/c2s, /usr/bin/router
++
++.EX
++.PP
++.B jabberd_var_lib_t
++.EE
++
++- Set files with the jabberd_var_lib_t type, if you want to store the jabberd files under the /var/lib directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32885,19 +38798,41 @@ index 0000000..7fbdb85
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
++SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
+.PP
-+The following port types are defined for nmbd:
++The following port types are defined for jabberd:
+
+.EX
+.TP 5
-+.B nmbd_port_t
++.B jabber_client_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+udp 137,138
++tcp 5222,5223
++.EE
++
++.EX
++.TP 5
++.B jabber_interserver_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5269
++.EE
++
++.EX
++.TP 5
++.B jabber_router_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5347
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -32905,18 +38840,28 @@ index 0000000..7fbdb85
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
++SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible.
+.PP
-+The following process types are defined for nmbd:
++The following process types are defined for jabberd:
+
+.EX
-+.B nmbd_t
++.B jabberd_router_t, jabberd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type jabberd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B jabberd_var_lib_t
++
++ /var/lib/jabberd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -32935,353 +38880,393 @@ index 0000000..7fbdb85
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nova_selinux.8 b/man/man8/nova_selinux.8
++selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1)
++, jabberd_router_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/jockey_selinux.8 b/man/man8/jockey_selinux.8
new file mode 100644
-index 0000000..d7c5ff3
+index 0000000..e0f51b4
--- /dev/null
-+++ b/man/man8/nova_selinux.8
-@@ -0,0 +1,383 @@
-+.TH "nova_selinux" "8" "nova" "dwalsh at redhat.com" "nova SELinux Policy documentation"
++++ b/man/man8/jockey_selinux.8
+@@ -0,0 +1,111 @@
++.TH "jockey_selinux" "8" "jockey" "dwalsh at redhat.com" "jockey SELinux Policy documentation"
+.SH "NAME"
-+nova_selinux \- Security Enhanced Linux Policy for the nova processes
++jockey_selinux \- Security Enhanced Linux Policy for the jockey processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nova processes via flexible mandatory access
++Security-Enhanced Linux secures the jockey processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nova_console_t, nova_cert_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nova_console_t, nova_cert_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nova policy is very flexible allowing users to setup their nova processes in as secure a method as possible.
++SELinux jockey policy is very flexible allowing users to setup their jockey processes in as secure a method as possible.
+.PP
-+The following file types are defined for nova:
-+
-+
-+.EX
-+.PP
-+.B nova_ajax_exec_t
-+.EE
-+
-+- Set files with the nova_ajax_exec_t type, if you want to transition an executable to the nova_ajax_t domain.
++The following file types are defined for jockey:
+
+
+.EX
+.PP
-+.B nova_ajax_tmp_t
++.B jockey_cache_t
+.EE
+
-+- Set files with the nova_ajax_tmp_t type, if you want to store nova ajax temporary files in the /tmp directories.
++- Set files with the jockey_cache_t type, if you want to store the files under the /var/cache directory.
+
+
+.EX
+.PP
-+.B nova_ajax_unit_file_t
++.B jockey_exec_t
+.EE
+
-+- Set files with the nova_ajax_unit_file_t type, if you want to treat the files as nova ajax unit content.
++- Set files with the jockey_exec_t type, if you want to transition an executable to the jockey_t domain.
+
+
+.EX
+.PP
-+.B nova_api_exec_t
++.B jockey_var_log_t
+.EE
+
-+- Set files with the nova_api_exec_t type, if you want to transition an executable to the nova_api_t domain.
++- Set files with the jockey_var_log_t type, if you want to treat the data as jockey var log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/nova-api, /usr//bin/nova-api-metadata
++/var/log/jockey\.log.*, /var/log/jockey(/.*)?
+
-+.EX
+.PP
-+.B nova_api_tmp_t
-+.EE
-+
-+- Set files with the nova_api_tmp_t type, if you want to store nova api temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux jockey policy is very flexible allowing users to setup their jockey processes in as secure a method as possible.
++.PP
++The following process types are defined for jockey:
+
+.EX
-+.PP
-+.B nova_api_unit_file_t
++.B jockey_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the nova_api_unit_file_t type, if you want to treat the files as nova api unit content.
++.SH "MANAGED FILES"
++
++The SELinux user type jockey_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/openstack-nova-metadata-api.service.*, /usr/lib/systemd/system/openstack-nova-api.*
++.B jockey_cache_t
+
-+.EX
-+.PP
-+.B nova_cert_exec_t
-+.EE
++ /var/cache/jockey(/.*)?
++.br
+
-+- Set files with the nova_cert_exec_t type, if you want to transition an executable to the nova_cert_t domain.
++.br
++.B jockey_var_log_t
+
++ /var/log/jockey(/.*)?
++.br
++ /var/log/jockey\.log.*
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B nova_cert_tmp_t
-+.EE
-+
-+- Set files with the nova_cert_tmp_t type, if you want to store nova cert temporary files in the /tmp directories.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B nova_cert_unit_file_t
-+.EE
-+
-+- Set files with the nova_cert_unit_file_t type, if you want to treat the files as nova cert unit content.
-+
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B nova_compute_exec_t
-+.EE
-+
-+- Set files with the nova_compute_exec_t type, if you want to transition an executable to the nova_compute_t domain.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B nova_compute_tmp_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), jockey(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/kadmind_selinux.8 b/man/man8/kadmind_selinux.8
+new file mode 100644
+index 0000000..fac618c
+--- /dev/null
++++ b/man/man8/kadmind_selinux.8
+@@ -0,0 +1,143 @@
++.TH "kadmind_selinux" "8" "kadmind" "dwalsh at redhat.com" "kadmind SELinux Policy documentation"
++.SH "NAME"
++kadmind_selinux \- Security Enhanced Linux Policy for the kadmind processes
++.SH "DESCRIPTION"
+
-+- Set files with the nova_compute_tmp_t type, if you want to store nova compute temporary files in the /tmp directories.
++Security-Enhanced Linux secures the kadmind processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B nova_compute_unit_file_t
-+.EE
-+
-+- Set files with the nova_compute_unit_file_t type, if you want to treat the files as nova compute unit content.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux kadmind policy is very flexible allowing users to setup their kadmind processes in as secure a method as possible.
++.PP
++The following file types are defined for kadmind:
+
+
+.EX
+.PP
-+.B nova_console_exec_t
++.B kadmind_exec_t
+.EE
+
-+- Set files with the nova_console_exec_t type, if you want to transition an executable to the nova_console_t domain.
++- Set files with the kadmind_exec_t type, if you want to transition an executable to the kadmind_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/(kerberos/)?sbin/kadmind, /usr/kerberos/sbin/kadmin\.local
+
+.EX
+.PP
-+.B nova_console_tmp_t
++.B kadmind_log_t
+.EE
+
-+- Set files with the nova_console_tmp_t type, if you want to store nova console temporary files in the /tmp directories.
++- Set files with the kadmind_log_t type, if you want to treat the data as kadmind log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B nova_console_unit_file_t
++.B kadmind_tmp_t
+.EE
+
-+- Set files with the nova_console_unit_file_t type, if you want to treat the files as nova console unit content.
++- Set files with the kadmind_tmp_t type, if you want to store kadmind temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B nova_direct_exec_t
++.B kadmind_var_run_t
+.EE
+
-+- Set files with the nova_direct_exec_t type, if you want to transition an executable to the nova_direct_t domain.
++- Set files with the kadmind_var_run_t type, if you want to store the kadmind files under the /run directory.
+
+
-+.EX
+.PP
-+.B nova_direct_tmp_t
-+.EE
-+
-+- Set files with the nova_direct_tmp_t type, if you want to store nova direct temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux kadmind policy is very flexible allowing users to setup their kadmind processes in as secure a method as possible.
++.PP
++The following process types are defined for kadmind:
+
+.EX
-+.PP
-+.B nova_direct_unit_file_t
++.B kadmind_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the nova_direct_unit_file_t type, if you want to treat the files as nova direct unit content.
++.SH "MANAGED FILES"
+
++The SELinux user type kadmind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B nova_log_t
-+.EE
++.br
++.B kadmind_log_t
+
-+- Set files with the nova_log_t type, if you want to treat the data as nova log data, usually stored under the /var/log directory.
++ /var/log/kadmin(d)?\.log.*
++.br
+
++.br
++.B kadmind_tmp_t
+
-+.EX
-+.PP
-+.B nova_network_exec_t
-+.EE
+
-+- Set files with the nova_network_exec_t type, if you want to transition an executable to the nova_network_t domain.
++.br
++.B kadmind_var_run_t
+
+
-+.EX
-+.PP
-+.B nova_network_tmp_t
-+.EE
++.br
++.B krb5kdc_lock_t
+
-+- Set files with the nova_network_tmp_t type, if you want to store nova network temporary files in the /tmp directories.
++ /var/kerberos/krb5kdc/principal.*\.ok
++.br
++ /var/kerberos/krb5kdc/from_master.*
++.br
+
++.br
++.B krb5kdc_principal_t
+
-+.EX
-+.PP
-+.B nova_network_unit_file_t
-+.EE
++ /etc/krb5kdc/principal.*
++.br
++ /usr/var/krb5kdc/principal.*
++.br
++ /var/kerberos/krb5kdc/principal.*
++.br
+
-+- Set files with the nova_network_unit_file_t type, if you want to treat the files as nova network unit content.
++.br
++.B security_t
+
++ /selinux
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B nova_objectstore_exec_t
-+.EE
-+
-+- Set files with the nova_objectstore_exec_t type, if you want to transition an executable to the nova_objectstore_t domain.
-+
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B nova_objectstore_tmp_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the nova_objectstore_tmp_t type, if you want to store nova objectstore temporary files in the /tmp directories.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/kdump_selinux.8 b/man/man8/kdump_selinux.8
+new file mode 100644
+index 0000000..dba8cdf
+--- /dev/null
++++ b/man/man8/kdump_selinux.8
+@@ -0,0 +1,160 @@
++.TH "kdump_selinux" "8" "kdump" "dwalsh at redhat.com" "kdump SELinux Policy documentation"
++.SH "NAME"
++kdump_selinux \- Security Enhanced Linux Policy for the kdump processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B nova_objectstore_unit_file_t
-+.EE
++Security-Enhanced Linux secures the kdump processes via flexible mandatory access
++control.
+
-+- Set files with the nova_objectstore_unit_file_t type, if you want to treat the files as nova objectstore unit content.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kdumpgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B nova_scheduler_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the nova_scheduler_exec_t type, if you want to transition an executable to the nova_scheduler_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the kdumpgui_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B nova_scheduler_tmp_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the nova_scheduler_tmp_t type, if you want to store nova scheduler temporary files in the /tmp directories.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux kdump policy is very flexible allowing users to setup their kdump processes in as secure a method as possible.
++.PP
++The following file types are defined for kdump:
+
+
+.EX
+.PP
-+.B nova_scheduler_unit_file_t
++.B kdump_etc_t
+.EE
+
-+- Set files with the nova_scheduler_unit_file_t type, if you want to treat the files as nova scheduler unit content.
++- Set files with the kdump_etc_t type, if you want to store kdump files in the /etc directories.
+
+
+.EX
+.PP
-+.B nova_var_lib_t
++.B kdump_exec_t
+.EE
+
-+- Set files with the nova_var_lib_t type, if you want to store the nova files under the /var/lib directory.
++- Set files with the kdump_exec_t type, if you want to transition an executable to the kdump_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/kdump, /usr/sbin/kexec, /sbin/kdump, /sbin/kexec
+
+.EX
+.PP
-+.B nova_var_run_t
++.B kdump_initrc_exec_t
+.EE
+
-+- Set files with the nova_var_run_t type, if you want to store the nova files under the /run directory.
++- Set files with the kdump_initrc_exec_t type, if you want to transition an executable to the kdump_initrc_t domain.
+
+
+.EX
+.PP
-+.B nova_vncproxy_exec_t
++.B kdump_unit_file_t
+.EE
+
-+- Set files with the nova_vncproxy_exec_t type, if you want to transition an executable to the nova_vncproxy_t domain.
++- Set files with the kdump_unit_file_t type, if you want to treat the files as kdump unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nova-vncproxy, /usr/bin/nova-xvpvncproxy
+
+.EX
+.PP
-+.B nova_vncproxy_tmp_t
++.B kdumpctl_exec_t
+.EE
+
-+- Set files with the nova_vncproxy_tmp_t type, if you want to store nova vncproxy temporary files in the /tmp directories.
++- Set files with the kdumpctl_exec_t type, if you want to transition an executable to the kdumpctl_t domain.
+
+
+.EX
+.PP
-+.B nova_vncproxy_unit_file_t
++.B kdumpctl_tmp_t
+.EE
+
-+- Set files with the nova_vncproxy_unit_file_t type, if you want to treat the files as nova vncproxy unit content.
++- Set files with the kdumpctl_tmp_t type, if you want to store kdumpctl temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/openstack-nova-xvpvncproxy.*, /usr/lib/systemd/system/openstack-nova-vncproxy.*
+
+.EX
+.PP
-+.B nova_volume_exec_t
++.B kdumpctl_unit_file_t
+.EE
+
-+- Set files with the nova_volume_exec_t type, if you want to transition an executable to the nova_volume_t domain.
++- Set files with the kdumpctl_unit_file_t type, if you want to treat the files as kdumpctl unit content.
+
+
+.EX
+.PP
-+.B nova_volume_tmp_t
++.B kdumpgui_exec_t
+.EE
+
-+- Set files with the nova_volume_tmp_t type, if you want to store nova volume temporary files in the /tmp directories.
++- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain.
+
+
+.EX
+.PP
-+.B nova_volume_unit_file_t
++.B kdumpgui_tmp_t
+.EE
+
-+- Set files with the nova_volume_unit_file_t type, if you want to treat the files as nova volume unit content.
++- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories.
+
+
+.PP
@@ -33297,18 +39282,22 @@ index 0000000..d7c5ff3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nova policy is very flexible allowing users to setup their nova processes in as secure a method as possible.
++SELinux kdump policy is very flexible allowing users to setup their kdump processes in as secure a method as possible.
+.PP
-+The following process types are defined for nova:
++The following process types are defined for kdump:
+
+.EX
-+.B nova_api_t, nova_compute_t, nova_console_t, nova_network_t, nova_objectstore_t, nova_vncproxy_t, nova_volume_t, nova_scheduler_t, nova_ajax_t, nova_cert_t, nova_direct_t
++.B kdumpgui_t, kdumpctl_t, kdump_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type kdump_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -33324,73 +39313,61 @@ index 0000000..d7c5ff3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nova(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nrpe_selinux.8 b/man/man8/nrpe_selinux.8
++selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1)
++, kdumpctl_selinux(8), kdumpgui_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/kdumpctl_selinux.8 b/man/man8/kdumpctl_selinux.8
new file mode 100644
-index 0000000..6a0a8ea
+index 0000000..ac471d6
--- /dev/null
-+++ b/man/man8/nrpe_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "nrpe_selinux" "8" "nrpe" "dwalsh at redhat.com" "nrpe SELinux Policy documentation"
++++ b/man/man8/kdumpctl_selinux.8
+@@ -0,0 +1,118 @@
++.TH "kdumpctl_selinux" "8" "kdumpctl" "dwalsh at redhat.com" "kdumpctl SELinux Policy documentation"
+.SH "NAME"
-+nrpe_selinux \- Security Enhanced Linux Policy for the nrpe processes
++kdumpctl_selinux \- Security Enhanced Linux Policy for the kdumpctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nrpe processes via flexible mandatory access
++Security-Enhanced Linux secures the kdumpctl processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nrpe_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nrpe_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nrpe policy is very flexible allowing users to setup their nrpe processes in as secure a method as possible.
++SELinux kdumpctl policy is very flexible allowing users to setup their kdumpctl processes in as secure a method as possible.
+.PP
-+The following file types are defined for nrpe:
++The following file types are defined for kdumpctl:
+
+
+.EX
+.PP
-+.B nrpe_etc_t
++.B kdumpctl_exec_t
+.EE
+
-+- Set files with the nrpe_etc_t type, if you want to store nrpe files in the /etc directories.
++- Set files with the kdumpctl_exec_t type, if you want to transition an executable to the kdumpctl_t domain.
+
+
+.EX
+.PP
-+.B nrpe_exec_t
++.B kdumpctl_tmp_t
+.EE
+
-+- Set files with the nrpe_exec_t type, if you want to transition an executable to the nrpe_t domain.
++- Set files with the kdumpctl_tmp_t type, if you want to store kdumpctl temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B nrpe_var_run_t
++.B kdumpctl_unit_file_t
+.EE
+
-+- Set files with the nrpe_var_run_t type, if you want to store the nrpe files under the /run directory.
++- Set files with the kdumpctl_unit_file_t type, if you want to treat the files as kdumpctl unit content.
+
+
+.PP
@@ -33406,18 +39383,46 @@ index 0000000..6a0a8ea
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nrpe policy is very flexible allowing users to setup their nrpe processes in as secure a method as possible.
++SELinux kdumpctl policy is very flexible allowing users to setup their kdumpctl processes in as secure a method as possible.
+.PP
-+The following process types are defined for nrpe:
++The following process types are defined for kdumpctl:
+
+.EX
-+.B nrpe_t
++.B kdumpctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type kdumpctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boot_t
++
++ /boot/.*
++.br
++ /vmlinuz.*
++.br
++ /initrd\.img.*
++.br
++ /boot
++.br
++
++.br
++.B kdumpctl_tmp_t
++
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -33433,49 +39438,40 @@ index 0000000..6a0a8ea
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nscd_selinux.8 b/man/man8/nscd_selinux.8
++selinux(8), kdumpctl(8), semanage(8), restorecon(8), chcon(1)
++, kdump_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/kdumpgui_selinux.8 b/man/man8/kdumpgui_selinux.8
new file mode 100644
-index 0000000..0501d6c
+index 0000000..9a15e78
--- /dev/null
-+++ b/man/man8/nscd_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "nscd_selinux" "8" "nscd" "dwalsh at redhat.com" "nscd SELinux Policy documentation"
++++ b/man/man8/kdumpgui_selinux.8
+@@ -0,0 +1,184 @@
++.TH "kdumpgui_selinux" "8" "kdumpgui" "dwalsh at redhat.com" "kdumpgui SELinux Policy documentation"
+.SH "NAME"
-+nscd_selinux \- Security Enhanced Linux Policy for the nscd processes
++kdumpgui_selinux \- Security Enhanced Linux Policy for the kdumpgui processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nscd processes via flexible mandatory access
++Security-Enhanced Linux secures the kdumpgui processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. nscd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nscd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean.
-+
-+.EX
-+.B setsebool -P nscd_use_shm 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nscd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kdumpgui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the nscd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the kdumpgui_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -33484,54 +39480,26 @@ index 0000000..0501d6c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nscd policy is very flexible allowing users to setup their nscd processes in as secure a method as possible.
++SELinux kdumpgui policy is very flexible allowing users to setup their kdumpgui processes in as secure a method as possible.
+.PP
-+The following file types are defined for nscd:
-+
-+
-+.EX
-+.PP
-+.B nscd_exec_t
-+.EE
-+
-+- Set files with the nscd_exec_t type, if you want to transition an executable to the nscd_t domain.
-+
-+
-+.EX
-+.PP
-+.B nscd_initrc_exec_t
-+.EE
-+
-+- Set files with the nscd_initrc_exec_t type, if you want to transition an executable to the nscd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B nscd_log_t
-+.EE
-+
-+- Set files with the nscd_log_t type, if you want to treat the data as nscd log data, usually stored under the /var/log directory.
++The following file types are defined for kdumpgui:
+
+
+.EX
+.PP
-+.B nscd_unit_file_t
++.B kdumpgui_exec_t
+.EE
+
-+- Set files with the nscd_unit_file_t type, if you want to treat the files as nscd unit content.
++- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain.
+
+
+.EX
+.PP
-+.B nscd_var_run_t
++.B kdumpgui_tmp_t
+.EE
+
-+- Set files with the nscd_var_run_t type, if you want to store the nscd files under the /run directory.
++- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nscd\.pid, /var/run/nscd(/.*)?, /var/db/nscd(/.*)?, /var/run/\.nscd_socket, /var/cache/nscd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33546,18 +39514,106 @@ index 0000000..0501d6c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nscd policy is very flexible allowing users to setup their nscd processes in as secure a method as possible.
++SELinux kdumpgui policy is very flexible allowing users to setup their kdumpgui processes in as secure a method as possible.
+.PP
-+The following process types are defined for nscd:
++The following process types are defined for kdumpgui:
+
+.EX
-+.B nscd_t
++.B kdumpgui_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type kdumpgui_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boot_t
++
++ /boot/.*
++.br
++ /vmlinuz.*
++.br
++ /initrd\.img.*
++.br
++ /boot
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B kdump_etc_t
++
++ /etc/kdump\.conf
++.br
++
++.br
++.B kdumpgui_tmp_t
++
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -33568,91 +39624,84 @@ index 0000000..0501d6c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nscd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1)
++, kdump_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/nslcd_selinux.8 b/man/man8/nslcd_selinux.8
+diff --git a/man/man8/kerberos_selinux.8 b/man/man8/kerberos_selinux.8
+deleted file mode 100644
+index a8f81c8..0000000
+--- a/man/man8/kerberos_selinux.8
++++ /dev/null
+@@ -1,28 +0,0 @@
+-.TH "kerberos_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "kerberos Selinux Policy documentation"
+-.de EX
+-.nf
+-.ft CW
+-..
+-.de EE
+-.ft R
+-.fi
+-..
+-.SH "NAME"
+-kerberos_selinux \- Security Enhanced Linux Policy for Kerberos.
+-.SH "DESCRIPTION"
+-
+-Security-Enhanced Linux secures the system via flexible mandatory access
+-control. SELinux policy can be configured to deny Kerberos access to confined applications, since it requires daemons to be allowed greater access to certain secure files and additional access to the network.
+-.SH BOOLEANS
+-.PP
+-You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
+-.EX
+-setsebool -P allow_kerberos 1
+-.EE
+-.PP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+-
+-.SH "SEE ALSO"
+-selinux(8), kerberos(1), chcon(1), setsebool(8)
+diff --git a/man/man8/keyboardd_selinux.8 b/man/man8/keyboardd_selinux.8
new file mode 100644
-index 0000000..1188ea0
+index 0000000..1667438
--- /dev/null
-+++ b/man/man8/nslcd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "nslcd_selinux" "8" "nslcd" "dwalsh at redhat.com" "nslcd SELinux Policy documentation"
++++ b/man/man8/keyboardd_selinux.8
+@@ -0,0 +1,131 @@
++.TH "keyboardd_selinux" "8" "keyboardd" "dwalsh at redhat.com" "keyboardd SELinux Policy documentation"
+.SH "NAME"
-+nslcd_selinux \- Security Enhanced Linux Policy for the nslcd processes
++keyboardd_selinux \- Security Enhanced Linux Policy for the keyboardd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nslcd processes via flexible mandatory access
++Security-Enhanced Linux secures the keyboardd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nslcd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nslcd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nslcd policy is very flexible allowing users to setup their nslcd processes in as secure a method as possible.
++SELinux keyboardd policy is very flexible allowing users to setup their keyboardd processes in as secure a method as possible.
+.PP
-+The following file types are defined for nslcd:
-+
-+
-+.EX
-+.PP
-+.B nslcd_conf_t
-+.EE
-+
-+- Set files with the nslcd_conf_t type, if you want to treat the files as nslcd configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
-+.PP
-+.B nslcd_exec_t
-+.EE
-+
-+- Set files with the nslcd_exec_t type, if you want to transition an executable to the nslcd_t domain.
-+
-+
-+.EX
-+.PP
-+.B nslcd_initrc_exec_t
-+.EE
-+
-+- Set files with the nslcd_initrc_exec_t type, if you want to transition an executable to the nslcd_initrc_t domain.
++The following file types are defined for keyboardd:
+
+
+.EX
+.PP
-+.B nslcd_var_run_t
++.B keyboardd_exec_t
+.EE
+
-+- Set files with the nslcd_var_run_t type, if you want to store the nslcd files under the /run directory.
++- Set files with the keyboardd_exec_t type, if you want to transition an executable to the keyboardd_t domain.
+
+
+.PP
@@ -33668,18 +39717,76 @@ index 0000000..1188ea0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nslcd policy is very flexible allowing users to setup their nslcd processes in as secure a method as possible.
++SELinux keyboardd policy is very flexible allowing users to setup their keyboardd processes in as secure a method as possible.
+.PP
-+The following process types are defined for nslcd:
++The following process types are defined for keyboardd:
+
+.EX
-+.B nslcd_t
++.B keyboardd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type keyboardd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -33695,38 +39802,38 @@ index 0000000..1188ea0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ntop_selinux.8 b/man/man8/ntop_selinux.8
++selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/keystone_selinux.8 b/man/man8/keystone_selinux.8
new file mode 100644
-index 0000000..52c56b8
+index 0000000..e40e6a6
--- /dev/null
-+++ b/man/man8/ntop_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "ntop_selinux" "8" "ntop" "dwalsh at redhat.com" "ntop SELinux Policy documentation"
++++ b/man/man8/keystone_selinux.8
+@@ -0,0 +1,227 @@
++.TH "keystone_selinux" "8" "keystone" "dwalsh at redhat.com" "keystone SELinux Policy documentation"
+.SH "NAME"
-+ntop_selinux \- Security Enhanced Linux Policy for the ntop processes
++keystone_selinux \- Security Enhanced Linux Policy for the keystone processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ntop processes via flexible mandatory access
++Security-Enhanced Linux secures the keystone processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ntop_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the keystone_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ntop_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the keystone_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -33735,57 +39842,49 @@ index 0000000..52c56b8
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
++SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
+.PP
-+The following file types are defined for ntop:
++The following file types are defined for keystone:
+
+
+.EX
+.PP
-+.B ntop_etc_t
++.B keystone_exec_t
+.EE
+
-+- Set files with the ntop_etc_t type, if you want to store ntop files in the /etc directories.
++- Set files with the keystone_exec_t type, if you want to transition an executable to the keystone_t domain.
+
+
+.EX
+.PP
-+.B ntop_exec_t
++.B keystone_log_t
+.EE
+
-+- Set files with the ntop_exec_t type, if you want to transition an executable to the ntop_t domain.
++- Set files with the keystone_log_t type, if you want to treat the data as keystone log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B ntop_initrc_exec_t
++.B keystone_tmp_t
+.EE
+
-+- Set files with the ntop_initrc_exec_t type, if you want to transition an executable to the ntop_initrc_t domain.
++- Set files with the keystone_tmp_t type, if you want to store keystone temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ntop_tmp_t
++.B keystone_unit_file_t
+.EE
+
-+- Set files with the ntop_tmp_t type, if you want to store ntop temporary files in the /tmp directories.
++- Set files with the keystone_unit_file_t type, if you want to treat the files as keystone unit content.
+
+
+.EX
+.PP
-+.B ntop_var_lib_t
++.B keystone_var_lib_t
+.EE
+
-+- Set files with the ntop_var_lib_t type, if you want to store the ntop files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B ntop_var_run_t
-+.EE
-+
-+- Set files with the ntop_var_run_t type, if you want to store the ntop files under the /run directory.
++- Set files with the keystone_var_lib_t type, if you want to store the keystone files under the /var/lib directory.
+
+
+.PP
@@ -33804,21 +39903,21 @@ index 0000000..52c56b8
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
++SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
+.PP
-+The following port types are defined for ntop:
++The following port types are defined for keystone:
+
+.EX
+.TP 5
-+.B ntop_port_t
++.B keystone_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 3000-3001
++tcp 5000
+.EE
-+udp 3000-3001
++udp 5000
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -33826,18 +39925,98 @@ index 0000000..52c56b8
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
++SELinux keystone policy is very flexible allowing users to setup their keystone processes in as secure a method as possible.
+.PP
-+The following process types are defined for ntop:
++The following process types are defined for keystone:
+
+.EX
-+.B ntop_t
++.B keystone_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type keystone_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B keystone_log_t
++
++ /var/log/keystone(/.*)?
++.br
++
++.br
++.B keystone_tmp_t
++
++
++.br
++.B keystone_var_lib_t
++
++ /var/lib/keystone(/.*)?
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -33856,38 +40035,38 @@ index 0000000..52c56b8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ntpd_selinux.8 b/man/man8/ntpd_selinux.8
++selinux(8), keystone(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/kismet_selinux.8 b/man/man8/kismet_selinux.8
new file mode 100644
-index 0000000..3a52789
+index 0000000..e5cf4c8
--- /dev/null
-+++ b/man/man8/ntpd_selinux.8
-@@ -0,0 +1,189 @@
-+.TH "ntpd_selinux" "8" "ntpd" "dwalsh at redhat.com" "ntpd SELinux Policy documentation"
++++ b/man/man8/kismet_selinux.8
+@@ -0,0 +1,171 @@
++.TH "kismet_selinux" "8" "kismet" "dwalsh at redhat.com" "kismet SELinux Policy documentation"
+.SH "NAME"
-+ntpd_selinux \- Security Enhanced Linux Policy for the ntpd processes
++kismet_selinux \- Security Enhanced Linux Policy for the kismet processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ntpd processes via flexible mandatory access
++Security-Enhanced Linux secures the kismet processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ntpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the kismet_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ntpd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the kismet_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -33896,93 +40075,65 @@ index 0000000..3a52789
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
++SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible.
+.PP
-+The following file types are defined for ntpd:
-+
-+
-+.EX
-+.PP
-+.B ntpd_exec_t
-+.EE
-+
-+- Set files with the ntpd_exec_t type, if you want to transition an executable to the ntpd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ntpd, /etc/cron\.(daily|weekly)/ntp-server, /etc/cron\.(daily|weekly)/ntp-simple
-+
-+.EX
-+.PP
-+.B ntpd_initrc_exec_t
-+.EE
-+
-+- Set files with the ntpd_initrc_exec_t type, if you want to transition an executable to the ntpd_initrc_t domain.
++The following file types are defined for kismet:
+
+
+.EX
+.PP
-+.B ntpd_key_t
++.B kismet_exec_t
+.EE
+
-+- Set files with the ntpd_key_t type, if you want to treat the files as ntpd key data.
++- Set files with the kismet_exec_t type, if you want to transition an executable to the kismet_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ntp/crypto(/.*)?, /etc/ntp/keys
+
+.EX
+.PP
-+.B ntpd_log_t
++.B kismet_home_t
+.EE
+
-+- Set files with the ntpd_log_t type, if you want to treat the data as ntpd log data, usually stored under the /var/log directory.
++- Set files with the kismet_home_t type, if you want to store kismet files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/ntpstats(/.*)?, /var/log/xntpd.*, /var/log/ntp.*
+
+.EX
+.PP
-+.B ntpd_tmp_t
++.B kismet_log_t
+.EE
+
-+- Set files with the ntpd_tmp_t type, if you want to store ntpd temporary files in the /tmp directories.
++- Set files with the kismet_log_t type, if you want to treat the data as kismet log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B ntpd_tmpfs_t
++.B kismet_tmp_t
+.EE
+
-+- Set files with the ntpd_tmpfs_t type, if you want to store ntpd files on a tmpfs file system.
++- Set files with the kismet_tmp_t type, if you want to store kismet temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ntpd_unit_file_t
++.B kismet_tmpfs_t
+.EE
+
-+- Set files with the ntpd_unit_file_t type, if you want to treat the files as ntpd unit content.
++- Set files with the kismet_tmpfs_t type, if you want to store kismet files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B ntpd_var_run_t
++.B kismet_var_lib_t
+.EE
+
-+- Set files with the ntpd_var_run_t type, if you want to store the ntpd files under the /run directory.
++- Set files with the kismet_var_lib_t type, if you want to store the kismet files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B ntpdate_exec_t
++.B kismet_var_run_t
+.EE
+
-+- Set files with the ntpdate_exec_t type, if you want to transition an executable to the ntpdate_t domain.
++- Set files with the kismet_var_run_t type, if you want to store the kismet files under the /run directory.
+
+
+.PP
@@ -33992,47 +40143,60 @@ index 0000000..3a52789
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ntpd:
-+
-+.EX
-+.TP 5
-+.B ntp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 123
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
++SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible.
+.PP
-+The following process types are defined for ntpd:
++The following process types are defined for kismet:
+
+.EX
-+.B ntpd_t
++.B kismet_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type kismet_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B kismet_home_t
++
++ /home/[^/]*/\.kismet(/.*)?
++.br
++
++.br
++.B kismet_log_t
++
++ /var/log/kismet(/.*)?
++.br
++
++.br
++.B kismet_tmp_t
++
++
++.br
++.B kismet_tmpfs_t
++
++
++.br
++.B kismet_var_lib_t
++
++ /var/lib/kismet(/.*)?
++.br
++
++.br
++.B kismet_var_run_t
++
++ /var/run/kismet_server.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34043,30 +40207,27 @@ index 0000000..3a52789
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/numad_selinux.8 b/man/man8/numad_selinux.8
++selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/klogd_selinux.8 b/man/man8/klogd_selinux.8
new file mode 100644
-index 0000000..05c319a
+index 0000000..25b7851
--- /dev/null
-+++ b/man/man8/numad_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "numad_selinux" "8" "numad" "dwalsh at redhat.com" "numad SELinux Policy documentation"
++++ b/man/man8/klogd_selinux.8
+@@ -0,0 +1,107 @@
++.TH "klogd_selinux" "8" "klogd" "dwalsh at redhat.com" "klogd SELinux Policy documentation"
+.SH "NAME"
-+numad_selinux \- Security Enhanced Linux Policy for the numad processes
++klogd_selinux \- Security Enhanced Linux Policy for the klogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the numad processes via flexible mandatory access
++Security-Enhanced Linux secures the klogd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -34077,41 +40238,37 @@ index 0000000..05c319a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux numad policy is very flexible allowing users to setup their numad processes in as secure a method as possible.
++SELinux klogd policy is very flexible allowing users to setup their klogd processes in as secure a method as possible.
+.PP
-+The following file types are defined for numad:
-+
-+
-+.EX
-+.PP
-+.B numad_exec_t
-+.EE
-+
-+- Set files with the numad_exec_t type, if you want to transition an executable to the numad_t domain.
++The following file types are defined for klogd:
+
+
+.EX
+.PP
-+.B numad_unit_file_t
++.B klogd_exec_t
+.EE
+
-+- Set files with the numad_unit_file_t type, if you want to treat the files as numad unit content.
++- Set files with the klogd_exec_t type, if you want to transition an executable to the klogd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/rklogd, /usr/sbin/klogd, /sbin/klogd, /sbin/rklogd
+
+.EX
+.PP
-+.B numad_var_log_t
++.B klogd_tmp_t
+.EE
+
-+- Set files with the numad_var_log_t type, if you want to treat the data as numad var log data, usually stored under the /var/log directory.
++- Set files with the klogd_tmp_t type, if you want to store klogd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B numad_var_run_t
++.B klogd_var_run_t
+.EE
+
-+- Set files with the numad_var_run_t type, if you want to store the numad files under the /run directory.
++- Set files with the klogd_var_run_t type, if you want to store the klogd files under the /run directory.
+
+
+.PP
@@ -34127,18 +40284,32 @@ index 0000000..05c319a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux numad policy is very flexible allowing users to setup their numad processes in as secure a method as possible.
++SELinux klogd policy is very flexible allowing users to setup their klogd processes in as secure a method as possible.
+.PP
-+The following process types are defined for numad:
++The following process types are defined for klogd:
+
+.EX
-+.B numad_t
++.B klogd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type klogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B klogd_tmp_t
++
++
++.br
++.B klogd_var_run_t
++
++ /var/run/klogd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34154,120 +40325,147 @@ index 0000000..05c319a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), numad(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nut_selinux.8 b/man/man8/nut_selinux.8
++selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/kpropd_selinux.8 b/man/man8/kpropd_selinux.8
new file mode 100644
-index 0000000..742a692
+index 0000000..849c106
--- /dev/null
-+++ b/man/man8/nut_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "nut_selinux" "8" "nut" "dwalsh at redhat.com" "nut SELinux Policy documentation"
++++ b/man/man8/kpropd_selinux.8
+@@ -0,0 +1,153 @@
++.TH "kpropd_selinux" "8" "kpropd" "dwalsh at redhat.com" "kpropd SELinux Policy documentation"
+.SH "NAME"
-+nut_selinux \- Security Enhanced Linux Policy for the nut processes
++kpropd_selinux \- Security Enhanced Linux Policy for the kpropd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nut processes via flexible mandatory access
++Security-Enhanced Linux secures the kpropd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nut_upsmon_t, nut_upsdrvctl_t, nut_upsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nut_upsmon_t, nut_upsdrvctl_t, nut_upsd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nut policy is very flexible allowing users to setup their nut processes in as secure a method as possible.
++SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
+.PP
-+The following file types are defined for nut:
++The following file types are defined for kpropd:
+
+
+.EX
+.PP
-+.B nut_conf_t
++.B kpropd_exec_t
+.EE
+
-+- Set files with the nut_conf_t type, if you want to treat the files as nut configuration data, usually stored under the /etc directory.
++- Set files with the kpropd_exec_t type, if you want to transition an executable to the kpropd_t domain.
+
+
-+.EX
+.PP
-+.B nut_upsd_exec_t
-+.EE
-+
-+- Set files with the nut_upsd_exec_t type, if you want to transition an executable to the nut_upsd_t domain.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B nut_upsdrvctl_exec_t
-+.EE
-+
-+- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain.
++You can see the types associated with a port by using the following command:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/upsdrvctl, /sbin/upsdrvctl
++.B semanage port -l
+
-+.EX
+.PP
-+.B nut_upsmon_exec_t
-+.EE
-+
-+- Set files with the nut_upsmon_exec_t type, if you want to transition an executable to the nut_upsmon_t domain.
-+
++Policy governs the access confined processes have to these ports.
++SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
++.PP
++The following port types are defined for kpropd:
+
+.EX
-+.PP
-+.B nut_var_run_t
++.TP 5
++.B kprop_port_t
++.TP 10
+.EE
+
-+- Set files with the nut_var_run_t type, if you want to store the nut files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
++Default Defined Ports:
++tcp 754
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nut policy is very flexible allowing users to setup their nut processes in as secure a method as possible.
++SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible.
+.PP
-+The following process types are defined for nut:
++The following process types are defined for kpropd:
+
+.EX
-+.B nut_upsd_t, nut_upsmon_t, nut_upsdrvctl_t
++.B kpropd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type kpropd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B krb5kdc_lock_t
++
++ /var/kerberos/krb5kdc/principal.*\.ok
++.br
++ /var/kerberos/krb5kdc/from_master.*
++.br
++
++.br
++.B krb5kdc_principal_t
++
++ /etc/krb5kdc/principal.*
++.br
++ /usr/var/krb5kdc/principal.*
++.br
++ /var/kerberos/krb5kdc/principal.*
++.br
++
++.br
++.B krb5kdc_tmp_t
++
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34278,106 +40476,111 @@ index 0000000..742a692
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), nut(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nx_selinux.8 b/man/man8/nx_selinux.8
++selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/krb5kdc_selinux.8 b/man/man8/krb5kdc_selinux.8
new file mode 100644
-index 0000000..7383682
+index 0000000..499dd15
--- /dev/null
-+++ b/man/man8/nx_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "nx_selinux" "8" "nx" "dwalsh at redhat.com" "nx SELinux Policy documentation"
++++ b/man/man8/krb5kdc_selinux.8
+@@ -0,0 +1,175 @@
++.TH "krb5kdc_selinux" "8" "krb5kdc" "dwalsh at redhat.com" "krb5kdc SELinux Policy documentation"
+.SH "NAME"
-+nx_selinux \- Security Enhanced Linux Policy for the nx processes
++krb5kdc_selinux \- Security Enhanced Linux Policy for the krb5kdc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nx processes via flexible mandatory access
++Security-Enhanced Linux secures the krb5kdc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nx_server_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the nx_server_ssh_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux nx policy is very flexible allowing users to setup their nx processes in as secure a method as possible.
++SELinux krb5kdc policy is very flexible allowing users to setup their krb5kdc processes in as secure a method as possible.
+.PP
-+The following file types are defined for nx:
++The following file types are defined for krb5kdc:
+
+
+.EX
+.PP
-+.B nx_server_exec_t
++.B krb5kdc_conf_t
+.EE
+
-+- Set files with the nx_server_exec_t type, if you want to transition an executable to the nx_server_t domain.
++- Set files with the krb5kdc_conf_t type, if you want to treat the files as krb5kdc configuration data, usually stored under the /etc directory.
+
+.br
+.TP 5
+Paths:
-+/opt/NX/bin/nxserver, /usr/NX/bin/nxserver, /usr/libexec/nx/nxserver
++/usr/var/krb5kdc(/.*)?, /var/kerberos/krb5kdc(/.*)?, /etc/krb5kdc(/.*)?
++
++.EX
++.PP
++.B krb5kdc_exec_t
++.EE
++
++- Set files with the krb5kdc_exec_t type, if you want to transition an executable to the krb5kdc_t domain.
++
+
+.EX
+.PP
-+.B nx_server_home_ssh_t
++.B krb5kdc_lock_t
+.EE
+
-+- Set files with the nx_server_home_ssh_t type, if you want to treat the files as nx server home ssh data.
++- Set files with the krb5kdc_lock_t type, if you want to treat the files as krb5kdc lock data, stored under the /var/lock directory
+
+.br
+.TP 5
+Paths:
-+/opt/NX/home/nx/\.ssh(/.*)?, /usr/NX/home/nx/\.ssh(/.*)?, /var/lib/nxserver/home/.ssh(/.*)?
++/var/kerberos/krb5kdc/principal.*\.ok, /var/kerberos/krb5kdc/from_master.*
+
+.EX
+.PP
-+.B nx_server_tmp_t
++.B krb5kdc_log_t
+.EE
+
-+- Set files with the nx_server_tmp_t type, if you want to store nx server temporary files in the /tmp directories.
++- Set files with the krb5kdc_log_t type, if you want to treat the data as krb5kdc log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B nx_server_var_lib_t
++.B krb5kdc_principal_t
+.EE
+
-+- Set files with the nx_server_var_lib_t type, if you want to store the nx server files under the /var/lib directory.
++- Set files with the krb5kdc_principal_t type, if you want to treat the files as krb5kdc principal data.
+
+.br
+.TP 5
+Paths:
-+/opt/NX/home(/.*)?, /usr/NX/home(/.*)?, /var/lib/nxserver(/.*)?
++/etc/krb5kdc/principal.*, /var/kerberos/krb5kdc/principal.*, /usr/var/krb5kdc/principal.*
++
++.EX
++.PP
++.B krb5kdc_tmp_t
++.EE
++
++- Set files with the krb5kdc_tmp_t type, if you want to store krb5kdc temporary files in the /tmp directories.
++
+
+.EX
+.PP
-+.B nx_server_var_run_t
++.B krb5kdc_var_run_t
+.EE
+
-+- Set files with the nx_server_var_run_t type, if you want to store the nx server files under the /run directory.
++- Set files with the krb5kdc_var_run_t type, if you want to store the krb5kdc files under the /run directory.
+
+
+.PP
@@ -34393,132 +40596,150 @@ index 0000000..7383682
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux nx policy is very flexible allowing users to setup their nx processes in as secure a method as possible.
++SELinux krb5kdc policy is very flexible allowing users to setup their krb5kdc processes in as secure a method as possible.
+.PP
-+The following process types are defined for nx:
++The following process types are defined for krb5kdc:
+
+.EX
-+.B nx_server_t, nx_server_ssh_t
++.B krb5kdc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), nx(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/nx_server_selinux.8 b/man/man8/nx_server_selinux.8
-new file mode 100644
-index 0000000..2746ea3
---- /dev/null
-+++ b/man/man8/nx_server_selinux.8
-@@ -0,0 +1,56 @@
-+.TH "nx_server_selinux" "8" "nx_server" "mgrepl at redhat.com" "nx_server SELinux Policy documentation"
-+.SH "NAME"
-+nx_server_r \- \fBnx_server user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
-+
-+Note: The examples in the man page will user the staff_u user.
++.SH "MANAGED FILES"
+
-+Non login roles are usually used for administrative tasks.
++The SELinux user type krb5kdc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+Roles usually have default types assigned to them.
++.br
++.B krb5kdc_lock_t
+
-+The default type for the nx_server_r role is nx_server_t.
++ /var/kerberos/krb5kdc/principal.*\.ok
++.br
++ /var/kerberos/krb5kdc/from_master.*
++.br
+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
++.br
++.B krb5kdc_log_t
+
-+.B newrole -r nx_server_r -t nx_server_t
++ /var/log/krb5kdc\.log.*
++.br
+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
++.br
++.B krb5kdc_principal_t
+
-+USERNAME ALL=(ALL) ROLE=nx_server_r TYPE=nx_server_t COMMAND
++ /etc/krb5kdc/principal.*
++.br
++ /usr/var/krb5kdc/principal.*
++.br
++ /var/kerberos/krb5kdc/principal.*
+.br
-+sudo will run COMMAND as staff_u:nx_server_r:nx_server_t:LEVEL
+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++.br
++.B krb5kdc_tmp_t
+
-+You can see all of the assigned SELinux roles using the following
+
-+.B semanage user -l
++.br
++.B krb5kdc_var_run_t
+
-+If you wanted to add nx_server_r to the staff_u user, you would execute:
+
-+.B $ semanage user -m -R 'staff_r nx_server_r' staff_u
++.br
++.B security_t
+
++ /selinux
++.br
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
-+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/obex_selinux.8 b/man/man8/obex_selinux.8
++selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ksmtuned_selinux.8 b/man/man8/ksmtuned_selinux.8
new file mode 100644
-index 0000000..b43de4f
+index 0000000..1afda4b
--- /dev/null
-+++ b/man/man8/obex_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "obex_selinux" "8" "obex" "dwalsh at redhat.com" "obex SELinux Policy documentation"
++++ b/man/man8/ksmtuned_selinux.8
+@@ -0,0 +1,133 @@
++.TH "ksmtuned_selinux" "8" "ksmtuned" "dwalsh at redhat.com" "ksmtuned SELinux Policy documentation"
+.SH "NAME"
-+obex_selinux \- Security Enhanced Linux Policy for the obex processes
++ksmtuned_selinux \- Security Enhanced Linux Policy for the ksmtuned processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the obex processes via flexible mandatory access
++Security-Enhanced Linux secures the ksmtuned processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ksmtuned_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ksmtuned_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux obex policy is very flexible allowing users to setup their obex processes in as secure a method as possible.
++SELinux ksmtuned policy is very flexible allowing users to setup their ksmtuned processes in as secure a method as possible.
+.PP
-+The following file types are defined for obex:
++The following file types are defined for ksmtuned:
+
+
+.EX
+.PP
-+.B obex_exec_t
++.B ksmtuned_exec_t
+.EE
+
-+- Set files with the obex_exec_t type, if you want to transition an executable to the obex_t domain.
++- Set files with the ksmtuned_exec_t type, if you want to transition an executable to the ksmtuned_t domain.
++
++
++.EX
++.PP
++.B ksmtuned_initrc_exec_t
++.EE
++
++- Set files with the ksmtuned_initrc_exec_t type, if you want to transition an executable to the ksmtuned_initrc_t domain.
++
++
++.EX
++.PP
++.B ksmtuned_log_t
++.EE
++
++- Set files with the ksmtuned_log_t type, if you want to treat the data as ksmtuned log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B ksmtuned_var_run_t
++.EE
++
++- Set files with the ksmtuned_var_run_t type, if you want to store the ksmtuned files under the /run directory.
+
+
+.PP
@@ -34534,18 +40755,40 @@ index 0000000..b43de4f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux obex policy is very flexible allowing users to setup their obex processes in as secure a method as possible.
++SELinux ksmtuned policy is very flexible allowing users to setup their ksmtuned processes in as secure a method as possible.
+.PP
-+The following process types are defined for obex:
++The following process types are defined for ksmtuned:
+
+.EX
-+.B obex_t
++.B ksmtuned_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ksmtuned_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ksmtuned_log_t
++
++ /var/log/ksmtuned.*
++.br
++
++.br
++.B ksmtuned_var_run_t
++
++ /var/run/ksmtune\.pid
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34561,49 +40804,38 @@ index 0000000..b43de4f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), obex(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/oddjob_selinux.8 b/man/man8/oddjob_selinux.8
++selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ktalkd_selinux.8 b/man/man8/ktalkd_selinux.8
new file mode 100644
-index 0000000..5697e76
+index 0000000..e310f3a
--- /dev/null
-+++ b/man/man8/oddjob_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "oddjob_selinux" "8" "oddjob" "dwalsh at redhat.com" "oddjob SELinux Policy documentation"
++++ b/man/man8/ktalkd_selinux.8
+@@ -0,0 +1,159 @@
++.TH "ktalkd_selinux" "8" "ktalkd" "dwalsh at redhat.com" "ktalkd SELinux Policy documentation"
+.SH "NAME"
-+oddjob_selinux \- Security Enhanced Linux Policy for the oddjob processes
++ktalkd_selinux \- Security Enhanced Linux Policy for the ktalkd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the oddjob processes via flexible mandatory access
++Security-Enhanced Linux secures the ktalkd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. oddjob policy is extremely flexible and has several booleans that allow you to manipulate the policy and run oddjob with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
-+
-+.EX
-+.B setsebool -P httpd_use_oddjob 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the oddjob_mkhomedir_t, oddjob_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ktalkd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the oddjob_mkhomedir_t, oddjob_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the ktalkd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -34612,37 +40844,45 @@ index 0000000..5697e76
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux oddjob policy is very flexible allowing users to setup their oddjob processes in as secure a method as possible.
++SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
+.PP
-+The following file types are defined for oddjob:
++The following file types are defined for ktalkd:
+
+
+.EX
+.PP
-+.B oddjob_exec_t
++.B ktalkd_exec_t
+.EE
+
-+- Set files with the oddjob_exec_t type, if you want to transition an executable to the oddjob_t domain.
++- Set files with the ktalkd_exec_t type, if you want to transition an executable to the ktalkd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/in\.talkd, /usr/bin/ktalkd, /usr/sbin/in\.ntalkd
+
+.EX
+.PP
-+.B oddjob_mkhomedir_exec_t
++.B ktalkd_log_t
+.EE
+
-+- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain.
++- Set files with the ktalkd_log_t type, if you want to treat the data as ktalkd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
+
+.EX
+.PP
-+.B oddjob_var_run_t
++.B ktalkd_tmp_t
+.EE
+
-+- Set files with the oddjob_var_run_t type, if you want to store the oddjob files under the /run directory.
++- Set files with the ktalkd_tmp_t type, if you want to store ktalkd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B ktalkd_var_run_t
++.EE
++
++- Set files with the ktalkd_var_run_t type, if you want to store the ktalkd files under the /run directory.
+
+
+.PP
@@ -34652,120 +40892,65 @@ index 0000000..5697e76
+.B restorecon
+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux oddjob policy is very flexible allowing users to setup their oddjob processes in as secure a method as possible.
-+.PP
-+The following process types are defined for oddjob:
-+
-+.EX
-+.B oddjob_mkhomedir_t, oddjob_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/openct_selinux.8 b/man/man8/openct_selinux.8
-new file mode 100644
-index 0000000..c9e9507
---- /dev/null
-+++ b/man/man8/openct_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "openct_selinux" "8" "openct" "dwalsh at redhat.com" "openct SELinux Policy documentation"
-+.SH "NAME"
-+openct_selinux \- Security Enhanced Linux Policy for the openct processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the openct processes via flexible mandatory access
-+control.
++You can see the types associated with a port by using the following command:
+
-+.SH NSSWITCH DOMAIN
++.B semanage port -l
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux openct policy is very flexible allowing users to setup their openct processes in as secure a method as possible.
++Policy governs the access confined processes have to these ports.
++SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
+.PP
-+The following file types are defined for openct:
-+
++The following port types are defined for ktalkd:
+
+.EX
-+.PP
-+.B openct_exec_t
-+.EE
-+
-+- Set files with the openct_exec_t type, if you want to transition an executable to the openct_t domain.
-+
-+.br
+.TP 5
-+Paths:
-+/usr/sbin/ifdhandler, /usr/sbin/openct-control
-+
-+.EX
-+.PP
-+.B openct_var_run_t
++.B ktalkd_port_t
++.TP 10
+.EE
+
-+- Set files with the openct_var_run_t type, if you want to store the openct files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
++Default Defined Ports:
++udp 517,518
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux openct policy is very flexible allowing users to setup their openct processes in as secure a method as possible.
++SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible.
+.PP
-+The following process types are defined for openct:
++The following process types are defined for ktalkd:
+
+.EX
-+.B openct_t
++.B ktalkd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ktalkd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ktalkd_log_t
++
++ /var/log/talkd.*
++.br
++
++.br
++.B ktalkd_tmp_t
++
++
++.br
++.B ktalkd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34776,126 +40961,88 @@ index 0000000..c9e9507
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), openct(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/openvpn_selinux.8 b/man/man8/openvpn_selinux.8
++selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/l2tpd_selinux.8 b/man/man8/l2tpd_selinux.8
new file mode 100644
-index 0000000..f6b1589
+index 0000000..83b5e43
--- /dev/null
-+++ b/man/man8/openvpn_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "openvpn_selinux" "8" "openvpn" "dwalsh at redhat.com" "openvpn SELinux Policy documentation"
++++ b/man/man8/l2tpd_selinux.8
+@@ -0,0 +1,157 @@
++.TH "l2tpd_selinux" "8" "l2tpd" "dwalsh at redhat.com" "l2tpd SELinux Policy documentation"
+.SH "NAME"
-+openvpn_selinux \- Security Enhanced Linux Policy for the openvpn processes
++l2tpd_selinux \- Security Enhanced Linux Policy for the l2tpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the openvpn processes via flexible mandatory access
++Security-Enhanced Linux secures the l2tpd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. openvpn policy is extremely flexible and has several booleans that allow you to manipulate the policy and run openvpn with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow openvpn to read home directories, you must turn on the openvpn_enable_homedirs boolean.
-+
-+.EX
-+.B setsebool -P openvpn_enable_homedirs 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the openvpn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the openvpn_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
++SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for openvpn:
-+
-+
-+.EX
-+.PP
-+.B openvpn_etc_rw_t
-+.EE
-+
-+- Set files with the openvpn_etc_rw_t type, if you want to treat the files as openvpn etc read/write content.
-+
-+
-+.EX
-+.PP
-+.B openvpn_etc_t
-+.EE
-+
-+- Set files with the openvpn_etc_t type, if you want to store openvpn files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B openvpn_exec_t
-+.EE
-+
-+- Set files with the openvpn_exec_t type, if you want to transition an executable to the openvpn_t domain.
++The following file types are defined for l2tpd:
+
+
+.EX
+.PP
-+.B openvpn_initrc_exec_t
++.B l2tpd_exec_t
+.EE
+
-+- Set files with the openvpn_initrc_exec_t type, if you want to transition an executable to the openvpn_initrc_t domain.
++- Set files with the l2tpd_exec_t type, if you want to transition an executable to the l2tpd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/xl2tpd, /usr/sbin/prol2tpd, /usr/sbin/openl2tpd
+
+.EX
+.PP
-+.B openvpn_tmp_t
++.B l2tpd_initrc_exec_t
+.EE
+
-+- Set files with the openvpn_tmp_t type, if you want to store openvpn temporary files in the /tmp directories.
++- Set files with the l2tpd_initrc_exec_t type, if you want to transition an executable to the l2tpd_initrc_t domain.
+
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/xl2tpd, /etc/rc\.d/init\.d/prol2tpd, /etc/rc\.d/init\.d/openl2tpd
+
+.EX
+.PP
-+.B openvpn_var_log_t
++.B l2tpd_tmp_t
+.EE
+
-+- Set files with the openvpn_var_log_t type, if you want to treat the data as openvpn var log data, usually stored under the /var/log directory.
++- Set files with the l2tpd_tmp_t type, if you want to store l2tpd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B openvpn_var_run_t
++.B l2tpd_var_run_t
+.EE
+
-+- Set files with the openvpn_var_run_t type, if you want to store the openvpn files under the /run directory.
++- Set files with the l2tpd_var_run_t type, if you want to store the l2tpd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/openvpn(/.*)?, /var/run/openvpn\.client.*
++/var/run/prol2tpd(/.*)?, /var/run/prol2tpd\.pid, /var/run/prol2tpd\.ctl, /var/run/xl2tpd\.pid, /var/run/openl2tpd\.pid, /var/run/xl2tpd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -34913,21 +41060,21 @@ index 0000000..f6b1589
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
++SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
+.PP
-+The following port types are defined for openvpn:
++The following port types are defined for l2tpd:
+
+.EX
+.TP 5
-+.B openvpn_port_t
++.B l2tp_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 1194
++tcp 1701
+.EE
-+udp 1194
++udp 1701
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -34935,18 +41082,38 @@ index 0000000..f6b1589
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
++SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for openvpn:
++The following process types are defined for l2tpd:
+
+.EX
-+.B openvpn_t
++.B l2tpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type l2tpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B l2tpd_var_run_t
++
++ /var/run/xl2tpd(/.*)?
++.br
++ /var/run/prol2tpd(/.*)?
++.br
++ /var/run/xl2tpd\.pid
++.br
++ /var/run/prol2tpd\.ctl
++.br
++ /var/run/prol2tpd\.pid
++.br
++ /var/run/openl2tpd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -34960,103 +41127,68 @@ index 0000000..f6b1589
+.B semanage port
+can also be used to manipulate the port definitions
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), openvpn(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/pacemaker_selinux.8 b/man/man8/pacemaker_selinux.8
++selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ldconfig_selinux.8 b/man/man8/ldconfig_selinux.8
new file mode 100644
-index 0000000..3dee1f7
+index 0000000..d61c4ba
--- /dev/null
-+++ b/man/man8/pacemaker_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "pacemaker_selinux" "8" "pacemaker" "dwalsh at redhat.com" "pacemaker SELinux Policy documentation"
++++ b/man/man8/ldconfig_selinux.8
+@@ -0,0 +1,139 @@
++.TH "ldconfig_selinux" "8" "ldconfig" "dwalsh at redhat.com" "ldconfig SELinux Policy documentation"
+.SH "NAME"
-+pacemaker_selinux \- Security Enhanced Linux Policy for the pacemaker processes
++ldconfig_selinux \- Security Enhanced Linux Policy for the ldconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pacemaker processes via flexible mandatory access
++Security-Enhanced Linux secures the ldconfig processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pacemaker_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the pacemaker_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pacemaker policy is very flexible allowing users to setup their pacemaker processes in as secure a method as possible.
++SELinux ldconfig policy is very flexible allowing users to setup their ldconfig processes in as secure a method as possible.
+.PP
-+The following file types are defined for pacemaker:
-+
-+
-+.EX
-+.PP
-+.B pacemaker_exec_t
-+.EE
-+
-+- Set files with the pacemaker_exec_t type, if you want to transition an executable to the pacemaker_t domain.
-+
-+
-+.EX
-+.PP
-+.B pacemaker_initrc_exec_t
-+.EE
-+
-+- Set files with the pacemaker_initrc_exec_t type, if you want to transition an executable to the pacemaker_initrc_t domain.
++The following file types are defined for ldconfig:
+
+
+.EX
+.PP
-+.B pacemaker_unit_file_t
++.B ldconfig_cache_t
+.EE
+
-+- Set files with the pacemaker_unit_file_t type, if you want to treat the files as pacemaker unit content.
++- Set files with the ldconfig_cache_t type, if you want to store the files under the /var/cache directory.
+
+
+.EX
+.PP
-+.B pacemaker_var_lib_t
++.B ldconfig_exec_t
+.EE
+
-+- Set files with the pacemaker_var_lib_t type, if you want to store the pacemaker files under the /var/lib directory.
++- Set files with the ldconfig_exec_t type, if you want to transition an executable to the ldconfig_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/pengine(/.*)?, /var/lib/heartbeat/crm(/.*)?
++/usr/sbin/ldconfig, /sbin/ldconfig
+
+.EX
+.PP
-+.B pacemaker_var_run_t
++.B ldconfig_tmp_t
+.EE
+
-+- Set files with the pacemaker_var_run_t type, if you want to store the pacemaker files under the /run directory.
++- Set files with the ldconfig_tmp_t type, if you want to store ldconfig temporary files in the /tmp directories.
+
+
+.PP
@@ -35072,18 +41204,64 @@ index 0000000..3dee1f7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pacemaker policy is very flexible allowing users to setup their pacemaker processes in as secure a method as possible.
++SELinux ldconfig policy is very flexible allowing users to setup their ldconfig processes in as secure a method as possible.
+.PP
-+The following process types are defined for pacemaker:
++The following process types are defined for ldconfig:
+
+.EX
-+.B pacemaker_t
++.B ldconfig_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ldconfig_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B kdumpctl_tmp_t
++
++
++.br
++.B ld_so_cache_t
++
++ /etc/ld\.so\.cache
++.br
++ /etc/ld\.so\.cache~
++.br
++ /etc/ld\.so\.preload
++.br
++ /etc/ld\.so\.preload~
++.br
++
++.br
++.B ldconfig_cache_t
++
++ /var/cache/ldconfig(/.*)?
++.br
++
++.br
++.B ldconfig_tmp_t
++
++
++.br
++.B rpm_script_tmp_t
++
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35099,22 +41277,22 @@ index 0000000..3dee1f7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pacemaker(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pads_selinux.8 b/man/man8/pads_selinux.8
++selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lircd_selinux.8 b/man/man8/lircd_selinux.8
new file mode 100644
-index 0000000..9bdc166
+index 0000000..00aa871
--- /dev/null
-+++ b/man/man8/pads_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "pads_selinux" "8" "pads" "dwalsh at redhat.com" "pads SELinux Policy documentation"
++++ b/man/man8/lircd_selinux.8
+@@ -0,0 +1,155 @@
++.TH "lircd_selinux" "8" "lircd" "dwalsh at redhat.com" "lircd SELinux Policy documentation"
+.SH "NAME"
-+pads_selinux \- Security Enhanced Linux Policy for the pads processes
++lircd_selinux \- Security Enhanced Linux Policy for the lircd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pads processes via flexible mandatory access
++Security-Enhanced Linux secures the lircd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -35125,46 +41303,50 @@ index 0000000..9bdc166
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pads policy is very flexible allowing users to setup their pads processes in as secure a method as possible.
++SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
+.PP
-+The following file types are defined for pads:
++The following file types are defined for lircd:
+
+
+.EX
+.PP
-+.B pads_config_t
++.B lircd_etc_t
+.EE
+
-+- Set files with the pads_config_t type, if you want to treat the files as pads configuration data, usually stored under the /etc directory.
++- Set files with the lircd_etc_t type, if you want to store lircd files in the /etc directories.
+
+.br
+.TP 5
+Paths:
-+/etc/pads-assets.csv, /etc/pads-ether-codes, /etc/pads\.conf, /etc/pads-signature-list
++/etc/lircd\.conf, /etc/lirc(/.*)?
+
+.EX
+.PP
-+.B pads_exec_t
++.B lircd_exec_t
+.EE
+
-+- Set files with the pads_exec_t type, if you want to transition an executable to the pads_t domain.
++- Set files with the lircd_exec_t type, if you want to transition an executable to the lircd_t domain.
+
+
+.EX
+.PP
-+.B pads_initrc_exec_t
++.B lircd_initrc_exec_t
+.EE
+
-+- Set files with the pads_initrc_exec_t type, if you want to transition an executable to the pads_initrc_t domain.
++- Set files with the lircd_initrc_exec_t type, if you want to transition an executable to the lircd_initrc_t domain.
+
+
+.EX
+.PP
-+.B pads_var_run_t
++.B lircd_var_run_t
+.EE
+
-+- Set files with the pads_var_run_t type, if you want to store the pads files under the /run directory.
++- Set files with the lircd_var_run_t type, if you want to store the lircd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/lirc(/.*)?, /var/run/lircd(/.*)?, /var/run/lircd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -35173,130 +41355,134 @@ index 0000000..9bdc166
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
++.PP
++The following port types are defined for lircd:
++
++.EX
++.TP 5
++.B lirc_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 8765
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pads policy is very flexible allowing users to setup their pads processes in as secure a method as possible.
++SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible.
+.PP
-+The following process types are defined for pads:
++The following process types are defined for lircd:
+
+.EX
-+.B pads_t
++.B lircd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
++.SH "MANAGED FILES"
++
++The SELinux user type lircd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lircd_var_run_t
++
++ /var/run/lirc(/.*)?
++.br
++ /var/run/lircd(/.*)?
++.br
++ /var/run/lircd\.pid
++.br
++
++.br
++.B var_lock_t
++
++ /var/lock(/.*)?
++.br
++ /run/lock(/.*)?
++.br
++ /var/lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pads(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/passenger_selinux.8 b/man/man8/passenger_selinux.8
++selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/livecd_selinux.8 b/man/man8/livecd_selinux.8
new file mode 100644
-index 0000000..c98960e
+index 0000000..d813f25
--- /dev/null
-+++ b/man/man8/passenger_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "passenger_selinux" "8" "passenger" "dwalsh at redhat.com" "passenger SELinux Policy documentation"
++++ b/man/man8/livecd_selinux.8
+@@ -0,0 +1,91 @@
++.TH "livecd_selinux" "8" "livecd" "dwalsh at redhat.com" "livecd SELinux Policy documentation"
+.SH "NAME"
-+passenger_selinux \- Security Enhanced Linux Policy for the passenger processes
++livecd_selinux \- Security Enhanced Linux Policy for the livecd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the passenger processes via flexible mandatory access
++Security-Enhanced Linux secures the livecd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the passenger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the passenger_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux passenger policy is very flexible allowing users to setup their passenger processes in as secure a method as possible.
++SELinux livecd policy is very flexible allowing users to setup their livecd processes in as secure a method as possible.
+.PP
-+The following file types are defined for passenger:
-+
-+
-+.EX
-+.PP
-+.B passenger_exec_t
-+.EE
-+
-+- Set files with the passenger_exec_t type, if you want to transition an executable to the passenger_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/ruby/gems/.*/passenger-.*/agents/PassengerLoggingAgent, /usr/lib/ruby/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent, /usr/lib/ruby/gems/.*/passenger-.*/agents/PassengerWatchdog, /usr/lib/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable
-+
-+.EX
-+.PP
-+.B passenger_log_t
-+.EE
-+
-+- Set files with the passenger_log_t type, if you want to treat the data as passenger log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/passenger.*, /var/log/passenger(/.*)?
-+
-+.EX
-+.PP
-+.B passenger_tmp_t
-+.EE
-+
-+- Set files with the passenger_tmp_t type, if you want to store passenger temporary files in the /tmp directories.
++The following file types are defined for livecd:
+
+
+.EX
+.PP
-+.B passenger_var_lib_t
++.B livecd_exec_t
+.EE
+
-+- Set files with the passenger_var_lib_t type, if you want to store the passenger files under the /var/lib directory.
++- Set files with the livecd_exec_t type, if you want to transition an executable to the livecd_t domain.
+
+
+.EX
+.PP
-+.B passenger_var_run_t
++.B livecd_tmp_t
+.EE
+
-+- Set files with the passenger_var_run_t type, if you want to store the passenger files under the /run directory.
++- Set files with the livecd_tmp_t type, if you want to store livecd temporary files in the /tmp directories.
+
+
+.PP
@@ -35312,18 +41498,28 @@ index 0000000..c98960e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux passenger policy is very flexible allowing users to setup their passenger processes in as secure a method as possible.
++SELinux livecd policy is very flexible allowing users to setup their livecd processes in as secure a method as possible.
+.PP
-+The following process types are defined for passenger:
++The following process types are defined for livecd:
+
+.EX
-+.B passenger_t
++.B livecd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type livecd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B file_type
++
++ all files on the system
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35339,74 +41535,76 @@ index 0000000..c98960e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/passwd_selinux.8 b/man/man8/passwd_selinux.8
++selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lldpad_selinux.8 b/man/man8/lldpad_selinux.8
new file mode 100644
-index 0000000..1b99b6f
+index 0000000..e910d81
--- /dev/null
-+++ b/man/man8/passwd_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "passwd_selinux" "8" "passwd" "dwalsh at redhat.com" "passwd SELinux Policy documentation"
++++ b/man/man8/lldpad_selinux.8
+@@ -0,0 +1,125 @@
++.TH "lldpad_selinux" "8" "lldpad" "dwalsh at redhat.com" "lldpad SELinux Policy documentation"
+.SH "NAME"
-+passwd_selinux \- Security Enhanced Linux Policy for the passwd processes
++lldpad_selinux \- Security Enhanced Linux Policy for the lldpad processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the passwd processes via flexible mandatory access
++Security-Enhanced Linux secures the lldpad processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the passwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux lldpad policy is very flexible allowing users to setup their lldpad processes in as secure a method as possible.
++.PP
++The following file types are defined for lldpad:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B lldpad_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the passwd_t, you must turn on the kerberos_enabled boolean.
++- Set files with the lldpad_exec_t type, if you want to transition an executable to the lldpad_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B lldpad_initrc_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++- Set files with the lldpad_initrc_exec_t type, if you want to transition an executable to the lldpad_initrc_t domain.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux passwd policy is very flexible allowing users to setup their passwd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for passwd:
++.B lldpad_tmpfs_t
++.EE
++
++- Set files with the lldpad_tmpfs_t type, if you want to store lldpad files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B passwd_exec_t
++.B lldpad_var_lib_t
+.EE
+
-+- Set files with the passwd_exec_t type, if you want to transition an executable to the passwd_t domain.
++- Set files with the lldpad_var_lib_t type, if you want to store the lldpad files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/passwd, /usr/bin/chage
+
+.EX
+.PP
-+.B passwd_file_t
++.B lldpad_var_run_t
+.EE
+
-+- Set files with the passwd_file_t type, if you want to treat the files as passwd content.
++- Set files with the lldpad_var_run_t type, if you want to store the lldpad files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/passwd\.OLD, /etc/ptmptmp, /etc/group[-\+]?, /etc/passwd[-\+]?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -35421,18 +41619,38 @@ index 0000000..1b99b6f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux passwd policy is very flexible allowing users to setup their passwd processes in as secure a method as possible.
++SELinux lldpad policy is very flexible allowing users to setup their lldpad processes in as secure a method as possible.
+.PP
-+The following process types are defined for passwd:
++The following process types are defined for lldpad:
+
+.EX
-+.B passwd_t
++.B lldpad_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lldpad_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lldpad_tmpfs_t
++
++
++.br
++.B lldpad_var_lib_t
++
++ /var/lib/lldpad(/.*)?
++.br
++
++.br
++.B lldpad_var_run_t
++
++ /var/run/lldpad\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35448,22 +41666,22 @@ index 0000000..1b99b6f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pcscd_selinux.8 b/man/man8/pcscd_selinux.8
++selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/load_policy_selinux.8 b/man/man8/load_policy_selinux.8
new file mode 100644
-index 0000000..c2a4661
+index 0000000..92bf5c1
--- /dev/null
-+++ b/man/man8/pcscd_selinux.8
++++ b/man/man8/load_policy_selinux.8
@@ -0,0 +1,85 @@
-+.TH "pcscd_selinux" "8" "pcscd" "dwalsh at redhat.com" "pcscd SELinux Policy documentation"
++.TH "load_policy_selinux" "8" "load_policy" "dwalsh at redhat.com" "load_policy SELinux Policy documentation"
+.SH "NAME"
-+pcscd_selinux \- Security Enhanced Linux Policy for the pcscd processes
++load_policy_selinux \- Security Enhanced Linux Policy for the load_policy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pcscd processes via flexible mandatory access
++Security-Enhanced Linux secures the load_policy processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -35474,30 +41692,22 @@ index 0000000..c2a4661
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pcscd policy is very flexible allowing users to setup their pcscd processes in as secure a method as possible.
++SELinux load_policy policy is very flexible allowing users to setup their load_policy processes in as secure a method as possible.
+.PP
-+The following file types are defined for pcscd:
-+
-+
-+.EX
-+.PP
-+.B pcscd_exec_t
-+.EE
-+
-+- Set files with the pcscd_exec_t type, if you want to transition an executable to the pcscd_t domain.
++The following file types are defined for load_policy:
+
+
+.EX
+.PP
-+.B pcscd_var_run_t
++.B load_policy_exec_t
+.EE
+
-+- Set files with the pcscd_var_run_t type, if you want to store the pcscd files under the /run directory.
++- Set files with the load_policy_exec_t type, if you want to transition an executable to the load_policy_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/pcscd\.pid, /var/run/pcscd\.comm, /var/run/pcscd\.events(/.*)?, /var/run/pcscd\.pub, /var/run/pcscd(/.*)?
++/usr/sbin/load_policy, /sbin/load_policy
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -35512,18 +41722,26 @@ index 0000000..c2a4661
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pcscd policy is very flexible allowing users to setup their pcscd processes in as secure a method as possible.
++SELinux load_policy policy is very flexible allowing users to setup their load_policy processes in as secure a method as possible.
+.PP
-+The following process types are defined for pcscd:
++The following process types are defined for load_policy:
+
+.EX
-+.B pcscd_t
++.B load_policy_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type load_policy_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boolean_type
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35539,106 +41757,48 @@ index 0000000..c2a4661
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pegasus_selinux.8 b/man/man8/pegasus_selinux.8
++selinux(8), load_policy(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/loadkeys_selinux.8 b/man/man8/loadkeys_selinux.8
new file mode 100644
-index 0000000..95434a5
+index 0000000..33b75c0
--- /dev/null
-+++ b/man/man8/pegasus_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "pegasus_selinux" "8" "pegasus" "dwalsh at redhat.com" "pegasus SELinux Policy documentation"
++++ b/man/man8/loadkeys_selinux.8
+@@ -0,0 +1,81 @@
++.TH "loadkeys_selinux" "8" "loadkeys" "dwalsh at redhat.com" "loadkeys SELinux Policy documentation"
+.SH "NAME"
-+pegasus_selinux \- Security Enhanced Linux Policy for the pegasus processes
++loadkeys_selinux \- Security Enhanced Linux Policy for the loadkeys processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pegasus processes via flexible mandatory access
++Security-Enhanced Linux secures the loadkeys processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pegasus_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the pegasus_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
++SELinux loadkeys policy is very flexible allowing users to setup their loadkeys processes in as secure a method as possible.
+.PP
-+The following file types are defined for pegasus:
-+
-+
-+.EX
-+.PP
-+.B pegasus_conf_t
-+.EE
-+
-+- Set files with the pegasus_conf_t type, if you want to treat the files as pegasus configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
-+.PP
-+.B pegasus_data_t
-+.EE
-+
-+- Set files with the pegasus_data_t type, if you want to treat the files as pegasus content.
++The following file types are defined for loadkeys:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/Pegasus/pegasus_current\.conf, /var/lib/Pegasus(/.*)?
+
+.EX
+.PP
-+.B pegasus_exec_t
++.B loadkeys_exec_t
+.EE
+
-+- Set files with the pegasus_exec_t type, if you want to transition an executable to the pegasus_t domain.
++- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/init_repository, /usr/sbin/cimserver
-+
-+.EX
-+.PP
-+.B pegasus_mof_t
-+.EE
-+
-+- Set files with the pegasus_mof_t type, if you want to treat the files as pegasus mof data.
-+
-+
-+.EX
-+.PP
-+.B pegasus_tmp_t
-+.EE
-+
-+- Set files with the pegasus_tmp_t type, if you want to store pegasus temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B pegasus_var_run_t
-+.EE
-+
-+- Set files with the pegasus_var_run_t type, if you want to store the pegasus files under the /run directory.
-+
++/usr/bin/unikeys, /usr/bin/loadkeys
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -35647,58 +41807,28 @@ index 0000000..95434a5
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
-+.PP
-+The following port types are defined for pegasus:
-+
-+.EX
-+.TP 5
-+.B pegasus_http_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 5988
-+.EE
-+
-+.EX
-+.TP 5
-+.B pegasus_https_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 5989
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
++SELinux loadkeys policy is very flexible allowing users to setup their loadkeys processes in as secure a method as possible.
+.PP
-+The following process types are defined for pegasus:
++The following process types are defined for loadkeys:
+
+.EX
-+.B pegasus_t
++.B loadkeys_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type loadkeys_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35709,46 +41839,43 @@ index 0000000..95434a5
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/phpfpm_selinux.8 b/man/man8/phpfpm_selinux.8
++selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/locate_selinux.8 b/man/man8/locate_selinux.8
new file mode 100644
-index 0000000..343e576
+index 0000000..2b21e64
--- /dev/null
-+++ b/man/man8/phpfpm_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "phpfpm_selinux" "8" "phpfpm" "dwalsh at redhat.com" "phpfpm SELinux Policy documentation"
++++ b/man/man8/locate_selinux.8
+@@ -0,0 +1,113 @@
++.TH "locate_selinux" "8" "locate" "dwalsh at redhat.com" "locate SELinux Policy documentation"
+.SH "NAME"
-+phpfpm_selinux \- Security Enhanced Linux Policy for the phpfpm processes
++locate_selinux \- Security Enhanced Linux Policy for the locate processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the phpfpm processes via flexible mandatory access
++Security-Enhanced Linux secures the locate processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the phpfpm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the locate_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the phpfpm_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the locate_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -35757,41 +41884,33 @@ index 0000000..343e576
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux phpfpm policy is very flexible allowing users to setup their phpfpm processes in as secure a method as possible.
++SELinux locate policy is very flexible allowing users to setup their locate processes in as secure a method as possible.
+.PP
-+The following file types are defined for phpfpm:
-+
-+
-+.EX
-+.PP
-+.B phpfpm_exec_t
-+.EE
-+
-+- Set files with the phpfpm_exec_t type, if you want to transition an executable to the phpfpm_t domain.
++The following file types are defined for locate:
+
+
+.EX
+.PP
-+.B phpfpm_log_t
++.B locate_exec_t
+.EE
+
-+- Set files with the phpfpm_log_t type, if you want to treat the data as phpfpm log data, usually stored under the /var/log directory.
++- Set files with the locate_exec_t type, if you want to transition an executable to the locate_t domain.
+
+
+.EX
+.PP
-+.B phpfpm_unit_file_t
++.B locate_log_t
+.EE
+
-+- Set files with the phpfpm_unit_file_t type, if you want to treat the files as phpfpm unit content.
++- Set files with the locate_log_t type, if you want to treat the data as locate log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B phpfpm_var_run_t
++.B locate_var_lib_t
+.EE
+
-+- Set files with the phpfpm_var_run_t type, if you want to store the phpfpm files under the /run directory.
++- Set files with the locate_var_lib_t type, if you want to store the locate files under the /var/lib directory.
+
+
+.PP
@@ -35807,18 +41926,28 @@ index 0000000..343e576
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux phpfpm policy is very flexible allowing users to setup their phpfpm processes in as secure a method as possible.
++SELinux locate policy is very flexible allowing users to setup their locate processes in as secure a method as possible.
+.PP
-+The following process types are defined for phpfpm:
++The following process types are defined for locate:
+
+.EX
-+.B phpfpm_t
++.B locate_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type locate_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B locate_var_lib_t
++
++ /var/lib/[sm]locate(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35834,104 +41963,51 @@ index 0000000..343e576
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), phpfpm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ping_selinux.8 b/man/man8/ping_selinux.8
++selinux(8), locate(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lockdev_selinux.8 b/man/man8/lockdev_selinux.8
new file mode 100644
-index 0000000..f9fabf0
+index 0000000..4f3619b
--- /dev/null
-+++ b/man/man8/ping_selinux.8
-@@ -0,0 +1,164 @@
-+.TH "ping_selinux" "8" "ping" "dwalsh at redhat.com" "ping SELinux Policy documentation"
++++ b/man/man8/lockdev_selinux.8
+@@ -0,0 +1,89 @@
++.TH "lockdev_selinux" "8" "lockdev" "dwalsh at redhat.com" "lockdev SELinux Policy documentation"
+.SH "NAME"
-+ping_selinux \- Security Enhanced Linux Policy for the ping processes
++lockdev_selinux \- Security Enhanced Linux Policy for the lockdev processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ping processes via flexible mandatory access
++Security-Enhanced Linux secures the lockdev processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. ping policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ping with the tightest access possible.
-+
-+
-+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
-+
-+.EX
-+.B setsebool -P user_ping 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pingd_t, ping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the pingd_t, ping_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
++SELinux lockdev policy is very flexible allowing users to setup their lockdev processes in as secure a method as possible.
+.PP
-+The following file types are defined for ping:
-+
-+
-+.EX
-+.PP
-+.B ping_exec_t
-+.EE
-+
-+- Set files with the ping_exec_t type, if you want to transition an executable to the ping_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/ping.*, /usr/sbin/hping2, /usr/sbin/fping.*, /bin/ping.*, /usr/sbin/send_arp
-+
-+.EX
-+.PP
-+.B pingd_etc_t
-+.EE
-+
-+- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B pingd_exec_t
-+.EE
-+
-+- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain.
++The following file types are defined for lockdev:
+
+
+.EX
+.PP
-+.B pingd_initrc_exec_t
++.B lockdev_exec_t
+.EE
+
-+- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain.
++- Set files with the lockdev_exec_t type, if you want to transition an executable to the lockdev_t domain.
+
+
+.EX
+.PP
-+.B pingd_modules_t
++.B lockdev_lock_t
+.EE
+
-+- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules.
++- Set files with the lockdev_lock_t type, if you want to treat the files as lockdev lock data, stored under the /var/lock directory
+
+
+.PP
@@ -35941,47 +42017,32 @@ index 0000000..f9fabf0
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ping:
-+
-+.EX
-+.TP 5
-+.B pingd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 9125
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
++SELinux lockdev policy is very flexible allowing users to setup their lockdev processes in as secure a method as possible.
+.PP
-+The following process types are defined for ping:
++The following process types are defined for lockdev:
+
+.EX
-+.B ping_t, pingd_t
++.B lockdev_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lockdev_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lockdev_lock_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -35992,62 +42053,208 @@ index 0000000..f9fabf0
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ping(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/pingd_selinux.8 b/man/man8/pingd_selinux.8
++selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/logadm_selinux.8 b/man/man8/logadm_selinux.8
new file mode 100644
-index 0000000..7e85446
+index 0000000..7e4c998
--- /dev/null
-+++ b/man/man8/pingd_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "pingd_selinux" "8" "pingd" "dwalsh at redhat.com" "pingd SELinux Policy documentation"
++++ b/man/man8/logadm_selinux.8
+@@ -0,0 +1,159 @@
++.TH "logadm_selinux" "8" "logadm" "mgrepl at redhat.com" "logadm SELinux Policy documentation"
+.SH "NAME"
-+pingd_selinux \- Security Enhanced Linux Policy for the pingd processes
-+.SH "DESCRIPTION"
++logadm_r \- \fBLog administrator role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the pingd processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. pingd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pingd with the tightest access possible.
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
++
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
++
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
++
++The default type for the logadm_r role is logadm_t.
++
++The
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r logadm_r -t logadm_t
++
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to logadm_r by adding a similar line to the /etc/sudoers file.
++
++USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
++
++.br
++sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
++
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach logadm_r role.
++
++Execute the following to see all of the assigned SELinux roles:
++
++.B semanage user -l
++
++You need to add logadm_r to the staff_u user. You could setup the staff_u user to be able to use the logadm_r role with a command like:
++
++.B $ semanage user -m -R 'staff_r system_r logadm_r' staff_u
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type logadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auditd_etc_t
++
++ /etc/audit(/.*)?
++.br
++
++.br
++.B auditd_log_t
++
++ /var/log/audit(/.*)?
++.br
++ /var/log/audit\.log
++.br
++
++.br
++.B auditd_unit_file_t
++
++ /usr/lib/systemd/system/auditd.*
++.br
++
++.br
++.B auditd_var_run_t
++
++ /var/run/auditd\.pid
++.br
++ /var/run/auditd_sock
++.br
++ /var/run/audit_events
++.br
+
++.br
++.B klogd_tmp_t
++
++
++.br
++.B klogd_var_run_t
++
++ /var/run/klogd\.pid
++.br
++
++.br
++.B logfile
++
++ all log files
++.br
++
++.br
++.B syslog_conf_t
++
++ /etc/syslog.conf
++.br
++ /etc/rsyslog.conf
++.br
++
++.br
++.B syslogd_tmp_t
++
++
++.br
++.B syslogd_var_lib_t
++
++ /var/lib/r?syslog(/.*)?
++.br
++ /var/lib/syslog-ng(/.*)?
++.br
++ /var/lib/syslog-ng.persist
++.br
++
++.br
++.B syslogd_var_run_t
++
++ /var/run/log(/.*)?
++.br
++ /var/run/syslog-ng.ctl
++.br
++ /var/log/syslog-ng(/.*)?
++.br
++ /var/run/syslog-ng(/.*)?
++.br
++ /var/run/systemd/journal(/.*)?
++.br
++ /var/run/metalog\.pid
++.br
++ /var/run/syslogd\.pid
++.br
++
++.br
++.B systemd_passwd_var_run_t
+
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
-+.B setsebool -P user_ping 1
-+.EE
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), logadm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/logrotate_selinux.8 b/man/man8/logrotate_selinux.8
+new file mode 100644
+index 0000000..66869e4
+--- /dev/null
++++ b/man/man8/logrotate_selinux.8
+@@ -0,0 +1,189 @@
++.TH "logrotate_selinux" "8" "logrotate" "dwalsh at redhat.com" "logrotate SELinux Policy documentation"
++.SH "NAME"
++logrotate_selinux \- Security Enhanced Linux Policy for the logrotate processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the logrotate processes via flexible mandatory access
++control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pingd_t, ping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the logrotate_t, logrotate_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the pingd_t, ping_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the logrotate_t, logrotate_mail_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -36056,41 +42263,53 @@ index 0000000..7e85446
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
++SELinux logrotate policy is very flexible allowing users to setup their logrotate processes in as secure a method as possible.
+.PP
-+The following file types are defined for pingd:
++The following file types are defined for logrotate:
+
+
+.EX
+.PP
-+.B pingd_etc_t
++.B logrotate_exec_t
+.EE
+
-+- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories.
++- Set files with the logrotate_exec_t type, if you want to transition an executable to the logrotate_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/logrotate, /etc/cron\.(daily|weekly)/sysklogd
+
+.EX
+.PP
-+.B pingd_exec_t
++.B logrotate_lock_t
+.EE
+
-+- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain.
++- Set files with the logrotate_lock_t type, if you want to treat the files as logrotate lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B pingd_initrc_exec_t
++.B logrotate_mail_tmp_t
+.EE
+
-+- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain.
++- Set files with the logrotate_mail_tmp_t type, if you want to store logrotate mail temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B pingd_modules_t
++.B logrotate_tmp_t
+.EE
+
-+- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules.
++- Set files with the logrotate_tmp_t type, if you want to store logrotate temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B logrotate_var_lib_t
++.EE
++
++- Set files with the logrotate_var_lib_t type, if you want to store the logrotate files under the /var/lib directory.
+
+
+.PP
@@ -36100,47 +42319,90 @@ index 0000000..7e85446
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for pingd:
-+
-+.EX
-+.TP 5
-+.B pingd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 9125
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
++SELinux logrotate policy is very flexible allowing users to setup their logrotate processes in as secure a method as possible.
+.PP
-+The following process types are defined for pingd:
++The following process types are defined for logrotate:
+
+.EX
-+.B ping_t, pingd_t
++.B logrotate_t, logrotate_mail_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type logrotate_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B abrt_var_cache_t
++
++ /var/cache/abrt(/.*)?
++.br
++ /var/spool/abrt(/.*)?
++.br
++ /var/cache/abrt-di(/.*)?
++.br
++
++.br
++.B logfile
++
++ all log files
++.br
++
++.br
++.B logrotate_lock_t
++
++
++.br
++.B logrotate_tmp_t
++
++
++.br
++.B logrotate_var_lib_t
++
++ /var/lib/logrotate\.status
++.br
++
++.br
++.B named_cache_t
++
++ /var/named/data(/.*)?
++.br
++ /var/named/slaves(/.*)?
++.br
++ /var/named/dynamic(/.*)?
++.br
++ /var/named/chroot/var/tmp(/.*)?
++.br
++ /var/named/chroot/var/named/data(/.*)?
++.br
++ /var/named/chroot/var/named/slaves(/.*)?
++.br
++ /var/named/chroot/var/named/dynamic(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B var_spool_t
++
++ /var/spool(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -36151,62 +42413,43 @@ index 0000000..7e85446
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pingd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/piranha_selinux.8 b/man/man8/piranha_selinux.8
++selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/logwatch_selinux.8 b/man/man8/logwatch_selinux.8
new file mode 100644
-index 0000000..7ca6103
+index 0000000..751ce93
--- /dev/null
-+++ b/man/man8/piranha_selinux.8
-@@ -0,0 +1,244 @@
-+.TH "piranha_selinux" "8" "piranha" "dwalsh at redhat.com" "piranha SELinux Policy documentation"
++++ b/man/man8/logwatch_selinux.8
+@@ -0,0 +1,165 @@
++.TH "logwatch_selinux" "8" "logwatch" "dwalsh at redhat.com" "logwatch SELinux Policy documentation"
+.SH "NAME"
-+piranha_selinux \- Security Enhanced Linux Policy for the piranha processes
++logwatch_selinux \- Security Enhanced Linux Policy for the logwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the piranha processes via flexible mandatory access
++Security-Enhanced Linux secures the logwatch processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. piranha policy is extremely flexible and has several booleans that allow you to manipulate the policy and run piranha with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow piranha-lvs domain to connect to the network using TCP, you must turn on the piranha_lvs_can_network_connect boolean.
-+
-+.EX
-+.B setsebool -P piranha_lvs_can_network_connect 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the piranha_pulse_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the logwatch_mail_t, logwatch_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the piranha_pulse_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the logwatch_mail_t, logwatch_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -36215,134 +42458,220 @@ index 0000000..7ca6103
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux piranha policy is very flexible allowing users to setup their piranha processes in as secure a method as possible.
++SELinux logwatch policy is very flexible allowing users to setup their logwatch processes in as secure a method as possible.
+.PP
-+The following file types are defined for piranha:
++The following file types are defined for logwatch:
+
+
+.EX
+.PP
-+.B piranha_etc_rw_t
++.B logwatch_cache_t
+.EE
+
-+- Set files with the piranha_etc_rw_t type, if you want to treat the files as piranha etc read/write content.
++- Set files with the logwatch_cache_t type, if you want to store the files under the /var/cache directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/epylog(/.*)?, /var/lib/logcheck(/.*)?, /var/cache/logwatch(/.*)?
+
+.EX
+.PP
-+.B piranha_fos_exec_t
++.B logwatch_exec_t
+.EE
+
-+- Set files with the piranha_fos_exec_t type, if you want to transition an executable to the piranha_fos_t domain.
++- Set files with the logwatch_exec_t type, if you want to transition an executable to the logwatch_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/logcheck, /usr/sbin/epylog, /usr/share/logwatch/scripts/logwatch\.pl
+
+.EX
+.PP
-+.B piranha_fos_var_run_t
++.B logwatch_lock_t
+.EE
+
-+- Set files with the piranha_fos_var_run_t type, if you want to store the piranha fos files under the /run directory.
++- Set files with the logwatch_lock_t type, if you want to treat the files as logwatch lock data, stored under the /var/lock directory
+
+
+.EX
+.PP
-+.B piranha_log_t
++.B logwatch_mail_tmp_t
+.EE
+
-+- Set files with the piranha_log_t type, if you want to treat the data as piranha log data, usually stored under the /var/log directory.
++- Set files with the logwatch_mail_tmp_t type, if you want to store logwatch mail temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B piranha_lvs_exec_t
++.B logwatch_tmp_t
+.EE
+
-+- Set files with the piranha_lvs_exec_t type, if you want to transition an executable to the piranha_lvs_t domain.
++- Set files with the logwatch_tmp_t type, if you want to store logwatch temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B piranha_lvs_var_run_t
++.B logwatch_var_run_t
+.EE
+
-+- Set files with the piranha_lvs_var_run_t type, if you want to store the piranha lvs files under the /run directory.
++- Set files with the logwatch_var_run_t type, if you want to store the logwatch files under the /run directory.
+
+
-+.EX
+.PP
-+.B piranha_pulse_exec_t
-+.EE
-+
-+- Set files with the piranha_pulse_exec_t type, if you want to transition an executable to the piranha_pulse_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux logwatch policy is very flexible allowing users to setup their logwatch processes in as secure a method as possible.
++.PP
++The following process types are defined for logwatch:
+
+.EX
-+.PP
-+.B piranha_pulse_initrc_exec_t
++.B logwatch_t, logwatch_mail_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the piranha_pulse_initrc_exec_t type, if you want to transition an executable to the piranha_pulse_initrc_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type logwatch_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B piranha_pulse_var_run_t
-+.EE
++.br
++.B logwatch_cache_t
+
-+- Set files with the piranha_pulse_var_run_t type, if you want to store the piranha pulse files under the /run directory.
++ /var/lib/epylog(/.*)?
++.br
++ /var/lib/logcheck(/.*)?
++.br
++ /var/cache/logwatch(/.*)?
++.br
+
++.br
++.B logwatch_lock_t
+
-+.EX
-+.PP
-+.B piranha_web_conf_t
-+.EE
++ /var/log/logcheck/.+
++.br
++
++.br
++.B logwatch_tmp_t
+
-+- Set files with the piranha_web_conf_t type, if you want to treat the files as piranha web configuration data, usually stored under the /etc directory.
+
+.br
-+.TP 5
-+Paths:
-+/var/lib/luci/etc(/.*)?, /var/lib/luci/cert(/.*)?
++.B logwatch_var_run_t
+
-+.EX
++ /var/run/epylog\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B piranha_web_data_t
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lpd_selinux.8 b/man/man8/lpd_selinux.8
+new file mode 100644
+index 0000000..41f5cbc
+--- /dev/null
++++ b/man/man8/lpd_selinux.8
+@@ -0,0 +1,148 @@
++.TH "lpd_selinux" "8" "lpd" "dwalsh at redhat.com" "lpd SELinux Policy documentation"
++.SH "NAME"
++lpd_selinux \- Security Enhanced Linux Policy for the lpd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the lpd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. lpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run lpd with the tightest access possible.
++
++
++.PP
++If you want to use lpd server instead of cups, you must turn on the use_lpd_server boolean.
++
++.EX
++.B setsebool -P use_lpd_server 1
+.EE
+
-+- Set files with the piranha_web_data_t type, if you want to treat the files as piranha web content.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the lpr_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B piranha_web_exec_t
++If you want to allow confined applications to run with kerberos for the lpr_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the piranha_web_exec_t type, if you want to transition an executable to the piranha_web_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux lpd policy is very flexible allowing users to setup their lpd processes in as secure a method as possible.
++.PP
++The following file types are defined for lpd:
+
+
+.EX
+.PP
-+.B piranha_web_tmp_t
++.B lpd_exec_t
+.EE
+
-+- Set files with the piranha_web_tmp_t type, if you want to store piranha web temporary files in the /tmp directories.
++- Set files with the lpd_exec_t type, if you want to transition an executable to the lpd_t domain.
+
+
+.EX
+.PP
-+.B piranha_web_tmpfs_t
++.B lpd_tmp_t
+.EE
+
-+- Set files with the piranha_web_tmpfs_t type, if you want to store piranha web files on a tmpfs file system.
++- Set files with the lpd_tmp_t type, if you want to store lpd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B piranha_web_var_run_t
++.B lpd_var_run_t
+.EE
+
-+- Set files with the piranha_web_var_run_t type, if you want to store the piranha web files under the /run directory.
++- Set files with the lpd_var_run_t type, if you want to store the lpd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/spool/turboprint(/.*)?, /var/run/lprng(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -36351,47 +42680,50 @@ index 0000000..7ca6103
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux piranha policy is very flexible allowing users to setup their piranha processes in as secure a method as possible.
-+.PP
-+The following port types are defined for piranha:
-+
-+.EX
-+.TP 5
-+.B piranha_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 3636
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux piranha policy is very flexible allowing users to setup their piranha processes in as secure a method as possible.
++SELinux lpd policy is very flexible allowing users to setup their lpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for piranha:
++The following process types are defined for lpd:
+
+.EX
-+.B piranha_pulse_t, piranha_fos_t, piranha_lvs_t, piranha_web_t
++.B lpd_t, lpr_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lpd_tmp_t
++
++
++.br
++.B lpd_var_run_t
++
++ /var/run/lprng(/.*)?
++.br
++ /var/spool/turboprint(/.*)?
++.br
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -36402,9 +42734,6 @@ index 0000000..7ca6103
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -36413,25 +42742,41 @@ index 0000000..7ca6103
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), piranha(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), lpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), lpr_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/pki_selinux.8 b/man/man8/pki_selinux.8
+diff --git a/man/man8/lpr_selinux.8 b/man/man8/lpr_selinux.8
new file mode 100644
-index 0000000..2272c46
+index 0000000..3b5cab5
--- /dev/null
-+++ b/man/man8/pki_selinux.8
-@@ -0,0 +1,504 @@
-+.TH "pki_selinux" "8" "pki" "dwalsh at redhat.com" "pki SELinux Policy documentation"
++++ b/man/man8/lpr_selinux.8
+@@ -0,0 +1,103 @@
++.TH "lpr_selinux" "8" "lpr" "dwalsh at redhat.com" "lpr SELinux Policy documentation"
+.SH "NAME"
-+pki_selinux \- Security Enhanced Linux Policy for the pki processes
++lpr_selinux \- Security Enhanced Linux Policy for the lpr processes
+.SH "DESCRIPTION"
+
++Security-Enhanced Linux secures the lpr processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the lpr_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
+
++.PP
++If you want to allow confined applications to run with kerberos for the lpr_t, you must turn on the kerberos_enabled boolean.
+
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -36439,473 +42784,561 @@ index 0000000..2272c46
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pki policy is very flexible allowing users to setup their pki processes in as secure a method as possible.
++SELinux lpr policy is very flexible allowing users to setup their lpr processes in as secure a method as possible.
+.PP
-+The following file types are defined for pki:
++The following file types are defined for lpr:
+
+
+.EX
+.PP
-+.B pki_ca_etc_rw_t
++.B lpr_exec_t
+.EE
+
-+- Set files with the pki_ca_etc_rw_t type, if you want to treat the files as pki ca etc read/write content.
++- Set files with the lpr_exec_t type, if you want to transition an executable to the lpr_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/pki-ca(/.*)?, /etc/sysconfig/pki/ca(/.*)?
++/usr/sbin/accept, /opt/gutenprint/s?bin(/.*)?, /usr/bin/cancel(\.cups)?, /usr/bin/lp(\.cups)?, /usr/bin/lpstat(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/bin/lpoptions, /usr/bin/lpq(\.cups)?, /usr/sbin/lpadmin, /usr/sbin/lpinfo, /usr/bin/lpr(\.cups)?, /usr/sbin/lpmove, /usr/bin/lprm(\.cups)?, /usr/linuxprinter/bin/l?lpr
+
+.EX
+.PP
-+.B pki_ca_exec_t
++.B lpr_tmp_t
+.EE
+
-+- Set files with the pki_ca_exec_t type, if you want to transition an executable to the pki_ca_t domain.
++- Set files with the lpr_tmp_t type, if you want to store lpr temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B pki_ca_log_t
-+.EE
-+
-+- Set files with the pki_ca_log_t type, if you want to treat the data as pki ca log data, usually stored under the /var/log directory.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux lpr policy is very flexible allowing users to setup their lpr processes in as secure a method as possible.
++.PP
++The following process types are defined for lpr:
+
+.EX
-+.PP
-+.B pki_ca_tomcat_exec_t
++.B lpr_t
+.EE
-+
-+- Set files with the pki_ca_tomcat_exec_t type, if you want to transition an executable to the pki_ca_tomcat_t domain.
-+
-+
-+.EX
+.PP
-+.B pki_ca_var_lib_t
-+.EE
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the pki_ca_var_lib_t type, if you want to store the pki ca files under the /var/lib directory.
++.SH "MANAGED FILES"
+
++The SELinux user type lpr_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B pki_ca_var_run_t
-+.EE
-+
-+- Set files with the pki_ca_var_run_t type, if you want to store the pki ca files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/pki-ca.pid, /var/run/pki/ca(/.*)?
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B pki_common_dev_t
-+.EE
-+
-+- Set files with the pki_common_dev_t type, if you want to treat the files as pki common dev data.
-+
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B pki_common_t
-+.EE
-+
-+- Set files with the pki_common_t type, if you want to treat the files as pki common data.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B pki_kra_etc_rw_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lsassd_selinux.8 b/man/man8/lsassd_selinux.8
+new file mode 100644
+index 0000000..aaa8956
+--- /dev/null
++++ b/man/man8/lsassd_selinux.8
+@@ -0,0 +1,251 @@
++.TH "lsassd_selinux" "8" "lsassd" "dwalsh at redhat.com" "lsassd SELinux Policy documentation"
++.SH "NAME"
++lsassd_selinux \- Security Enhanced Linux Policy for the lsassd processes
++.SH "DESCRIPTION"
+
-+- Set files with the pki_kra_etc_rw_t type, if you want to treat the files as pki kra etc read/write content.
++Security-Enhanced Linux secures the lsassd processes via flexible mandatory access
++control.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/pki-kra(/.*)?, /etc/sysconfig/pki/kra(/.*)?
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B pki_kra_exec_t
-+.EE
-+
-+- Set files with the pki_kra_exec_t type, if you want to transition an executable to the pki_kra_t domain.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B pki_kra_log_t
-+.EE
-+
-+- Set files with the pki_kra_log_t type, if you want to treat the data as pki kra log data, usually stored under the /var/log directory.
++Policy governs the access confined processes have to these files.
++SELinux lsassd policy is very flexible allowing users to setup their lsassd processes in as secure a method as possible.
++.PP
++The following file types are defined for lsassd:
+
+
+.EX
+.PP
-+.B pki_kra_tomcat_exec_t
++.B lsassd_exec_t
+.EE
+
-+- Set files with the pki_kra_tomcat_exec_t type, if you want to transition an executable to the pki_kra_tomcat_t domain.
++- Set files with the lsassd_exec_t type, if you want to transition an executable to the lsassd_t domain.
+
+
+.EX
+.PP
-+.B pki_kra_var_lib_t
++.B lsassd_tmp_t
+.EE
+
-+- Set files with the pki_kra_var_lib_t type, if you want to store the pki kra files under the /var/lib directory.
++- Set files with the lsassd_tmp_t type, if you want to store lsassd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B pki_kra_var_run_t
++.B lsassd_var_lib_t
+.EE
+
-+- Set files with the pki_kra_var_run_t type, if you want to store the pki kra files under the /run directory.
++- Set files with the lsassd_var_lib_t type, if you want to store the lsassd files under the /var/lib directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/pki-kra.pid, /var/run/pki/kra(/.*)?
++/var/lib/likewise-open/krb5ccr_lsass, /var/lib/likewise-open/db/lsass-adstate\.filedb, /var/lib/likewise-open/lsasd\.err, /var/lib/likewise-open/db/lsass-adcache\.db, /var/lib/likewise-open/db/sam\.db
+
+.EX
+.PP
-+.B pki_ocsp_etc_rw_t
++.B lsassd_var_run_t
+.EE
+
-+- Set files with the pki_ocsp_etc_rw_t type, if you want to treat the files as pki ocsp etc read/write content.
++- Set files with the lsassd_var_run_t type, if you want to store the lsassd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/pki-ocsp(/.*)?, /etc/sysconfig/pki/ocsp(/.*)?
+
+.EX
+.PP
-+.B pki_ocsp_exec_t
++.B lsassd_var_socket_t
+.EE
+
-+- Set files with the pki_ocsp_exec_t type, if you want to transition an executable to the pki_ocsp_t domain.
++- Set files with the lsassd_var_socket_t type, if you want to treat the files as lsassd var socket data.
+
++.br
++.TP 5
++Paths:
++/var/lib/likewise-open/\.lsassd, /var/lib/likewise-open/\.ntlmd, /var/lib/likewise-open/rpc/lsass
+
-+.EX
+.PP
-+.B pki_ocsp_log_t
-+.EE
-+
-+- Set files with the pki_ocsp_log_t type, if you want to treat the data as pki ocsp log data, usually stored under the /var/log directory.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B pki_ocsp_tomcat_exec_t
-+.EE
-+
-+- Set files with the pki_ocsp_tomcat_exec_t type, if you want to transition an executable to the pki_ocsp_tomcat_t domain.
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux lsassd policy is very flexible allowing users to setup their lsassd processes in as secure a method as possible.
++.PP
++The following process types are defined for lsassd:
+
+.EX
-+.PP
-+.B pki_ocsp_var_lib_t
++.B lsassd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the pki_ocsp_var_lib_t type, if you want to store the pki ocsp files under the /var/lib directory.
++.SH "MANAGED FILES"
+
++The SELinux user type lsassd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B pki_ocsp_var_run_t
-+.EE
++.br
++.B etc_runtime_t
+
-+- Set files with the pki_ocsp_var_run_t type, if you want to store the pki ocsp files under the /run directory.
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
+
+.br
-+.TP 5
-+Paths:
-+/var/run/pki-ocsp.pid, /var/run/pki/ocsp(/.*)?
++.B etc_t
+
-+.EX
-+.PP
-+.B pki_ra_etc_rw_t
-+.EE
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
+
-+- Set files with the pki_ra_etc_rw_t type, if you want to treat the files as pki ra etc read/write content.
++.br
++.B krb5_keytab_t
+
++ /etc/krb5\.keytab
++.br
++ /etc/krb5kdc/kadm5\.keytab
++.br
++ /var/kerberos/krb5kdc/kadm5\.keytab
+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/pki/ra(/.*)?, /etc/pki-ra(/.*)?
+
-+.EX
-+.PP
-+.B pki_ra_exec_t
-+.EE
++.br
++.B likewise_etc_t
+
-+- Set files with the pki_ra_exec_t type, if you want to transition an executable to the pki_ra_t domain.
++ /etc/likewise-open(/.*)?
++.br
+
++.br
++.B lsassd_tmp_t
+
-+.EX
-+.PP
-+.B pki_ra_log_t
-+.EE
+
-+- Set files with the pki_ra_log_t type, if you want to treat the data as pki ra log data, usually stored under the /var/log directory.
++.br
++.B lsassd_var_lib_t
+
++ /var/lib/likewise-open/lsasd\.err
++.br
++ /var/lib/likewise-open/db/sam\.db
++.br
++ /var/lib/likewise-open/krb5ccr_lsass
++.br
++ /var/lib/likewise-open/db/lsass-adcache\.db
++.br
++ /var/lib/likewise-open/db/lsass-adstate\.filedb
++.br
+
-+.EX
-+.PP
-+.B pki_ra_script_exec_t
-+.EE
++.br
++.B lsassd_var_run_t
+
-+- Set files with the pki_ra_script_exec_t type, if you want to transition an executable to the pki_ra_script_t domain.
++ /var/run/lsassd.pid
++.br
+
++.br
++.B security_t
+
-+.EX
-+.PP
-+.B pki_ra_tomcat_exec_t
-+.EE
++ /selinux
++.br
+
-+- Set files with the pki_ra_tomcat_exec_t type, if you want to transition an executable to the pki_ra_tomcat_t domain.
++.br
++.B user_home_t
+
++ /home/[^/]*/.+
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B pki_ra_var_lib_t
-+.EE
-+
-+- Set files with the pki_ra_var_lib_t type, if you want to store the pki ra files under the /var/lib directory.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B pki_ra_var_run_t
-+.EE
-+
-+- Set files with the pki_ra_var_run_t type, if you want to store the pki ra files under the /run directory.
-+
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B pki_tks_etc_rw_t
-+.EE
-+
-+- Set files with the pki_tks_etc_rw_t type, if you want to treat the files as pki tks etc read/write content.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/pki/tks(/.*)?, /etc/pki-tks(/.*)?
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B pki_tks_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lvm_selinux.8 b/man/man8/lvm_selinux.8
+new file mode 100644
+index 0000000..46092e1
+--- /dev/null
++++ b/man/man8/lvm_selinux.8
+@@ -0,0 +1,239 @@
++.TH "lvm_selinux" "8" "lvm" "dwalsh at redhat.com" "lvm SELinux Policy documentation"
++.SH "NAME"
++lvm_selinux \- Security Enhanced Linux Policy for the lvm processes
++.SH "DESCRIPTION"
+
-+- Set files with the pki_tks_exec_t type, if you want to transition an executable to the pki_tks_t domain.
++Security-Enhanced Linux secures the lvm processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B pki_tks_log_t
-+.EE
-+
-+- Set files with the pki_tks_log_t type, if you want to treat the data as pki tks log data, usually stored under the /var/log directory.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B pki_tks_tomcat_exec_t
-+.EE
-+
-+- Set files with the pki_tks_tomcat_exec_t type, if you want to transition an executable to the pki_tks_tomcat_t domain.
++Policy governs the access confined processes have to these files.
++SELinux lvm policy is very flexible allowing users to setup their lvm processes in as secure a method as possible.
++.PP
++The following file types are defined for lvm:
+
+
+.EX
+.PP
-+.B pki_tks_var_lib_t
++.B lvm_etc_t
+.EE
+
-+- Set files with the pki_tks_var_lib_t type, if you want to store the pki tks files under the /var/lib directory.
++- Set files with the lvm_etc_t type, if you want to store lvm files in the /etc directories.
+
+
+.EX
+.PP
-+.B pki_tks_var_run_t
++.B lvm_exec_t
+.EE
+
-+- Set files with the pki_tks_var_run_t type, if you want to store the pki tks files under the /run directory.
++- Set files with the lvm_exec_t type, if you want to transition an executable to the lvm_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/pki-tks.pid, /var/run/pki/tks(/.*)?
++/sbin/dmsetup, /usr/sbin/dmsetup, /usr/sbin/pvchange, /sbin/dmraid, /sbin/pvremove, /sbin/vgextend, /sbin/vgscan\.static, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /usr/lib/lvm-10/.*, /sbin/lvmdiskscan, /sbin/lvresize, /sbin/vgmknodes, /usr/sbin/lvdisplay, /usr/sbin/mount\.crypt, /usr/sbin/pvs, /usr/sbin/vgsplit, /usr/lib/systemd/systemd-cryptsetup, /sbin/pvmove, /sbin/multipath\.static, /usr/sbin/pvcreate, /usr/sbin/lvmdiskscan, /usr/sbin/vgcfgbackup, /usr/sbin/lvmiopversion, /usr/sbin/vgimport, /sbin/vgck, /sbin/pvscan, /usr/sbin/lvmchange, /sbin/lvreduce, /sbin/vgremove, /sbin/vgscan, /sbin/vgsplit, /lib/lvm-200/.*, /usr/sbin/lvremove, /sbin/vgmerge, /usr/sbin/vgchange\.static, /sbin/pvcreate, /usr/sbin/lvm, /usr/sbin/lvrename, /usr/sbin/lvmsadc, /usr/lib/lvm-200/.*, /usr/sbin/pvdata, /usr/sbin/lvmetad, /sbin/vgchange, /sbin/lvm\.static, /sbin/vgcfgbackup, /sbin/e2fsadm, /sbin/lvm, /sbin/pvdata, /usr/sbin/lvcreate, /usr/sbin/vgextend, /sbin/lvextend, /usr/lib/udev
/udisks-lvm-pv-export, /sbin/vgcfgrestore, /usr/sbin/vgscan, /sbin/vgs, /sbin/lvmchange, /sbin/vgimport, /usr/sbin/lvscan, /usr/sbin/pvscan, /usr/sbin/vgreduce, /usr/sbin/dmsetup\.static, /usr/sbin/vgexport, /usr/sbin/lvextend, /usr/sbin/cryptsetup, /usr/sbin/dmraid, /usr/sbin/lvresize, /sbin/dmsetup\.static, /sbin/lvmsar, /usr/sbin/vgs, /usr/sbin/vgrename, /usr/sbin/lvs, /sbin/vgchange\.static, /usr/sbin/pvmove, /sbin/lvmsadc, /usr/sbin/vgmknodes, /sbin/lvmetad, /sbin/lvmiopversion, /usr/sbin/pvdisplay, /usr/sbin/vgremove, /usr/sbin/vgscan\.static, /sbin/pvdisplay, /usr/sbin/vgcfgrestore, /usr/sbin/kpartx, /sbin/cryptsetup, /lib/udev/udisks-lvm-pv-export, /sbin/vgwrapper, /sbin/pvs, /sbin/lvchange, /sbin/pvchange, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/mount\.crypt, /sbin/vgcreate, /usr/sbin/vgwrapper, /sbin/vgreduce, /usr/sbin/lvreduce, /sbin/lvrename, /sbin/multipathd, /usr/sbin/vgcreate, /usr/sbin/vgmerge, /usr/sbin/multipath\.static, /sbin/vgexport, /usr/sbi
n/lvchange, /sbin/lvs, /usr/sbin/lvmsar, /usr/sbin/e2fsadm, /usr/sbin/vgchange, /sbin/kpartx, /lib/lvm-10/.*, /sbin/lvscan, /sbin/lvcreate, /sbin/vgdisplay, /usr/sbin/vgdisplay, /usr/sbin/dmeventd, /sbin/lvremove, /usr/sbin/pvremove
+
+.EX
+.PP
-+.B pki_tps_etc_rw_t
++.B lvm_lock_t
+.EE
+
-+- Set files with the pki_tps_etc_rw_t type, if you want to treat the files as pki tps etc read/write content.
++- Set files with the lvm_lock_t type, if you want to treat the files as lvm lock data, stored under the /var/lock directory
+
+.br
+.TP 5
+Paths:
-+/etc/sysconfig/pki/tps(/.*)?, /etc/pki-tps(/.*)?
-+
-+.EX
-+.PP
-+.B pki_tps_exec_t
-+.EE
-+
-+- Set files with the pki_tps_exec_t type, if you want to transition an executable to the pki_tps_t domain.
-+
-+
-+.EX
-+.PP
-+.B pki_tps_log_t
-+.EE
-+
-+- Set files with the pki_tps_log_t type, if you want to treat the data as pki tps log data, usually stored under the /var/log directory.
-+
++/var/lock/lvm(/.*)?, /etc/lvm/lock(/.*)?
+
+.EX
+.PP
-+.B pki_tps_script_exec_t
++.B lvm_metadata_t
+.EE
+
-+- Set files with the pki_tps_script_exec_t type, if you want to transition an executable to the pki_tps_script_t domain.
++- Set files with the lvm_metadata_t type, if you want to treat the files as lvm metadata data.
+
++.br
++.TP 5
++Paths:
++/etc/lvm/\.cache, /etc/lvm/backup(/.*)?, /var/cache/multipathd(/.*)?, /etc/lvmtab\.d(/.*)?, /etc/lvmtab(/.*)?, /etc/lvm/archive(/.*)?, /etc/lvm/cache(/.*)?
+
+.EX
+.PP
-+.B pki_tps_tomcat_exec_t
++.B lvm_tmp_t
+.EE
+
-+- Set files with the pki_tps_tomcat_exec_t type, if you want to transition an executable to the pki_tps_tomcat_t domain.
++- Set files with the lvm_tmp_t type, if you want to store lvm temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B pki_tps_var_lib_t
++.B lvm_var_lib_t
+.EE
+
-+- Set files with the pki_tps_var_lib_t type, if you want to store the pki tps files under the /var/lib directory.
++- Set files with the lvm_var_lib_t type, if you want to store the lvm files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B pki_tps_var_run_t
++.B lvm_var_run_t
+.EE
+
-+- Set files with the pki_tps_var_run_t type, if you want to store the pki tps files under the /run directory.
++- Set files with the lvm_var_run_t type, if you want to store the lvm files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/lvm(/.*)?, /var/run/multipathd\.sock, /var/run/dmevent.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux pki policy is very flexible allowing users to setup their pki processes in as secure a method as possible.
++Policy governs the access confined processes have to files.
++SELinux lvm policy is very flexible allowing users to setup their lvm processes in as secure a method as possible.
+.PP
-+The following port types are defined for pki:
++The following process types are defined for lvm:
+
+.EX
-+.TP 5
-+.B pki_ca_port_t
-+.TP 10
++.B lvm_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
++The SELinux user type lvm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.TP 5
-+.B pki_kra_port_t
-+.TP 10
-+.EE
++.br
++.B anon_inodefs_t
+
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
++.br
++.B device_t
+
-+.EX
-+.TP 5
-+.B pki_ocsp_port_t
-+.TP 10
-+.EE
++ /dev/.*
++.br
++ /lib/udev/devices(/.*)?
++.br
++ /usr/lib/udev/devices(/.*)?
++.br
++ /dev
++.br
++ /etc/udev/devices
++.br
++ /var/named/chroot/dev
++.br
++ /var/spool/postfix/dev
++.br
+
++.br
++.B lvm_lock_t
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
++ /etc/lvm/lock(/.*)?
++.br
++ /var/lock/lvm(/.*)?
++.br
+
-+.EX
-+.TP 5
-+.B pki_ra_port_t
-+.TP 10
-+.EE
++.br
++.B lvm_metadata_t
+
++ /etc/lvmtab(/.*)?
++.br
++ /etc/lvmtab\.d(/.*)?
++.br
++ /etc/lvm/cache(/.*)?
++.br
++ /etc/lvm/backup(/.*)?
++.br
++ /etc/lvm/archive(/.*)?
++.br
++ /var/cache/multipathd(/.*)?
++.br
++ /etc/lvm/\.cache
++.br
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
++.br
++.B lvm_tmp_t
+
-+.EX
-+.TP 5
-+.B pki_tks_port_t
-+.TP 10
-+.EE
+
++.br
++.B lvm_var_lib_t
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
++ /var/lib/multipath(/.*)?
++.br
+
-+.EX
-+.TP 5
-+.B pki_tps_port_t
-+.TP 10
-+.EE
++.br
++.B lvm_var_run_t
+
++ /var/run/lvm(/.*)?
++.br
++ /var/run/dmevent.*
++.br
++ /var/run/multipathd\.sock
++.br
+
-+Default Defined Ports:
-+tcp 8021
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux pki policy is very flexible allowing users to setup their pki processes in as secure a method as possible.
-+.PP
-+The following process types are defined for pki:
++.br
++.B rpm_script_tmp_t
+
-+.EX
-+.B pki_ca_t, pki_ra_t, pki_ca_script_t, pki_ocsp_t, pki_kra_t, pki_tks_t, pki_tps_t, pki_ocsp_script_t, pki_kra_script_t, pki_tks_script_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B virt_image_type
++
++ all virtual image files
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -36917,30 +43350,27 @@ index 0000000..2272c46
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pki(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/plymouth_selinux.8 b/man/man8/plymouth_selinux.8
++selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lwiod_selinux.8 b/man/man8/lwiod_selinux.8
new file mode 100644
-index 0000000..d65e7f3
+index 0000000..52d1bca
--- /dev/null
-+++ b/man/man8/plymouth_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "plymouth_selinux" "8" "plymouth" "dwalsh at redhat.com" "plymouth SELinux Policy documentation"
++++ b/man/man8/lwiod_selinux.8
+@@ -0,0 +1,117 @@
++.TH "lwiod_selinux" "8" "lwiod" "dwalsh at redhat.com" "lwiod SELinux Policy documentation"
+.SH "NAME"
-+plymouth_selinux \- Security Enhanced Linux Policy for the plymouth processes
++lwiod_selinux \- Security Enhanced Linux Policy for the lwiod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the plymouth processes via flexible mandatory access
++Security-Enhanced Linux secures the lwiod processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -36951,65 +43381,41 @@ index 0000000..d65e7f3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux plymouth policy is very flexible allowing users to setup their plymouth processes in as secure a method as possible.
++SELinux lwiod policy is very flexible allowing users to setup their lwiod processes in as secure a method as possible.
+.PP
-+The following file types are defined for plymouth:
-+
-+
-+.EX
-+.PP
-+.B plymouth_exec_t
-+.EE
-+
-+- Set files with the plymouth_exec_t type, if you want to transition an executable to the plymouth_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/bin/plymouth, /usr/bin/plymouth
-+
-+.EX
-+.PP
-+.B plymouthd_exec_t
-+.EE
-+
-+- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
++The following file types are defined for lwiod:
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/plymouthd, /usr/sbin/plymouthd
+
+.EX
+.PP
-+.B plymouthd_spool_t
++.B lwiod_exec_t
+.EE
+
-+- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory.
++- Set files with the lwiod_exec_t type, if you want to transition an executable to the lwiod_t domain.
+
+
+.EX
+.PP
-+.B plymouthd_var_lib_t
++.B lwiod_var_lib_t
+.EE
+
-+- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory.
++- Set files with the lwiod_var_lib_t type, if you want to store the lwiod files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B plymouthd_var_log_t
++.B lwiod_var_run_t
+.EE
+
-+- Set files with the plymouthd_var_log_t type, if you want to treat the data as plymouthd var log data, usually stored under the /var/log directory.
++- Set files with the lwiod_var_run_t type, if you want to store the lwiod files under the /run directory.
+
+
+.EX
+.PP
-+.B plymouthd_var_run_t
++.B lwiod_var_socket_t
+.EE
+
-+- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory.
++- Set files with the lwiod_var_socket_t type, if you want to treat the files as lwiod var socket data.
+
+
+.PP
@@ -37025,18 +43431,38 @@ index 0000000..d65e7f3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux plymouth policy is very flexible allowing users to setup their plymouth processes in as secure a method as possible.
++SELinux lwiod policy is very flexible allowing users to setup their lwiod processes in as secure a method as possible.
+.PP
-+The following process types are defined for plymouth:
++The following process types are defined for lwiod:
+
+.EX
-+.B plymouth_t, plymouthd_t
++.B lwiod_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lwiod_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B krb5_conf_t
++
++ /etc/krb5\.conf
++.br
++
++.br
++.B lwiod_var_lib_t
++
++
++.br
++.B lwiod_var_run_t
++
++ /var/run/lwiod.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37052,22 +43478,22 @@ index 0000000..d65e7f3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/plymouthd_selinux.8 b/man/man8/plymouthd_selinux.8
++selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lwregd_selinux.8 b/man/man8/lwregd_selinux.8
new file mode 100644
-index 0000000..2862f31
+index 0000000..54bbf09
--- /dev/null
-+++ b/man/man8/plymouthd_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "plymouthd_selinux" "8" "plymouthd" "dwalsh at redhat.com" "plymouthd SELinux Policy documentation"
++++ b/man/man8/lwregd_selinux.8
+@@ -0,0 +1,119 @@
++.TH "lwregd_selinux" "8" "lwregd" "dwalsh at redhat.com" "lwregd SELinux Policy documentation"
+.SH "NAME"
-+plymouthd_selinux \- Security Enhanced Linux Policy for the plymouthd processes
++lwregd_selinux \- Security Enhanced Linux Policy for the lwregd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the plymouthd processes via flexible mandatory access
++Security-Enhanced Linux secures the lwregd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -37078,53 +43504,45 @@ index 0000000..2862f31
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux plymouthd policy is very flexible allowing users to setup their plymouthd processes in as secure a method as possible.
++SELinux lwregd policy is very flexible allowing users to setup their lwregd processes in as secure a method as possible.
+.PP
-+The following file types are defined for plymouthd:
++The following file types are defined for lwregd:
+
+
+.EX
+.PP
-+.B plymouthd_exec_t
++.B lwregd_exec_t
+.EE
+
-+- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
++- Set files with the lwregd_exec_t type, if you want to transition an executable to the lwregd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/plymouthd, /usr/sbin/plymouthd
+
+.EX
+.PP
-+.B plymouthd_spool_t
++.B lwregd_var_lib_t
+.EE
+
-+- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory.
++- Set files with the lwregd_var_lib_t type, if you want to store the lwregd files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/likewise-open/db/registry\.db, /var/lib/likewise-open/regsd\.err
+
+.EX
+.PP
-+.B plymouthd_var_lib_t
++.B lwregd_var_run_t
+.EE
+
-+- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory.
++- Set files with the lwregd_var_run_t type, if you want to store the lwregd files under the /run directory.
+
+
+.EX
+.PP
-+.B plymouthd_var_log_t
++.B lwregd_var_socket_t
+.EE
+
-+- Set files with the plymouthd_var_log_t type, if you want to treat the data as plymouthd var log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B plymouthd_var_run_t
-+.EE
-+
-+- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory.
++- Set files with the lwregd_var_socket_t type, if you want to treat the files as lwregd var socket data.
+
+
+.PP
@@ -37140,18 +43558,36 @@ index 0000000..2862f31
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux plymouthd policy is very flexible allowing users to setup their plymouthd processes in as secure a method as possible.
++SELinux lwregd policy is very flexible allowing users to setup their lwregd processes in as secure a method as possible.
+.PP
-+The following process types are defined for plymouthd:
++The following process types are defined for lwregd:
+
+.EX
-+.B plymouth_t, plymouthd_t
++.B lwregd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lwregd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lwregd_var_lib_t
++
++ /var/lib/likewise-open/regsd\.err
++.br
++ /var/lib/likewise-open/db/registry\.db
++.br
++
++.br
++.B lwregd_var_run_t
++
++ /var/run/lwregd.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37167,22 +43603,22 @@ index 0000000..2862f31
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/podsleuth_selinux.8 b/man/man8/podsleuth_selinux.8
++selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/lwsmd_selinux.8 b/man/man8/lwsmd_selinux.8
new file mode 100644
-index 0000000..b0c4cf1
+index 0000000..070a9a1
--- /dev/null
-+++ b/man/man8/podsleuth_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "podsleuth_selinux" "8" "podsleuth" "dwalsh at redhat.com" "podsleuth SELinux Policy documentation"
++++ b/man/man8/lwsmd_selinux.8
+@@ -0,0 +1,109 @@
++.TH "lwsmd_selinux" "8" "lwsmd" "dwalsh at redhat.com" "lwsmd SELinux Policy documentation"
+.SH "NAME"
-+podsleuth_selinux \- Security Enhanced Linux Policy for the podsleuth processes
++lwsmd_selinux \- Security Enhanced Linux Policy for the lwsmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the podsleuth processes via flexible mandatory access
++Security-Enhanced Linux secures the lwsmd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -37193,45 +43629,41 @@ index 0000000..b0c4cf1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux podsleuth policy is very flexible allowing users to setup their podsleuth processes in as secure a method as possible.
++SELinux lwsmd policy is very flexible allowing users to setup their lwsmd processes in as secure a method as possible.
+.PP
-+The following file types are defined for podsleuth:
++The following file types are defined for lwsmd:
+
+
+.EX
+.PP
-+.B podsleuth_cache_t
++.B lwsmd_exec_t
+.EE
+
-+- Set files with the podsleuth_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the lwsmd_exec_t type, if you want to transition an executable to the lwsmd_t domain.
+
+
+.EX
+.PP
-+.B podsleuth_exec_t
++.B lwsmd_var_lib_t
+.EE
+
-+- Set files with the podsleuth_exec_t type, if you want to transition an executable to the podsleuth_t domain.
++- Set files with the lwsmd_var_lib_t type, if you want to store the lwsmd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/podsleuth, /usr/libexec/hal-podsleuth
+
+.EX
+.PP
-+.B podsleuth_tmp_t
++.B lwsmd_var_run_t
+.EE
+
-+- Set files with the podsleuth_tmp_t type, if you want to store podsleuth temporary files in the /tmp directories.
++- Set files with the lwsmd_var_run_t type, if you want to store the lwsmd files under the /run directory.
+
+
+.EX
+.PP
-+.B podsleuth_tmpfs_t
++.B lwsmd_var_socket_t
+.EE
+
-+- Set files with the podsleuth_tmpfs_t type, if you want to store podsleuth files on a tmpfs file system.
++- Set files with the lwsmd_var_socket_t type, if you want to treat the files as lwsmd var socket data.
+
+
+.PP
@@ -37247,18 +43679,30 @@ index 0000000..b0c4cf1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux podsleuth policy is very flexible allowing users to setup their podsleuth processes in as secure a method as possible.
++SELinux lwsmd policy is very flexible allowing users to setup their lwsmd processes in as secure a method as possible.
+.PP
-+The following process types are defined for podsleuth:
++The following process types are defined for lwsmd:
+
+.EX
-+.B podsleuth_t
++.B lwsmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type lwsmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B lwsmd_var_lib_t
++
++
++.br
++.B lwsmd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37274,133 +43718,55 @@ index 0000000..b0c4cf1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/policykit_selinux.8 b/man/man8/policykit_selinux.8
++selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mail_munin_plugin_selinux.8 b/man/man8/mail_munin_plugin_selinux.8
new file mode 100644
-index 0000000..3845e60
+index 0000000..c713a37
--- /dev/null
-+++ b/man/man8/policykit_selinux.8
-@@ -0,0 +1,163 @@
-+.TH "policykit_selinux" "8" "policykit" "dwalsh at redhat.com" "policykit SELinux Policy documentation"
++++ b/man/man8/mail_munin_plugin_selinux.8
+@@ -0,0 +1,105 @@
++.TH "mail_munin_plugin_selinux" "8" "mail_munin_plugin" "dwalsh at redhat.com" "mail_munin_plugin SELinux Policy documentation"
+.SH "NAME"
-+policykit_selinux \- Security Enhanced Linux Policy for the policykit processes
++mail_munin_plugin_selinux \- Security Enhanced Linux Policy for the mail_munin_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the policykit processes via flexible mandatory access
++Security-Enhanced Linux secures the mail_munin_plugin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux policykit policy is very flexible allowing users to setup their policykit processes in as secure a method as possible.
++SELinux mail_munin_plugin policy is very flexible allowing users to setup their mail_munin_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for policykit:
-+
-+
-+.EX
-+.PP
-+.B policykit_auth_exec_t
-+.EE
-+
-+- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
-+
-+.EX
-+.PP
-+.B policykit_exec_t
-+.EE
-+
-+- Set files with the policykit_exec_t type, if you want to transition an executable to the policykit_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/polkit-1/polkitd, /usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/policykit/polkitd
-+
-+.EX
-+.PP
-+.B policykit_grant_exec_t
-+.EE
-+
-+- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.*
-+
-+.EX
-+.PP
-+.B policykit_reload_t
-+.EE
-+
-+- Set files with the policykit_reload_t type, if you want to treat the files as policykit reload data.
-+
-+
-+.EX
-+.PP
-+.B policykit_resolve_exec_t
-+.EE
-+
-+- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
-+
-+.EX
-+.PP
-+.B policykit_tmp_t
-+.EE
-+
-+- Set files with the policykit_tmp_t type, if you want to store policykit temporary files in the /tmp directories.
++The following file types are defined for mail_munin_plugin:
+
+
+.EX
+.PP
-+.B policykit_var_lib_t
++.B mail_munin_plugin_exec_t
+.EE
+
-+- Set files with the policykit_var_lib_t type, if you want to store the policykit files under the /var/lib directory.
++- Set files with the mail_munin_plugin_exec_t type, if you want to transition an executable to the mail_munin_plugin_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/PolicyKit-public(/.*)?, /var/lib/PolicyKit(/.*)?, /var/lib/polkit-1(/.*)?
++/usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailscanner, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/sendmail_.*
+
+.EX
+.PP
-+.B policykit_var_run_t
++.B mail_munin_plugin_tmp_t
+.EE
+
-+- Set files with the policykit_var_run_t type, if you want to store the policykit files under the /run directory.
++- Set files with the mail_munin_plugin_tmp_t type, if you want to store mail munin plugin temporary files in the /tmp directories.
+
+
+.PP
@@ -37416,18 +43782,38 @@ index 0000000..3845e60
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux policykit policy is very flexible allowing users to setup their policykit processes in as secure a method as possible.
++SELinux mail_munin_plugin policy is very flexible allowing users to setup their mail_munin_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for policykit:
++The following process types are defined for mail_munin_plugin:
+
+.EX
-+.B policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t
++.B mail_munin_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mail_munin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mail_munin_plugin_tmp_t
++
++
++.br
++.B munin_plugin_state_t
++
++ /var/lib/munin/plugin-state(/.*)?
++.br
++
++.br
++.B munin_var_lib_t
++
++ /var/lib/munin(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37443,84 +43829,38 @@ index 0000000..3845e60
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/polipo_selinux.8 b/man/man8/polipo_selinux.8
++selinux(8), mail_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mailman_cgi_selinux.8 b/man/man8/mailman_cgi_selinux.8
new file mode 100644
-index 0000000..b456ae1
+index 0000000..0ad7230
--- /dev/null
-+++ b/man/man8/polipo_selinux.8
-@@ -0,0 +1,201 @@
-+.TH "polipo_selinux" "8" "polipo" "dwalsh at redhat.com" "polipo SELinux Policy documentation"
++++ b/man/man8/mailman_cgi_selinux.8
+@@ -0,0 +1,131 @@
++.TH "mailman_cgi_selinux" "8" "mailman_cgi" "dwalsh at redhat.com" "mailman_cgi SELinux Policy documentation"
+.SH "NAME"
-+polipo_selinux \- Security Enhanced Linux Policy for the polipo processes
++mailman_cgi_selinux \- Security Enhanced Linux Policy for the mailman_cgi processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the polipo processes via flexible mandatory access
++Security-Enhanced Linux secures the mailman_cgi processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. polipo policy is extremely flexible and has several booleans that allow you to manipulate the policy and run polipo with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow polipo to connect to all ports > 1023, you must turn on the polipo_connect_all_unreserved boolean.
-+
-+.EX
-+.B setsebool -P polipo_connect_all_unreserved 1
-+.EE
-+
-+.PP
-+If you want to determine whether polipo can access cifs file systems, you must turn on the polipo_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P polipo_use_cifs 1
-+.EE
-+
-+.PP
-+If you want to determine whether Polipo session daemon can send syslog messages, you must turn on the polipo_session_send_syslog_msg boolean.
-+
-+.EX
-+.B setsebool -P polipo_session_send_syslog_msg 1
-+.EE
-+
-+.PP
-+If you want to determine whether Polipo session daemon can bind tcp sockets to all unreserved ports, you must turn on the polipo_session_bind_all_unreserved_ports boolean.
-+
-+.EX
-+.B setsebool -P polipo_session_bind_all_unreserved_ports 1
-+.EE
-+
-+.PP
-+If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
-+
-+.EX
-+.B setsebool -P polipo_session_users 1
-+.EE
-+
-+.PP
-+If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P polipo_use_nfs 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the polipo_t, polipo_session_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mailman_cgi_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the polipo_t, polipo_session_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mailman_cgi_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -37529,81 +43869,25 @@ index 0000000..b456ae1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux polipo policy is very flexible allowing users to setup their polipo processes in as secure a method as possible.
++SELinux mailman_cgi policy is very flexible allowing users to setup their mailman_cgi processes in as secure a method as possible.
+.PP
-+The following file types are defined for polipo:
-+
-+
-+.EX
-+.PP
-+.B polipo_cache_home_t
-+.EE
-+
-+- Set files with the polipo_cache_home_t type, if you want to store polipo cache files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B polipo_cache_t
-+.EE
-+
-+- Set files with the polipo_cache_t type, if you want to store the files under the /var/cache directory.
-+
-+
-+.EX
-+.PP
-+.B polipo_config_home_t
-+.EE
-+
-+- Set files with the polipo_config_home_t type, if you want to store polipo config files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B polipo_etc_t
-+.EE
-+
-+- Set files with the polipo_etc_t type, if you want to store polipo files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B polipo_exec_t
-+.EE
-+
-+- Set files with the polipo_exec_t type, if you want to transition an executable to the polipo_t domain.
-+
-+
-+.EX
-+.PP
-+.B polipo_initrc_exec_t
-+.EE
-+
-+- Set files with the polipo_initrc_exec_t type, if you want to transition an executable to the polipo_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B polipo_log_t
-+.EE
-+
-+- Set files with the polipo_log_t type, if you want to treat the data as polipo log data, usually stored under the /var/log directory.
++The following file types are defined for mailman_cgi:
+
+
+.EX
+.PP
-+.B polipo_pid_t
++.B mailman_cgi_exec_t
+.EE
+
-+- Set files with the polipo_pid_t type, if you want to store the polipo files under the /run directory.
++- Set files with the mailman_cgi_exec_t type, if you want to transition an executable to the mailman_cgi_t domain.
+
+
+.EX
+.PP
-+.B polipo_unit_file_t
++.B mailman_cgi_tmp_t
+.EE
+
-+- Set files with the polipo_unit_file_t type, if you want to treat the files as polipo unit content.
++- Set files with the mailman_cgi_tmp_t type, if you want to store mailman cgi temporary files in the /tmp directories.
+
+
+.PP
@@ -37619,18 +43903,54 @@ index 0000000..b456ae1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux polipo policy is very flexible allowing users to setup their polipo processes in as secure a method as possible.
++SELinux mailman_cgi policy is very flexible allowing users to setup their mailman_cgi processes in as secure a method as possible.
+.PP
-+The following process types are defined for polipo:
++The following process types are defined for mailman_cgi:
+
+.EX
-+.B polipo_t, polipo_session_t
++.B mailman_cgi_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mailman_cgi_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mailman_archive_t
++
++ /var/lib/mailman.*/archives(/.*)?
++.br
++
++.br
++.B mailman_cgi_tmp_t
++
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B mailman_lock_t
++
++ /var/lock/mailman.*
++.br
++
++.br
++.B mailman_log_t
++
++ /var/log/mailman.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37641,59 +43961,43 @@ index 0000000..b456ae1
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), polipo(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/portmap_selinux.8 b/man/man8/portmap_selinux.8
++selinux(8), mailman_cgi(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mailman_mail_selinux.8 b/man/man8/mailman_mail_selinux.8
new file mode 100644
-index 0000000..e031461
+index 0000000..6479b3b
--- /dev/null
-+++ b/man/man8/portmap_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "portmap_selinux" "8" "portmap" "dwalsh at redhat.com" "portmap SELinux Policy documentation"
++++ b/man/man8/mailman_mail_selinux.8
+@@ -0,0 +1,145 @@
++.TH "mailman_mail_selinux" "8" "mailman_mail" "dwalsh at redhat.com" "mailman_mail SELinux Policy documentation"
+.SH "NAME"
-+portmap_selinux \- Security Enhanced Linux Policy for the portmap processes
++mailman_mail_selinux \- Security Enhanced Linux Policy for the mailman_mail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the portmap processes via flexible mandatory access
++Security-Enhanced Linux secures the mailman_mail processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. portmap policy is extremely flexible and has several booleans that allow you to manipulate the policy and run portmap with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow samba to act as a portmapper, you must turn on the samba_portmapper boolean.
-+
-+.EX
-+.B setsebool -P samba_portmapper 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the portmap_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mailman_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the portmap_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mailman_mail_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -37702,49 +44006,29 @@ index 0000000..e031461
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
++SELinux mailman_mail policy is very flexible allowing users to setup their mailman_mail processes in as secure a method as possible.
+.PP
-+The following file types are defined for portmap:
++The following file types are defined for mailman_mail:
+
+
+.EX
+.PP
-+.B portmap_exec_t
-+.EE
-+
-+- Set files with the portmap_exec_t type, if you want to transition an executable to the portmap_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/portmap, /usr/sbin/portmap
-+
-+.EX
-+.PP
-+.B portmap_helper_exec_t
++.B mailman_mail_exec_t
+.EE
+
-+- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain.
++- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/pmap_set, /usr/sbin/pmap_dump
-+
-+.EX
-+.PP
-+.B portmap_tmp_t
-+.EE
-+
-+- Set files with the portmap_tmp_t type, if you want to store portmap temporary files in the /tmp directories.
-+
++/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman
+
+.EX
+.PP
-+.B portmap_var_run_t
++.B mailman_mail_tmp_t
+.EE
+
-+- Set files with the portmap_var_run_t type, if you want to store the portmap files under the /run directory.
++- Set files with the mailman_mail_tmp_t type, if you want to store mailman mail temporary files in the /tmp directories.
+
+
+.PP
@@ -37754,49 +44038,70 @@ index 0000000..e031461
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
-+.PP
-+The following port types are defined for portmap:
-+
-+.EX
-+.TP 5
-+.B portmap_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 111
-+.EE
-+udp 111
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
++SELinux mailman_mail policy is very flexible allowing users to setup their mailman_mail processes in as secure a method as possible.
+.PP
-+The following process types are defined for portmap:
++The following process types are defined for mailman_mail:
+
+.EX
-+.B portmap_helper_t, portmap_t
++.B mailman_mail_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mailman_mail_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B mailman_archive_t
++
++ /var/lib/mailman.*/archives(/.*)?
++.br
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B mailman_lock_t
++
++ /var/lock/mailman.*
++.br
++
++.br
++.B mailman_log_t
++
++ /var/log/mailman.*
++.br
++
++.br
++.B mailman_mail_tmp_t
++
++
++.br
++.B mailman_var_run_t
++
++ /var/run/mailman.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37807,84 +44112,74 @@ index 0000000..e031461
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/portreserve_selinux.8 b/man/man8/portreserve_selinux.8
++selinux(8), mailman_mail(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mailman_queue_selinux.8 b/man/man8/mailman_queue_selinux.8
new file mode 100644
-index 0000000..3345ff0
+index 0000000..136c141
--- /dev/null
-+++ b/man/man8/portreserve_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "portreserve_selinux" "8" "portreserve" "dwalsh at redhat.com" "portreserve SELinux Policy documentation"
++++ b/man/man8/mailman_queue_selinux.8
+@@ -0,0 +1,161 @@
++.TH "mailman_queue_selinux" "8" "mailman_queue" "dwalsh at redhat.com" "mailman_queue SELinux Policy documentation"
+.SH "NAME"
-+portreserve_selinux \- Security Enhanced Linux Policy for the portreserve processes
++mailman_queue_selinux \- Security Enhanced Linux Policy for the mailman_queue processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the portreserve processes via flexible mandatory access
++Security-Enhanced Linux secures the mailman_queue processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mailman_queue_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the mailman_queue_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux portreserve policy is very flexible allowing users to setup their portreserve processes in as secure a method as possible.
++SELinux mailman_queue policy is very flexible allowing users to setup their mailman_queue processes in as secure a method as possible.
+.PP
-+The following file types are defined for portreserve:
-+
-+
-+.EX
-+.PP
-+.B portreserve_etc_t
-+.EE
-+
-+- Set files with the portreserve_etc_t type, if you want to store portreserve files in the /etc directories.
++The following file types are defined for mailman_queue:
+
+
+.EX
+.PP
-+.B portreserve_exec_t
++.B mailman_queue_exec_t
+.EE
+
-+- Set files with the portreserve_exec_t type, if you want to transition an executable to the portreserve_t domain.
++- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/portreserve, /sbin/portreserve
-+
-+.EX
-+.PP
-+.B portreserve_initrc_exec_t
-+.EE
-+
-+- Set files with the portreserve_initrc_exec_t type, if you want to transition an executable to the portreserve_initrc_t domain.
-+
++/usr/lib/mailman.*/cron/.*, /usr/lib/mailman.*/bin/qrunner
+
+.EX
+.PP
-+.B portreserve_var_run_t
++.B mailman_queue_tmp_t
+.EE
+
-+- Set files with the portreserve_var_run_t type, if you want to store the portreserve files under the /run directory.
++- Set files with the mailman_queue_tmp_t type, if you want to store mailman queue temporary files in the /tmp directories.
+
+
+.PP
@@ -37900,18 +44195,80 @@ index 0000000..3345ff0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux portreserve policy is very flexible allowing users to setup their portreserve processes in as secure a method as possible.
++SELinux mailman_queue policy is very flexible allowing users to setup their mailman_queue processes in as secure a method as possible.
+.PP
-+The following process types are defined for portreserve:
++The following process types are defined for mailman_queue:
+
+.EX
-+.B portreserve_t
++.B mailman_queue_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mailman_queue_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B mailman_archive_t
++
++ /var/lib/mailman.*/archives(/.*)?
++.br
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B mailman_lock_t
++
++ /var/lock/mailman.*
++.br
++
++.br
++.B mailman_log_t
++
++ /var/log/mailman.*
++.br
++
++.br
++.B mailman_queue_tmp_t
++
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -37927,372 +44284,540 @@ index 0000000..3345ff0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/postfix_selinux.8 b/man/man8/postfix_selinux.8
++selinux(8), mailman_queue(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/matahari_hostd_selinux.8 b/man/man8/matahari_hostd_selinux.8
new file mode 100644
-index 0000000..562d40c
+index 0000000..5ef862c
--- /dev/null
-+++ b/man/man8/postfix_selinux.8
-@@ -0,0 +1,432 @@
-+.TH "postfix_selinux" "8" "postfix" "dwalsh at redhat.com" "postfix SELinux Policy documentation"
++++ b/man/man8/matahari_hostd_selinux.8
+@@ -0,0 +1,95 @@
++.TH "matahari_hostd_selinux" "8" "matahari_hostd" "dwalsh at redhat.com" "matahari_hostd SELinux Policy documentation"
+.SH "NAME"
-+postfix_selinux \- Security Enhanced Linux Policy for the postfix processes
++matahari_hostd_selinux \- Security Enhanced Linux Policy for the matahari_hostd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postfix processes via flexible mandatory access
++Security-Enhanced Linux secures the matahari_hostd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. postfix policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postfix with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow postfix_local domain full write access to mail_spool directories, you must turn on the postfix_local_write_mail_spool boolean.
-+
-+.EX
-+.B setsebool -P postfix_local_write_mail_spool 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_smtp_t, postfix_map_t, postfix_showq_t, postfix_virtual_t, postfix_smtpd_t, postfix_local_t, postfix_cleanup_t, postfix_master_t, postfix_postdrop_t, postfix_pickup_t, postfix_bounce_t, postfix_qmgr_t, postfix_pipe_t, postfix_postqueue_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the postfix_smtp_t, postfix_map_t, postfix_showq_t, postfix_virtual_t, postfix_smtpd_t, postfix_local_t, postfix_cleanup_t, postfix_master_t, postfix_postdrop_t, postfix_pickup_t, postfix_bounce_t, postfix_qmgr_t, postfix_pipe_t, postfix_postqueue_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux postfix policy is very flexible allowing users to setup their postfix processes in as secure a method as possible.
++SELinux matahari_hostd policy is very flexible allowing users to setup their matahari_hostd processes in as secure a method as possible.
+.PP
-+The following file types are defined for postfix:
++The following file types are defined for matahari_hostd:
+
+
+.EX
+.PP
-+.B postfix_bounce_exec_t
++.B matahari_hostd_exec_t
+.EE
+
-+- Set files with the postfix_bounce_exec_t type, if you want to transition an executable to the postfix_bounce_t domain.
++- Set files with the matahari_hostd_exec_t type, if you want to transition an executable to the matahari_hostd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/matahari-qmf-hostd, /usr/sbin/matahari-hostd, /usr/sbin/matahari-dbus-hostd
+
+.EX
+.PP
-+.B postfix_bounce_tmp_t
++.B matahari_hostd_unit_file_t
+.EE
+
-+- Set files with the postfix_bounce_tmp_t type, if you want to store postfix bounce temporary files in the /tmp directories.
++- Set files with the matahari_hostd_unit_file_t type, if you want to treat the files as matahari hostd unit content.
+
+
-+.EX
+.PP
-+.B postfix_cleanup_exec_t
-+.EE
-+
-+- Set files with the postfix_cleanup_exec_t type, if you want to transition an executable to the postfix_cleanup_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux matahari_hostd policy is very flexible allowing users to setup their matahari_hostd processes in as secure a method as possible.
++.PP
++The following process types are defined for matahari_hostd:
+
+.EX
-+.PP
-+.B postfix_cleanup_tmp_t
++.B matahari_hostd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postfix_cleanup_tmp_t type, if you want to store postfix cleanup temporary files in the /tmp directories.
++.SH "MANAGED FILES"
+
++The SELinux user type matahari_hostd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B postfix_data_t
-+.EE
++.br
++.B mtrr_device_t
+
-+- Set files with the postfix_data_t type, if you want to treat the files as postfix content.
++ /dev/cpu/mtrr
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B postfix_etc_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), matahari_hostd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/matahari_netd_selinux.8 b/man/man8/matahari_netd_selinux.8
+new file mode 100644
+index 0000000..de6755d
+--- /dev/null
++++ b/man/man8/matahari_netd_selinux.8
+@@ -0,0 +1,89 @@
++.TH "matahari_netd_selinux" "8" "matahari_netd" "dwalsh at redhat.com" "matahari_netd SELinux Policy documentation"
++.SH "NAME"
++matahari_netd_selinux \- Security Enhanced Linux Policy for the matahari_netd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the matahari_netd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
-+- Set files with the postfix_etc_t type, if you want to store postfix files in the /etc directories.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux matahari_netd policy is very flexible allowing users to setup their matahari_netd processes in as secure a method as possible.
++.PP
++The following file types are defined for matahari_netd:
+
+
+.EX
+.PP
-+.B postfix_exec_t
++.B matahari_netd_exec_t
+.EE
+
-+- Set files with the postfix_exec_t type, if you want to transition an executable to the postfix_t domain.
++- Set files with the matahari_netd_exec_t type, if you want to transition an executable to the matahari_netd_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/postfix/postfix-script.*, /usr/libexec/postfix/.*
++/usr/sbin/matahari-qmf-networkd, /usr/sbin/matahari-netd, /usr/sbin/matahari-dbus-networkd
+
+.EX
+.PP
-+.B postfix_initrc_exec_t
++.B matahari_netd_unit_file_t
+.EE
+
-+- Set files with the postfix_initrc_exec_t type, if you want to transition an executable to the postfix_initrc_t domain.
++- Set files with the matahari_netd_unit_file_t type, if you want to treat the files as matahari netd unit content.
+
+
-+.EX
+.PP
-+.B postfix_keytab_t
-+.EE
-+
-+- Set files with the postfix_keytab_t type, if you want to treat the files as kerberos keytab files.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux matahari_netd policy is very flexible allowing users to setup their matahari_netd processes in as secure a method as possible.
++.PP
++The following process types are defined for matahari_netd:
+
+.EX
-+.PP
-+.B postfix_local_exec_t
++.B matahari_netd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postfix_local_exec_t type, if you want to transition an executable to the postfix_local_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type matahari_netd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postfix_local_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the postfix_local_tmp_t type, if you want to store postfix local temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B postfix_map_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), matahari_netd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/matahari_rpcd_selinux.8 b/man/man8/matahari_rpcd_selinux.8
+new file mode 100644
+index 0000000..a98fb2f
+--- /dev/null
++++ b/man/man8/matahari_rpcd_selinux.8
+@@ -0,0 +1,85 @@
++.TH "matahari_rpcd_selinux" "8" "matahari_rpcd" "dwalsh at redhat.com" "matahari_rpcd SELinux Policy documentation"
++.SH "NAME"
++matahari_rpcd_selinux \- Security Enhanced Linux Policy for the matahari_rpcd processes
++.SH "DESCRIPTION"
+
-+- Set files with the postfix_map_exec_t type, if you want to transition an executable to the postfix_map_t domain.
++Security-Enhanced Linux secures the matahari_rpcd processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B postfix_map_tmp_t
-+.EE
-+
-+- Set files with the postfix_map_tmp_t type, if you want to store postfix map temporary files in the /tmp directories.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux matahari_rpcd policy is very flexible allowing users to setup their matahari_rpcd processes in as secure a method as possible.
++.PP
++The following file types are defined for matahari_rpcd:
+
+
+.EX
+.PP
-+.B postfix_master_exec_t
++.B matahari_rpcd_exec_t
+.EE
+
-+- Set files with the postfix_master_exec_t type, if you want to transition an executable to the postfix_master_t domain.
++- Set files with the matahari_rpcd_exec_t type, if you want to transition an executable to the matahari_rpcd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/postcat, /usr/sbin/postfix, /usr/libexec/postfix/master, /usr/sbin/postkick, /usr/sbin/postsuper, /usr/sbin/postalias, /usr/sbin/postlock, /usr/sbin/postlog
+
+.EX
+.PP
-+.B postfix_pickup_exec_t
++.B matahari_rpcd_unit_file_t
+.EE
+
-+- Set files with the postfix_pickup_exec_t type, if you want to transition an executable to the postfix_pickup_t domain.
++- Set files with the matahari_rpcd_unit_file_t type, if you want to treat the files as matahari rpcd unit content.
+
+
-+.EX
+.PP
-+.B postfix_pickup_tmp_t
-+.EE
-+
-+- Set files with the postfix_pickup_tmp_t type, if you want to store postfix pickup temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux matahari_rpcd policy is very flexible allowing users to setup their matahari_rpcd processes in as secure a method as possible.
++.PP
++The following process types are defined for matahari_rpcd:
+
+.EX
-+.PP
-+.B postfix_pipe_exec_t
++.B matahari_rpcd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postfix_pipe_exec_t type, if you want to transition an executable to the postfix_pipe_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type matahari_rpcd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postfix_pipe_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the postfix_pipe_tmp_t type, if you want to store postfix pipe temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B postfix_postdrop_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), matahari_rpcd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/matahari_serviced_selinux.8 b/man/man8/matahari_serviced_selinux.8
+new file mode 100644
+index 0000000..4173cc6
+--- /dev/null
++++ b/man/man8/matahari_serviced_selinux.8
+@@ -0,0 +1,89 @@
++.TH "matahari_serviced_selinux" "8" "matahari_serviced" "dwalsh at redhat.com" "matahari_serviced SELinux Policy documentation"
++.SH "NAME"
++matahari_serviced_selinux \- Security Enhanced Linux Policy for the matahari_serviced processes
++.SH "DESCRIPTION"
+
-+- Set files with the postfix_postdrop_exec_t type, if you want to transition an executable to the postfix_postdrop_t domain.
++Security-Enhanced Linux secures the matahari_serviced processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B postfix_postqueue_exec_t
-+.EE
-+
-+- Set files with the postfix_postqueue_exec_t type, if you want to transition an executable to the postfix_postqueue_t domain.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux matahari_serviced policy is very flexible allowing users to setup their matahari_serviced processes in as secure a method as possible.
++.PP
++The following file types are defined for matahari_serviced:
+
+
+.EX
+.PP
-+.B postfix_private_t
++.B matahari_serviced_exec_t
+.EE
+
-+- Set files with the postfix_private_t type, if you want to treat the files as postfix private data.
++- Set files with the matahari_serviced_exec_t type, if you want to transition an executable to the matahari_serviced_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/matahari-serviced, /usr/sbin/matahari-dbus-serviced, /usr/sbin/matahari-qmf-serviced
+
+.EX
+.PP
-+.B postfix_prng_t
++.B matahari_serviced_unit_file_t
+.EE
+
-+- Set files with the postfix_prng_t type, if you want to treat the files as postfix prng data.
++- Set files with the matahari_serviced_unit_file_t type, if you want to treat the files as matahari serviced unit content.
+
+
-+.EX
+.PP
-+.B postfix_public_t
-+.EE
-+
-+- Set files with the postfix_public_t type, if you want to treat the files as postfix public data.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux matahari_serviced policy is very flexible allowing users to setup their matahari_serviced processes in as secure a method as possible.
++.PP
++The following process types are defined for matahari_serviced:
+
+.EX
-+.PP
-+.B postfix_qmgr_exec_t
++.B matahari_serviced_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postfix_qmgr_exec_t type, if you want to transition an executable to the postfix_qmgr_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type matahari_serviced_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postfix_qmgr_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the postfix_qmgr_tmp_t type, if you want to store postfix qmgr temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B postfix_showq_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), matahari_serviced(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/matahari_sysconfigd_selinux.8 b/man/man8/matahari_sysconfigd_selinux.8
+new file mode 100644
+index 0000000..79966b1
+--- /dev/null
++++ b/man/man8/matahari_sysconfigd_selinux.8
+@@ -0,0 +1,93 @@
++.TH "matahari_sysconfigd_selinux" "8" "matahari_sysconfigd" "dwalsh at redhat.com" "matahari_sysconfigd SELinux Policy documentation"
++.SH "NAME"
++matahari_sysconfigd_selinux \- Security Enhanced Linux Policy for the matahari_sysconfigd processes
++.SH "DESCRIPTION"
+
-+- Set files with the postfix_showq_exec_t type, if you want to transition an executable to the postfix_showq_t domain.
++Security-Enhanced Linux secures the matahari_sysconfigd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux matahari_sysconfigd policy is very flexible allowing users to setup their matahari_sysconfigd processes in as secure a method as possible.
++.PP
++The following file types are defined for matahari_sysconfigd:
+
+
+.EX
+.PP
-+.B postfix_smtp_exec_t
++.B matahari_sysconfigd_exec_t
+.EE
+
-+- Set files with the postfix_smtp_exec_t type, if you want to transition an executable to the postfix_smtp_t domain.
++- Set files with the matahari_sysconfigd_exec_t type, if you want to transition an executable to the matahari_sysconfigd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/libexec/postfix/lmtp, /usr/libexec/postfix/smtp, /usr/libexec/postfix/scache
++/usr/sbin/matahari-qmf-sysconfig-consoled, /usr/sbin/matahari-dbus-sysconfigd, /usr/sbin/matahari-qmf-sysconfigd
+
+.EX
+.PP
-+.B postfix_smtp_tmp_t
++.B matahari_sysconfigd_unit_file_t
+.EE
+
-+- Set files with the postfix_smtp_tmp_t type, if you want to store postfix smtp temporary files in the /tmp directories.
++- Set files with the matahari_sysconfigd_unit_file_t type, if you want to treat the files as matahari sysconfigd unit content.
+
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/matahari-sysconfig-console.*, /usr/lib/systemd/system/matahari-sysconfig.*
+
-+.EX
+.PP
-+.B postfix_smtpd_exec_t
-+.EE
-+
-+- Set files with the postfix_smtpd_exec_t type, if you want to transition an executable to the postfix_smtpd_t domain.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B postfix_smtpd_tmp_t
-+.EE
-+
-+- Set files with the postfix_smtpd_tmp_t type, if you want to store postfix smtpd temporary files in the /tmp directories.
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux matahari_sysconfigd policy is very flexible allowing users to setup their matahari_sysconfigd processes in as secure a method as possible.
++.PP
++The following process types are defined for matahari_sysconfigd:
+
+.EX
-+.PP
-+.B postfix_spool_bounce_t
++.B matahari_sysconfigd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postfix_spool_bounce_t type, if you want to treat the files as postfix spool bounce data.
++.SH "MANAGED FILES"
+
++The SELinux user type matahari_sysconfigd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postfix_spool_flush_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the postfix_spool_flush_t type, if you want to treat the files as postfix spool flush data.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B postfix_spool_maildrop_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), matahari_sysconfigd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mcelog_selinux.8 b/man/man8/mcelog_selinux.8
+new file mode 100644
+index 0000000..1c3f6d3
+--- /dev/null
++++ b/man/man8/mcelog_selinux.8
+@@ -0,0 +1,111 @@
++.TH "mcelog_selinux" "8" "mcelog" "dwalsh at redhat.com" "mcelog SELinux Policy documentation"
++.SH "NAME"
++mcelog_selinux \- Security Enhanced Linux Policy for the mcelog processes
++.SH "DESCRIPTION"
+
-+- Set files with the postfix_spool_maildrop_t type, if you want to treat the files as postfix spool maildrop data.
++Security-Enhanced Linux secures the mcelog processes via flexible mandatory access
++control.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/postfix/defer(/.*)?, /var/spool/postfix/deferred(/.*)?, /var/spool/postfix/maildrop(/.*)?
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B postfix_spool_t
-+.EE
-+
-+- Set files with the postfix_spool_t type, if you want to store the postfix files under the /var/spool directory.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mcelog policy is very flexible allowing users to setup their mcelog processes in as secure a method as possible.
++.PP
++The following file types are defined for mcelog:
+
+
+.EX
+.PP
-+.B postfix_var_run_t
++.B mcelog_exec_t
+.EE
+
-+- Set files with the postfix_var_run_t type, if you want to store the postfix files under the /run directory.
++- Set files with the mcelog_exec_t type, if you want to transition an executable to the mcelog_t domain.
+
+
+.EX
+.PP
-+.B postfix_virtual_exec_t
++.B mcelog_log_t
+.EE
+
-+- Set files with the postfix_virtual_exec_t type, if you want to transition an executable to the postfix_virtual_t domain.
++- Set files with the mcelog_log_t type, if you want to treat the data as mcelog log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B postfix_virtual_tmp_t
++.B mcelog_var_run_t
+.EE
+
-+- Set files with the postfix_virtual_tmp_t type, if you want to store postfix virtual temporary files in the /tmp directories.
++- Set files with the mcelog_var_run_t type, if you want to store the mcelog files under the /run directory.
+
+
+.PP
@@ -38302,47 +44827,46 @@ index 0000000..562d40c
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux postfix policy is very flexible allowing users to setup their postfix processes in as secure a method as possible.
-+.PP
-+The following port types are defined for postfix:
-+
-+.EX
-+.TP 5
-+.B postfix_policyd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 10031
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux postfix policy is very flexible allowing users to setup their postfix processes in as secure a method as possible.
++SELinux mcelog policy is very flexible allowing users to setup their mcelog processes in as secure a method as possible.
+.PP
-+The following process types are defined for postfix:
++The following process types are defined for mcelog:
+
+.EX
-+.B postfix_bounce_t, postfix_cleanup_t, postfix_showq_t, postfix_virtual_t, postfix_postdrop_t, postfix_postqueue_t, postfix_pipe_t, postfix_master_t, postfix_pickup_t, postfix_local_t, postfix_smtpd_t, postfix_qmgr_t, postfix_smtp_t, postfix_map_t
++.B mcelog_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mcelog_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mcelog_log_t
++
++ /var/log/mcelog.*
++.br
++
++.br
++.B mcelog_var_run_t
++
++ /var/run/mcelog.*
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -38353,154 +44877,223 @@ index 0000000..562d40c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), postfix(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/postgresql_selinux.8 b/man/man8/postgresql_selinux.8
++selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mdadm_selinux.8 b/man/man8/mdadm_selinux.8
new file mode 100644
-index 0000000..ea8f221
+index 0000000..4bea026
--- /dev/null
-+++ b/man/man8/postgresql_selinux.8
-@@ -0,0 +1,200 @@
-+.TH "postgresql_selinux" "8" "postgresql" "dwalsh at redhat.com" "postgresql SELinux Policy documentation"
++++ b/man/man8/mdadm_selinux.8
+@@ -0,0 +1,123 @@
++.TH "mdadm_selinux" "8" "mdadm" "dwalsh at redhat.com" "mdadm SELinux Policy documentation"
+.SH "NAME"
-+postgresql_selinux \- Security Enhanced Linux Policy for the postgresql processes
++mdadm_selinux \- Security Enhanced Linux Policy for the mdadm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postgresql processes via flexible mandatory access
++Security-Enhanced Linux secures the mdadm processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. postgresql policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postgresql with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the user_postgresql_connect boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mdadm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P user_postgresql_connect 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postgresql_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow confined applications to run with kerberos for the mdadm_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the postgresql_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++SELinux mdadm policy is very flexible allowing users to setup their mdadm processes in as secure a method as possible.
+.PP
-+The following file types are defined for postgresql:
++The following file types are defined for mdadm:
+
+
+.EX
+.PP
-+.B postgresql_db_t
++.B mdadm_exec_t
+.EE
+
-+- Set files with the postgresql_db_t type, if you want to treat the files as postgresql database content.
++- Set files with the mdadm_exec_t type, if you want to transition an executable to the mdadm_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/share/jonas/pgsql(/.*)?, /var/lib/postgres(ql)?(/.*)?, /var/lib/sepgsql(/.*)?, /usr/lib/pgsql/test/regress(/.*)?, /var/lib/pgsql(/.*)?
++/usr/sbin/raid-check, /sbin/mdmpd, /usr/sbin/iprinit, /usr/sbin/mdadm, /usr/sbin/iprupdate, /sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump
+
+.EX
+.PP
-+.B postgresql_etc_t
++.B mdadm_var_run_t
+.EE
+
-+- Set files with the postgresql_etc_t type, if you want to store postgresql files in the /etc directories.
++- Set files with the mdadm_var_run_t type, if you want to store the mdadm files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/etc/sysconfig/pgsql(/.*)?, /etc/postgresql(/.*)?
++/var/run/mdadm(/.*)?, /dev/md/.*, /dev/.mdadm\.map
+
-+.EX
+.PP
-+.B postgresql_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux mdadm policy is very flexible allowing users to setup their mdadm processes in as secure a method as possible.
++.PP
++The following process types are defined for mdadm:
++
++.EX
++.B mdadm_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postgresql_exec_t type, if you want to transition an executable to the postgresql_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type mdadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/bin/(se)?postgres, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress, /usr/bin/initdb(\.sepgsql)?
++.B mdadm_var_run_t
+
-+.EX
++ /dev/.mdadm\.map
++.br
++ /dev/md/.*
++.br
++ /var/run/mdadm(/.*)?
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postgresql_initrc_exec_t
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/memcached_selinux.8 b/man/man8/memcached_selinux.8
+new file mode 100644
+index 0000000..d61e282
+--- /dev/null
++++ b/man/man8/memcached_selinux.8
+@@ -0,0 +1,162 @@
++.TH "memcached_selinux" "8" "memcached" "dwalsh at redhat.com" "memcached SELinux Policy documentation"
++.SH "NAME"
++memcached_selinux \- Security Enhanced Linux Policy for the memcached processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the memcached processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. memcached policy is extremely flexible and has several booleans that allow you to manipulate the policy and run memcached with the tightest access possible.
++
++
++.PP
++If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
++
++.EX
++.B setsebool -P httpd_can_network_memcache 1
+.EE
+
-+- Set files with the postgresql_initrc_exec_t type, if you want to transition an executable to the postgresql_initrc_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the memcached_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B postgresql_lock_t
++If you want to allow confined applications to run with kerberos for the memcached_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the postgresql_lock_t type, if you want to treat the files as postgresql lock data, stored under the /var/lock directory
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
++.PP
++The following file types are defined for memcached:
+
+
+.EX
+.PP
-+.B postgresql_log_t
++.B memcached_exec_t
+.EE
+
-+- Set files with the postgresql_log_t type, if you want to treat the data as postgresql log data, usually stored under the /var/log directory.
++- Set files with the memcached_exec_t type, if you want to transition an executable to the memcached_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/pgsql/logfile(/.*)?, /var/log/postgresql(/.*)?, /var/log/postgres\.log.*, /var/lib/sepgsql/pgstartup\.log, /var/log/rhdb/rhdb(/.*)?, /var/lib/pgsql/.*\.log, /var/log/sepostgresql\.log.*
+
+.EX
+.PP
-+.B postgresql_tmp_t
++.B memcached_initrc_exec_t
+.EE
+
-+- Set files with the postgresql_tmp_t type, if you want to store postgresql temporary files in the /tmp directories.
++- Set files with the memcached_initrc_exec_t type, if you want to transition an executable to the memcached_initrc_t domain.
+
+
+.EX
+.PP
-+.B postgresql_var_run_t
++.B memcached_var_run_t
+.EE
+
-+- Set files with the postgresql_var_run_t type, if you want to store the postgresql files under the /run directory.
++- Set files with the memcached_var_run_t type, if you want to store the memcached files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/ipa_memcached(/.*)?, /var/run/memcached(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -38518,19 +45111,21 @@ index 0000000..ea8f221
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
+.PP
-+The following port types are defined for postgresql:
++The following port types are defined for memcached:
+
+.EX
+.TP 5
-+.B postgresql_port_t
++.B memcache_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 5432
++tcp 11211
++.EE
++udp 11211
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -38538,18 +45133,30 @@ index 0000000..ea8f221
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible.
+.PP
-+The following process types are defined for postgresql:
++The following process types are defined for memcached:
+
+.EX
-+.B postgresql_t
++.B memcached_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type memcached_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B memcached_var_run_t
++
++ /var/run/memcached(/.*)?
++.br
++ /var/run/ipa_memcached(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -38571,24 +45178,24 @@ index 0000000..ea8f221
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), postgresql(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), memcached(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/postgrey_selinux.8 b/man/man8/postgrey_selinux.8
+diff --git a/man/man8/mencoder_selinux.8 b/man/man8/mencoder_selinux.8
new file mode 100644
-index 0000000..7655902
+index 0000000..eecaa32
--- /dev/null
-+++ b/man/man8/postgrey_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "postgrey_selinux" "8" "postgrey" "dwalsh at redhat.com" "postgrey SELinux Policy documentation"
++++ b/man/man8/mencoder_selinux.8
+@@ -0,0 +1,83 @@
++.TH "mencoder_selinux" "8" "mencoder" "dwalsh at redhat.com" "mencoder SELinux Policy documentation"
+.SH "NAME"
-+postgrey_selinux \- Security Enhanced Linux Policy for the postgrey processes
++mencoder_selinux \- Security Enhanced Linux Policy for the mencoder processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postgrey processes via flexible mandatory access
++Security-Enhanced Linux secures the mencoder processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -38599,62 +45206,121 @@ index 0000000..7655902
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
++SELinux mencoder policy is very flexible allowing users to setup their mencoder processes in as secure a method as possible.
+.PP
-+The following file types are defined for postgrey:
++The following file types are defined for mencoder:
+
+
+.EX
+.PP
-+.B postgrey_etc_t
++.B mencoder_exec_t
+.EE
+
-+- Set files with the postgrey_etc_t type, if you want to store postgrey files in the /etc directories.
++- Set files with the mencoder_exec_t type, if you want to transition an executable to the mencoder_t domain.
+
+
-+.EX
+.PP
-+.B postgrey_exec_t
-+.EE
-+
-+- Set files with the postgrey_exec_t type, if you want to transition an executable to the postgrey_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux mencoder policy is very flexible allowing users to setup their mencoder processes in as secure a method as possible.
++.PP
++The following process types are defined for mencoder:
+
+.EX
-+.PP
-+.B postgrey_initrc_exec_t
++.B mencoder_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the postgrey_initrc_exec_t type, if you want to transition an executable to the postgrey_initrc_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type mencoder_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.br
++.B mplayer_home_t
++
++ /home/[^/]*/\.mplayer(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B postgrey_spool_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the postgrey_spool_t type, if you want to store the postgrey files under the /var/spool directory.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mock_build_selinux.8 b/man/man8/mock_build_selinux.8
+new file mode 100644
+index 0000000..d2d104c
+--- /dev/null
++++ b/man/man8/mock_build_selinux.8
+@@ -0,0 +1,116 @@
++.TH "mock_build_selinux" "8" "mock_build" "dwalsh at redhat.com" "mock_build SELinux Policy documentation"
++.SH "NAME"
++mock_build_selinux \- Security Enhanced Linux Policy for the mock_build processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the mock_build processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mock_build_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B postgrey_var_lib_t
++If you want to allow confined applications to run with kerberos for the mock_build_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the postgrey_var_lib_t type, if you want to store the postgrey files under the /var/lib directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mock_build policy is very flexible allowing users to setup their mock_build processes in as secure a method as possible.
++.PP
++The following file types are defined for mock_build:
+
+
+.EX
+.PP
-+.B postgrey_var_run_t
++.B mock_build_exec_t
+.EE
+
-+- Set files with the postgrey_var_run_t type, if you want to store the postgrey files under the /run directory.
++- Set files with the mock_build_exec_t type, if you want to transition an executable to the mock_build_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/postgrey\.pid, /var/run/postgrey(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -38663,47 +45329,52 @@ index 0000000..7655902
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
-+.PP
-+The following port types are defined for postgrey:
-+
-+.EX
-+.TP 5
-+.B postgrey_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 60000
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
++SELinux mock_build policy is very flexible allowing users to setup their mock_build processes in as secure a method as possible.
+.PP
-+The following process types are defined for postgrey:
++The following process types are defined for mock_build:
+
+.EX
-+.B postgrey_t
++.B mock_build_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mock_build_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mock_cache_t
++
++ /var/cache/mock(/.*)?
++.br
++
++.br
++.B mock_tmp_t
++
++
++.br
++.B mock_var_lib_t
++
++ /var/lib/mock(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -38714,64 +45385,56 @@ index 0000000..7655902
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pppd_selinux.8 b/man/man8/pppd_selinux.8
++selinux(8), mock_build(8), semanage(8), restorecon(8), chcon(1)
++, mock_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mock_selinux.8 b/man/man8/mock_selinux.8
new file mode 100644
-index 0000000..6b97eb9
+index 0000000..8125ba7
--- /dev/null
-+++ b/man/man8/pppd_selinux.8
-@@ -0,0 +1,205 @@
-+.TH "pppd_selinux" "8" "pppd" "dwalsh at redhat.com" "pppd SELinux Policy documentation"
++++ b/man/man8/mock_selinux.8
+@@ -0,0 +1,170 @@
++.TH "mock_selinux" "8" "mock" "dwalsh at redhat.com" "mock SELinux Policy documentation"
+.SH "NAME"
-+pppd_selinux \- Security Enhanced Linux Policy for the pppd processes
++mock_selinux \- Security Enhanced Linux Policy for the mock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pppd processes via flexible mandatory access
++Security-Enhanced Linux secures the mock processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. pppd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pppd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
++SELinux policy is customizable based on least access required. mock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mock with the tightest access possible.
+
-+.EX
-+.B setsebool -P pppd_for_user 1
-+.EE
+
+.PP
-+If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
++If you want to allow mock to read files in home directories, you must turn on the mock_enable_homedirs boolean.
+
+.EX
-+.B setsebool -P pppd_can_insmod 1
++.B setsebool -P mock_enable_homedirs 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pppd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mock_t, mock_build_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the pppd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mock_t, mock_build_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -38780,114 +45443,58 @@ index 0000000..6b97eb9
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pppd policy is very flexible allowing users to setup their pppd processes in as secure a method as possible.
++SELinux mock policy is very flexible allowing users to setup their mock processes in as secure a method as possible.
+.PP
-+The following file types are defined for pppd:
-+
-+
-+.EX
-+.PP
-+.B pppd_etc_rw_t
-+.EE
-+
-+- Set files with the pppd_etc_rw_t type, if you want to treat the files as pppd etc read/write content.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/ppp(/.*)?, /etc/ppp/resolv\.conf, /etc/ppp/peers(/.*)?
-+
-+.EX
-+.PP
-+.B pppd_etc_t
-+.EE
-+
-+- Set files with the pppd_etc_t type, if you want to store pppd files in the /etc directories.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/ppp, /root/.ppprc
-+
-+.EX
-+.PP
-+.B pppd_exec_t
-+.EE
-+
-+- Set files with the pppd_exec_t type, if you want to transition an executable to the pppd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/pppd, /usr/sbin/ipppd, /usr/sbin/pppoe-server, /usr/sbin/ppp-watch, /sbin/pppoe-server, /sbin/ppp-watch
-+
-+.EX
-+.PP
-+.B pppd_initrc_exec_t
-+.EE
-+
-+- Set files with the pppd_initrc_exec_t type, if you want to transition an executable to the pppd_initrc_t domain.
++The following file types are defined for mock:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/ppp, /etc/ppp/(auth|ip(v6|x)?)-(up|down)
+
+.EX
+.PP
-+.B pppd_lock_t
++.B mock_build_exec_t
+.EE
+
-+- Set files with the pppd_lock_t type, if you want to treat the files as pppd lock data, stored under the /var/lock directory
++- Set files with the mock_build_exec_t type, if you want to transition an executable to the mock_build_t domain.
+
+
+.EX
+.PP
-+.B pppd_log_t
++.B mock_cache_t
+.EE
+
-+- Set files with the pppd_log_t type, if you want to treat the data as pppd log data, usually stored under the /var/log directory.
++- Set files with the mock_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/ppp(/.*)?, /var/log/ppp-connect-errors.*
+
+.EX
+.PP
-+.B pppd_secret_t
++.B mock_etc_t
+.EE
+
-+- Set files with the pppd_secret_t type, if you want to treat the files as pppd se secret data.
++- Set files with the mock_etc_t type, if you want to store mock files in the /etc directories.
+
+
+.EX
+.PP
-+.B pppd_tmp_t
++.B mock_exec_t
+.EE
+
-+- Set files with the pppd_tmp_t type, if you want to store pppd temporary files in the /tmp directories.
++- Set files with the mock_exec_t type, if you want to transition an executable to the mock_t domain.
+
+
+.EX
+.PP
-+.B pppd_unit_file_t
++.B mock_tmp_t
+.EE
+
-+- Set files with the pppd_unit_file_t type, if you want to treat the files as pppd unit content.
++- Set files with the mock_tmp_t type, if you want to store mock temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B pppd_var_run_t
++.B mock_var_lib_t
+.EE
+
-+- Set files with the pppd_var_run_t type, if you want to store the pppd files under the /run directory.
++- Set files with the mock_var_lib_t type, if you want to store the mock files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/pppd[0-9]*\.tdb, /var/run/ppp(/.*)?, /var/run/(i)?ppp.*pid[^/]*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -38902,18 +45509,46 @@ index 0000000..6b97eb9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pppd policy is very flexible allowing users to setup their pppd processes in as secure a method as possible.
++SELinux mock policy is very flexible allowing users to setup their mock processes in as secure a method as possible.
+.PP
-+The following process types are defined for pppd:
++The following process types are defined for mock:
+
+.EX
-+.B pppd_t
++.B mock_t, mock_build_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mock_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mock_cache_t
++
++ /var/cache/mock(/.*)?
++.br
++
++.br
++.B mock_tmp_t
++
++
++.br
++.B mock_var_lib_t
++
++ /var/lib/mock(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -38932,75 +45567,45 @@ index 0000000..6b97eb9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pppd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), mock(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mock_build_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/pptp_selinux.8 b/man/man8/pptp_selinux.8
+diff --git a/man/man8/modemmanager_selinux.8 b/man/man8/modemmanager_selinux.8
new file mode 100644
-index 0000000..e13f5c3
+index 0000000..9c7427c
--- /dev/null
-+++ b/man/man8/pptp_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "pptp_selinux" "8" "pptp" "dwalsh at redhat.com" "pptp SELinux Policy documentation"
++++ b/man/man8/modemmanager_selinux.8
+@@ -0,0 +1,77 @@
++.TH "modemmanager_selinux" "8" "modemmanager" "dwalsh at redhat.com" "modemmanager SELinux Policy documentation"
+.SH "NAME"
-+pptp_selinux \- Security Enhanced Linux Policy for the pptp processes
++modemmanager_selinux \- Security Enhanced Linux Policy for the modemmanager processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pptp processes via flexible mandatory access
++Security-Enhanced Linux secures the modemmanager processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pptp_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the pptp_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
++SELinux modemmanager policy is very flexible allowing users to setup their modemmanager processes in as secure a method as possible.
+.PP
-+The following file types are defined for pptp:
-+
-+
-+.EX
-+.PP
-+.B pptp_exec_t
-+.EE
-+
-+- Set files with the pptp_exec_t type, if you want to transition an executable to the pptp_t domain.
-+
-+
-+.EX
-+.PP
-+.B pptp_log_t
-+.EE
-+
-+- Set files with the pptp_log_t type, if you want to treat the data as pptp log data, usually stored under the /var/log directory.
++The following file types are defined for modemmanager:
+
+
+.EX
+.PP
-+.B pptp_var_run_t
++.B modemmanager_exec_t
+.EE
+
-+- Set files with the pptp_var_run_t type, if you want to store the pptp files under the /run directory.
++- Set files with the modemmanager_exec_t type, if you want to transition an executable to the modemmanager_t domain.
+
+
+.PP
@@ -39010,49 +45615,28 @@ index 0000000..e13f5c3
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
-+.PP
-+The following port types are defined for pptp:
-+
-+.EX
-+.TP 5
-+.B pptp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 1723
-+.EE
-+udp 1723
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
++SELinux modemmanager policy is very flexible allowing users to setup their modemmanager processes in as secure a method as possible.
+.PP
-+The following process types are defined for pptp:
++The following process types are defined for modemmanager:
+
+.EX
-+.B pptp_t
++.B modemmanager_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type modemmanager_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -39063,122 +45647,101 @@ index 0000000..e13f5c3
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/prelink_selinux.8 b/man/man8/prelink_selinux.8
++selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mongod_selinux.8 b/man/man8/mongod_selinux.8
new file mode 100644
-index 0000000..a314c41
+index 0000000..53f1b03
--- /dev/null
-+++ b/man/man8/prelink_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "prelink_selinux" "8" "prelink" "dwalsh at redhat.com" "prelink SELinux Policy documentation"
++++ b/man/man8/mongod_selinux.8
+@@ -0,0 +1,181 @@
++.TH "mongod_selinux" "8" "mongod" "dwalsh at redhat.com" "mongod SELinux Policy documentation"
+.SH "NAME"
-+prelink_selinux \- Security Enhanced Linux Policy for the prelink processes
++mongod_selinux \- Security Enhanced Linux Policy for the mongod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the prelink processes via flexible mandatory access
++Security-Enhanced Linux secures the mongod processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelink_cron_system_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the prelink_cron_system_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux prelink policy is very flexible allowing users to setup their prelink processes in as secure a method as possible.
++SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
+.PP
-+The following file types are defined for prelink:
-+
-+
-+.EX
-+.PP
-+.B prelink_cache_t
-+.EE
-+
-+- Set files with the prelink_cache_t type, if you want to store the files under the /var/cache directory.
++The following file types are defined for mongod:
+
+
+.EX
+.PP
-+.B prelink_cron_system_exec_t
++.B mongod_exec_t
+.EE
+
-+- Set files with the prelink_cron_system_exec_t type, if you want to transition an executable to the prelink_cron_system_t domain.
++- Set files with the mongod_exec_t type, if you want to transition an executable to the mongod_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic
+
+.EX
+.PP
-+.B prelink_exec_t
++.B mongod_initrc_exec_t
+.EE
+
-+- Set files with the prelink_exec_t type, if you want to transition an executable to the prelink_t domain.
++- Set files with the mongod_initrc_exec_t type, if you want to transition an executable to the mongod_initrc_t domain.
+
+
+.EX
+.PP
-+.B prelink_log_t
++.B mongod_log_t
+.EE
+
-+- Set files with the prelink_log_t type, if you want to treat the data as prelink log data, usually stored under the /var/log directory.
++- Set files with the mongod_log_t type, if you want to treat the data as mongod log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/var/log/prelink(/.*)?, /var/log/prelink\.log.*
++/var/log/aeolus-conductor/dbomatic\.log.*, /var/log/mongodb(/.*)?
+
+.EX
+.PP
-+.B prelink_tmp_t
++.B mongod_tmp_t
+.EE
+
-+- Set files with the prelink_tmp_t type, if you want to store prelink temporary files in the /tmp directories.
++- Set files with the mongod_tmp_t type, if you want to store mongod temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B prelink_tmpfs_t
++.B mongod_var_lib_t
+.EE
+
-+- Set files with the prelink_tmpfs_t type, if you want to store prelink files on a tmpfs file system.
++- Set files with the mongod_var_lib_t type, if you want to store the mongod files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B prelink_var_lib_t
++.B mongod_var_run_t
+.EE
+
-+- Set files with the prelink_var_lib_t type, if you want to store the prelink files under the /var/lib directory.
++- Set files with the mongod_var_run_t type, if you want to store the mongod files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/lib/prelink(/.*)?, /var/lib/misc/prelink.*
++/var/run/aeolus/dbomatic\.pid, /var/run/mongodb(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -39187,24 +45750,77 @@ index 0000000..a314c41
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
++.PP
++The following port types are defined for mongod:
++
++.EX
++.TP 5
++.B mongod_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 27017
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux prelink policy is very flexible allowing users to setup their prelink processes in as secure a method as possible.
++SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible.
+.PP
-+The following process types are defined for prelink:
++The following process types are defined for mongod:
+
+.EX
-+.B prelink_cron_system_t, prelink_t
++.B mongod_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mongod_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mongod_log_t
++
++ /var/log/mongodb(/.*)?
++.br
++ /var/log/aeolus-conductor/dbomatic\.log.*
++.br
++
++.br
++.B mongod_tmp_t
++
++
++.br
++.B mongod_var_lib_t
++
++ /var/lib/mongodb(/.*)?
++.br
++
++.br
++.B mongod_var_run_t
++
++ /var/run/mongodb(/.*)?
++.br
++ /var/run/aeolus/dbomatic\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -39215,43 +45831,46 @@ index 0000000..a314c41
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/prelude_selinux.8 b/man/man8/prelude_selinux.8
++selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mount_ecryptfs_selinux.8 b/man/man8/mount_ecryptfs_selinux.8
new file mode 100644
-index 0000000..b6d1c35
+index 0000000..0bd5e95
--- /dev/null
-+++ b/man/man8/prelude_selinux.8
-@@ -0,0 +1,223 @@
-+.TH "prelude_selinux" "8" "prelude" "dwalsh at redhat.com" "prelude SELinux Policy documentation"
++++ b/man/man8/mount_ecryptfs_selinux.8
+@@ -0,0 +1,116 @@
++.TH "mount_ecryptfs_selinux" "8" "mount_ecryptfs" "dwalsh at redhat.com" "mount_ecryptfs SELinux Policy documentation"
+.SH "NAME"
-+prelude_selinux \- Security Enhanced Linux Policy for the prelude processes
++mount_ecryptfs_selinux \- Security Enhanced Linux Policy for the mount_ecryptfs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the prelude processes via flexible mandatory access
++Security-Enhanced Linux secures the mount_ecryptfs processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelude_lml_t, prelude_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mount_ecryptfs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the prelude_lml_t, prelude_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mount_ecryptfs_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -39260,125 +45879,29 @@ index 0000000..b6d1c35
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
++SELinux mount_ecryptfs policy is very flexible allowing users to setup their mount_ecryptfs processes in as secure a method as possible.
+.PP
-+The following file types are defined for prelude:
-+
-+
-+.EX
-+.PP
-+.B prelude_audisp_exec_t
-+.EE
-+
-+- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/audisp-prelude, /usr/sbin/audisp-prelude
-+
-+.EX
-+.PP
-+.B prelude_audisp_var_run_t
-+.EE
-+
-+- Set files with the prelude_audisp_var_run_t type, if you want to store the prelude audisp files under the /run directory.
-+
-+
-+.EX
-+.PP
-+.B prelude_correlator_config_t
-+.EE
-+
-+- Set files with the prelude_correlator_config_t type, if you want to treat the files as prelude correlator configuration data, usually stored under the /etc directory.
++The following file types are defined for mount_ecryptfs:
+
+
+.EX
+.PP
-+.B prelude_correlator_exec_t
-+.EE
-+
-+- Set files with the prelude_correlator_exec_t type, if you want to transition an executable to the prelude_correlator_t domain.
-+
-+
-+.EX
-+.PP
-+.B prelude_exec_t
-+.EE
-+
-+- Set files with the prelude_exec_t type, if you want to transition an executable to the prelude_t domain.
-+
-+
-+.EX
-+.PP
-+.B prelude_initrc_exec_t
-+.EE
-+
-+- Set files with the prelude_initrc_exec_t type, if you want to transition an executable to the prelude_initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-lml
-+
-+.EX
-+.PP
-+.B prelude_lml_exec_t
-+.EE
-+
-+- Set files with the prelude_lml_exec_t type, if you want to transition an executable to the prelude_lml_t domain.
-+
-+
-+.EX
-+.PP
-+.B prelude_lml_tmp_t
-+.EE
-+
-+- Set files with the prelude_lml_tmp_t type, if you want to store prelude lml temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B prelude_lml_var_run_t
-+.EE
-+
-+- Set files with the prelude_lml_var_run_t type, if you want to store the prelude lml files under the /run directory.
-+
-+
-+.EX
-+.PP
-+.B prelude_log_t
-+.EE
-+
-+- Set files with the prelude_log_t type, if you want to treat the data as prelude log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B prelude_spool_t
++.B mount_ecryptfs_exec_t
+.EE
+
-+- Set files with the prelude_spool_t type, if you want to store the prelude files under the /var/spool directory.
++- Set files with the mount_ecryptfs_exec_t type, if you want to transition an executable to the mount_ecryptfs_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/spool/prelude(/.*)?, /var/spool/prelude-manager(/.*)?
-+
-+.EX
-+.PP
-+.B prelude_var_lib_t
-+.EE
-+
-+- Set files with the prelude_var_lib_t type, if you want to store the prelude files under the /var/lib directory.
-+
++/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
+
+.EX
+.PP
-+.B prelude_var_run_t
++.B mount_ecryptfs_tmpfs_t
+.EE
+
-+- Set files with the prelude_var_run_t type, if you want to store the prelude files under the /run directory.
++- Set files with the mount_ecryptfs_tmpfs_t type, if you want to store mount ecryptfs files on a tmpfs file system.
+
+
+.PP
@@ -39388,49 +45911,40 @@ index 0000000..b6d1c35
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
-+.PP
-+The following port types are defined for prelude:
-+
-+.EX
-+.TP 5
-+.B prelude_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 4690
-+.EE
-+udp 4690
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
++SELinux mount_ecryptfs policy is very flexible allowing users to setup their mount_ecryptfs processes in as secure a method as possible.
+.PP
-+The following process types are defined for prelude:
++The following process types are defined for mount_ecryptfs:
+
+.EX
-+.B prelude_lml_t, prelude_t, prelude_audisp_t, prelude_correlator_t
++.B mount_ecryptfs_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mount_ecryptfs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mount_ecryptfs_tmpfs_t
++
++
++.br
++.B user_tmpfs_t
++
++ /dev/shm/mono.*
++.br
++ /dev/shm/pulse-shm.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -39441,57 +45955,63 @@ index 0000000..b6d1c35
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/privoxy_selinux.8 b/man/man8/privoxy_selinux.8
++selinux(8), mount_ecryptfs(8), semanage(8), restorecon(8), chcon(1)
++, mount_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mount_selinux.8 b/man/man8/mount_selinux.8
new file mode 100644
-index 0000000..b4b4c69
+index 0000000..970cd52
--- /dev/null
-+++ b/man/man8/privoxy_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "privoxy_selinux" "8" "privoxy" "dwalsh at redhat.com" "privoxy SELinux Policy documentation"
++++ b/man/man8/mount_selinux.8
+@@ -0,0 +1,261 @@
++.TH "mount_selinux" "8" "mount" "dwalsh at redhat.com" "mount SELinux Policy documentation"
+.SH "NAME"
-+privoxy_selinux \- Security Enhanced Linux Policy for the privoxy processes
++mount_selinux \- Security Enhanced Linux Policy for the mount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the privoxy processes via flexible mandatory access
++Security-Enhanced Linux secures the mount processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. privoxy policy is extremely flexible and has several booleans that allow you to manipulate the policy and run privoxy with the tightest access possible.
++SELinux policy is customizable based on least access required. mount policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mount with the tightest access possible.
+
+
+.PP
-+If you want to allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the privoxy_connect_any boolean.
++If you want to allow the mount command to mount any directory or file, you must turn on the mount_anyfile boolean.
+
+.EX
-+.B setsebool -P privoxy_connect_any 1
++.B setsebool -P mount_anyfile 1
++.EE
++
++.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
++
++.EX
++.B setsebool -P xguest_mount_media 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the privoxy_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mount_t, mount_ecryptfs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the privoxy_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mount_t, mount_ecryptfs_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -39500,50 +46020,70 @@ index 0000000..b4b4c69
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux privoxy policy is very flexible allowing users to setup their privoxy processes in as secure a method as possible.
++SELinux mount policy is very flexible allowing users to setup their mount processes in as secure a method as possible.
+.PP
-+The following file types are defined for privoxy:
++The following file types are defined for mount:
+
+
+.EX
+.PP
-+.B privoxy_etc_rw_t
++.B mount_ecryptfs_exec_t
+.EE
+
-+- Set files with the privoxy_etc_rw_t type, if you want to treat the files as privoxy etc read/write content.
++- Set files with the mount_ecryptfs_exec_t type, if you want to transition an executable to the mount_ecryptfs_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
++
++.EX
++.PP
++.B mount_ecryptfs_tmpfs_t
++.EE
++
++- Set files with the mount_ecryptfs_tmpfs_t type, if you want to store mount ecryptfs files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B privoxy_exec_t
++.B mount_exec_t
+.EE
+
-+- Set files with the privoxy_exec_t type, if you want to transition an executable to the privoxy_t domain.
++- Set files with the mount_exec_t type, if you want to transition an executable to the mount_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/mount.*, /usr/bin/umount.*, /usr/sbin/umount.*, /bin/umount.*, /sbin/umount.*, /usr/bin/mount.*, /bin/mount.*, /usr/sbin/mount.*
+
+.EX
+.PP
-+.B privoxy_initrc_exec_t
++.B mount_loopback_t
+.EE
+
-+- Set files with the privoxy_initrc_exec_t type, if you want to transition an executable to the privoxy_initrc_t domain.
++- Set files with the mount_loopback_t type, if you want to treat the files as mount loopback data.
+
+
+.EX
+.PP
-+.B privoxy_log_t
++.B mount_tmp_t
+.EE
+
-+- Set files with the privoxy_log_t type, if you want to treat the data as privoxy log data, usually stored under the /var/log directory.
++- Set files with the mount_tmp_t type, if you want to store mount temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B privoxy_var_run_t
++.B mount_var_run_t
+.EE
+
-+- Set files with the privoxy_var_run_t type, if you want to store the privoxy files under the /run directory.
++- Set files with the mount_var_run_t type, if you want to store the mount files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/run/mount(/.*)?, /dev/\.mount(/.*)?, /var/run/mount(/.*)?, /var/run/davfs2(/.*)?, /var/cache/davfs2(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -39558,18 +46098,118 @@ index 0000000..b4b4c69
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux privoxy policy is very flexible allowing users to setup their privoxy processes in as secure a method as possible.
++SELinux mount policy is very flexible allowing users to setup their mount processes in as secure a method as possible.
+.PP
-+The following process types are defined for privoxy:
++The following process types are defined for mount:
+
+.EX
-+.B privoxy_t
++.B mount_t, mount_ecryptfs_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mount_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B debugfs_t
++
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B livecd_tmp_t
++
++
++.br
++.B mount_tmp_t
++
++
++.br
++.B mount_var_run_t
++
++ /run/mount(/.*)?
++.br
++ /dev/\.mount(/.*)?
++.br
++ /var/run/mount(/.*)?
++.br
++ /var/run/davfs2(/.*)?
++.br
++ /var/cache/davfs2(/.*)?
++.br
++
++.br
++.B nfsd_fs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -39588,40 +46228,40 @@ index 0000000..b4b4c69
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), privoxy(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), mount(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mount_ecryptfs_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/procmail_selinux.8 b/man/man8/procmail_selinux.8
+diff --git a/man/man8/mozilla_plugin_config_selinux.8 b/man/man8/mozilla_plugin_config_selinux.8
new file mode 100644
-index 0000000..15f4183
+index 0000000..eab33ec
--- /dev/null
-+++ b/man/man8/procmail_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "procmail_selinux" "8" "procmail" "dwalsh at redhat.com" "procmail SELinux Policy documentation"
++++ b/man/man8/mozilla_plugin_config_selinux.8
+@@ -0,0 +1,148 @@
++.TH "mozilla_plugin_config_selinux" "8" "mozilla_plugin_config" "dwalsh at redhat.com" "mozilla_plugin_config SELinux Policy documentation"
+.SH "NAME"
-+procmail_selinux \- Security Enhanced Linux Policy for the procmail processes
++mozilla_plugin_config_selinux \- Security Enhanced Linux Policy for the mozilla_plugin_config processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the procmail processes via flexible mandatory access
++Security-Enhanced Linux secures the mozilla_plugin_config processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the procmail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mozilla_plugin_config_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the procmail_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mozilla_plugin_config_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -39630,45 +46270,17 @@ index 0000000..15f4183
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux procmail policy is very flexible allowing users to setup their procmail processes in as secure a method as possible.
++SELinux mozilla_plugin_config policy is very flexible allowing users to setup their mozilla_plugin_config processes in as secure a method as possible.
+.PP
-+The following file types are defined for procmail:
-+
-+
-+.EX
-+.PP
-+.B procmail_exec_t
-+.EE
-+
-+- Set files with the procmail_exec_t type, if you want to transition an executable to the procmail_t domain.
-+
-+
-+.EX
-+.PP
-+.B procmail_home_t
-+.EE
-+
-+- Set files with the procmail_home_t type, if you want to store procmail files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B procmail_log_t
-+.EE
-+
-+- Set files with the procmail_log_t type, if you want to treat the data as procmail log data, usually stored under the /var/log directory.
++The following file types are defined for mozilla_plugin_config:
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/procmail\.log.*, /var/log/procmail(/.*)?
+
+.EX
+.PP
-+.B procmail_tmp_t
++.B mozilla_plugin_config_exec_t
+.EE
+
-+- Set files with the procmail_tmp_t type, if you want to store procmail temporary files in the /tmp directories.
++- Set files with the mozilla_plugin_config_exec_t type, if you want to transition an executable to the mozilla_plugin_config_t domain.
+
+
+.PP
@@ -39684,132 +46296,207 @@ index 0000000..15f4183
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux procmail policy is very flexible allowing users to setup their procmail processes in as secure a method as possible.
++SELinux mozilla_plugin_config policy is very flexible allowing users to setup their mozilla_plugin_config processes in as secure a method as possible.
+.PP
-+The following process types are defined for procmail:
++The following process types are defined for mozilla_plugin_config:
+
+.EX
-+.B procmail_t
++.B mozilla_plugin_config_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++The SELinux user type mozilla_plugin_config_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B mozilla_home_t
+
-+.SH "SEE ALSO"
-+selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/psad_selinux.8 b/man/man8/psad_selinux.8
++ /home/[^/]*/\.java(/.*)?
++.br
++ /home/[^/]*/\.adobe(/.*)?
++.br
++ /home/[^/]*/\.gnash(/.*)?
++.br
++ /home/[^/]*/\.galeon(/.*)?
++.br
++ /home/[^/]*/\.spicec(/.*)?
++.br
++ /home/[^/]*/\.mozilla(/.*)?
++.br
++ /home/[^/]*/\.phoenix(/.*)?
++.br
++ /home/[^/]*/\.netscape(/.*)?
++.br
++ /home/[^/]*/\.ICAClient(/.*)?
++.br
++ /home/[^/]*/\.macromedia(/.*)?
++.br
++ /home/[^/]*/\.thunderbird(/.*)?
++.br
++ /home/[^/]*/\.gcjwebplugin(/.*)?
++.br
++ /home/[^/]*/\.icedteaplugin(/.*)?
++.br
++ /home/[^/]*/zimbrauserdata(/.*)?
++.br
++ /home/[^/]*/\.config/chromium(/.*)?
++.br
++
++.br
++.B mozilla_plugin_rw_t
++
++ /usr/lib/mozilla/plugins-wrapped(/.*)?
++.br
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), mozilla_plugin_config(8), semanage(8), restorecon(8), chcon(1)
++, mozilla_selinux(8), mozilla_plugin_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mozilla_plugin_selinux.8 b/man/man8/mozilla_plugin_selinux.8
new file mode 100644
-index 0000000..aa9f2e2
+index 0000000..8ecc677
--- /dev/null
-+++ b/man/man8/psad_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "psad_selinux" "8" "psad" "dwalsh at redhat.com" "psad SELinux Policy documentation"
++++ b/man/man8/mozilla_plugin_selinux.8
+@@ -0,0 +1,254 @@
++.TH "mozilla_plugin_selinux" "8" "mozilla_plugin" "dwalsh at redhat.com" "mozilla_plugin SELinux Policy documentation"
+.SH "NAME"
-+psad_selinux \- Security Enhanced Linux Policy for the psad processes
++mozilla_plugin_selinux \- Security Enhanced Linux Policy for the mozilla_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the psad processes via flexible mandatory access
++Security-Enhanced Linux secures the mozilla_plugin processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. mozilla_plugin policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mozilla_plugin with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the psad_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P unconfined_mozilla_plugin_transition 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the psad_t, you must turn on the kerberos_enabled boolean.
++If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P mozilla_plugin_enable_homedirs 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux psad policy is very flexible allowing users to setup their psad processes in as secure a method as possible.
-+.PP
-+The following file types are defined for psad:
-+
++If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
+
+.EX
-+.PP
-+.B psad_etc_t
++.B setsebool -P mozilla_plugin_can_network_connect 1
+.EE
+
-+- Set files with the psad_etc_t type, if you want to store psad files in the /etc directories.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mozilla_plugin_config_t, mozilla_plugin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B psad_exec_t
++If you want to allow confined applications to run with kerberos for the mozilla_plugin_config_t, mozilla_plugin_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the psad_exec_t type, if you want to transition an executable to the psad_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mozilla_plugin policy is very flexible allowing users to setup their mozilla_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for mozilla_plugin:
+
+
+.EX
+.PP
-+.B psad_initrc_exec_t
++.B mozilla_plugin_config_exec_t
+.EE
+
-+- Set files with the psad_initrc_exec_t type, if you want to transition an executable to the psad_initrc_t domain.
++- Set files with the mozilla_plugin_config_exec_t type, if you want to transition an executable to the mozilla_plugin_config_t domain.
+
+
+.EX
+.PP
-+.B psad_tmp_t
++.B mozilla_plugin_exec_t
+.EE
+
-+- Set files with the psad_tmp_t type, if you want to store psad temporary files in the /tmp directories.
++- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
+
+.EX
+.PP
-+.B psad_var_lib_t
++.B mozilla_plugin_rw_t
+.EE
+
-+- Set files with the psad_var_lib_t type, if you want to store the psad files under the /var/lib directory.
++- Set files with the mozilla_plugin_rw_t type, if you want to treat the files as mozilla plugin read/write content.
+
+
+.EX
+.PP
-+.B psad_var_log_t
++.B mozilla_plugin_tmp_t
+.EE
+
-+- Set files with the psad_var_log_t type, if you want to treat the data as psad var log data, usually stored under the /var/log directory.
++- Set files with the mozilla_plugin_tmp_t type, if you want to store mozilla plugin temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B psad_var_run_t
++.B mozilla_plugin_tmpfs_t
+.EE
+
-+- Set files with the psad_var_run_t type, if you want to store the psad files under the /run directory.
++- Set files with the mozilla_plugin_tmpfs_t type, if you want to store mozilla plugin files on a tmpfs file system.
+
+
+.PP
@@ -39825,18 +46512,120 @@ index 0000000..aa9f2e2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux psad policy is very flexible allowing users to setup their psad processes in as secure a method as possible.
++SELinux mozilla_plugin policy is very flexible allowing users to setup their mozilla_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for psad:
++The following process types are defined for mozilla_plugin:
+
+.EX
-+.B psad_t
++.B mozilla_plugin_config_t, mozilla_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mozilla_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gnome_home_type
++
++
++.br
++.B home_cert_t
++
++ /root/\.cert(/.*)?
++.br
++ /home/[^/]*/.kde/share/apps/networkmanagement/certificates(/.*)?
++.br
++ /home/[^/]*/\.pki(/.*)?
++.br
++ /home/[^/]*/\.cert(/.*)?
++.br
++
++.br
++.B mozilla_home_t
++
++ /home/[^/]*/\.java(/.*)?
++.br
++ /home/[^/]*/\.adobe(/.*)?
++.br
++ /home/[^/]*/\.gnash(/.*)?
++.br
++ /home/[^/]*/\.galeon(/.*)?
++.br
++ /home/[^/]*/\.spicec(/.*)?
++.br
++ /home/[^/]*/\.mozilla(/.*)?
++.br
++ /home/[^/]*/\.phoenix(/.*)?
++.br
++ /home/[^/]*/\.netscape(/.*)?
++.br
++ /home/[^/]*/\.ICAClient(/.*)?
++.br
++ /home/[^/]*/\.macromedia(/.*)?
++.br
++ /home/[^/]*/\.thunderbird(/.*)?
++.br
++ /home/[^/]*/\.gcjwebplugin(/.*)?
++.br
++ /home/[^/]*/\.icedteaplugin(/.*)?
++.br
++ /home/[^/]*/zimbrauserdata(/.*)?
++.br
++ /home/[^/]*/\.config/chromium(/.*)?
++.br
++
++.br
++.B mozilla_plugin_tmp_t
++
++
++.br
++.B mozilla_plugin_tmpfs_t
++
++
++.br
++.B pulseaudio_home_t
++
++ /root/\.pulse(/.*)?
++.br
++ /root/\.esd_auth
++.br
++ /root/\.pulse-cookie
++.br
++ /home/[^/]*/\.pulse(/.*)?
++.br
++ /home/[^/]*/\.esd_auth
++.br
++ /home/[^/]*/\.pulse-cookie
++.br
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_tmpfs_t
++
++ /dev/shm/mono.*
++.br
++ /dev/shm/pulse-shm.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -39847,177 +46636,179 @@ index 0000000..aa9f2e2
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), psad(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ptal_selinux.8 b/man/man8/ptal_selinux.8
++selinux(8), mozilla_plugin(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mozilla_selinux(8), mozilla_plugin_config_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mozilla_selinux.8 b/man/man8/mozilla_selinux.8
new file mode 100644
-index 0000000..e1a8de5
+index 0000000..94074ea
--- /dev/null
-+++ b/man/man8/ptal_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "ptal_selinux" "8" "ptal" "dwalsh at redhat.com" "ptal SELinux Policy documentation"
++++ b/man/man8/mozilla_selinux.8
+@@ -0,0 +1,307 @@
++.TH "mozilla_selinux" "8" "mozilla" "dwalsh at redhat.com" "mozilla SELinux Policy documentation"
+.SH "NAME"
-+ptal_selinux \- Security Enhanced Linux Policy for the ptal processes
++mozilla_selinux \- Security Enhanced Linux Policy for the mozilla processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ptal processes via flexible mandatory access
++Security-Enhanced Linux secures the mozilla processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. mozilla policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mozilla with the tightest access possible.
++
++
++.PP
++If you want to allow confined web browsers to read home directory content, you must turn on the mozilla_read_content boolean.
++
++.EX
++.B setsebool -P mozilla_read_content 1
++.EE
++
++.PP
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++
++.EX
++.B setsebool -P unconfined_mozilla_plugin_transition 1
++.EE
++
++.PP
++If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_enable_homedirs 1
++.EE
++
++.PP
++If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_can_network_connect 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mozilla_plugin_config_t, mozilla_t, mozilla_plugin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the mozilla_plugin_config_t, mozilla_t, mozilla_plugin_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
++SELinux mozilla policy is very flexible allowing users to setup their mozilla processes in as secure a method as possible.
+.PP
-+The following file types are defined for ptal:
++The following file types are defined for mozilla:
+
+
+.EX
+.PP
-+.B ptal_etc_t
++.B mozilla_conf_t
+.EE
+
-+- Set files with the ptal_etc_t type, if you want to store ptal files in the /etc directories.
++- Set files with the mozilla_conf_t type, if you want to treat the files as mozilla configuration data, usually stored under the /etc directory.
+
+
+.EX
+.PP
-+.B ptal_exec_t
++.B mozilla_exec_t
+.EE
+
-+- Set files with the ptal_exec_t type, if you want to transition an executable to the ptal_t domain.
++- Set files with the mozilla_exec_t type, if you want to transition an executable to the mozilla_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/ptal-photod, /usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd
++/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/galeon/galeon, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/netscape, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/epiphany-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/netscape/base-4/wrapper, /usr/bin/mozilla-snapshot, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/bin/mozilla-[0-9].*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/bin/mozilla, /usr/bin/epiphany
+
+.EX
+.PP
-+.B ptal_var_run_t
++.B mozilla_home_t
+.EE
+
-+- Set files with the ptal_var_run_t type, if you want to store the ptal files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/ptal-mlcd(/.*)?, /var/run/ptal-printd(/.*)?
++- Set files with the mozilla_home_t type, if you want to store mozilla files in the users home directory.
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.EX
+.PP
-+You can see the types associated with a port by using the following command:
++.B mozilla_plugin_config_exec_t
++.EE
+
-+.B semanage port -l
++- Set files with the mozilla_plugin_config_exec_t type, if you want to transition an executable to the mozilla_plugin_config_t domain.
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
-+.PP
-+The following port types are defined for ptal:
+
+.EX
-+.TP 5
-+.B ptal_port_t
-+.TP 10
++.PP
++.B mozilla_plugin_exec_t
+.EE
+
++- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain.
+
-+Default Defined Ports:
-+tcp 5703
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
-+.PP
-+The following process types are defined for ptal:
++.br
++.TP 5
++Paths:
++/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
+
+.EX
-+.B ptal_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B mozilla_plugin_rw_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++- Set files with the mozilla_plugin_rw_t type, if you want to treat the files as mozilla plugin read/write content.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B mozilla_plugin_tmp_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the mozilla_plugin_tmp_t type, if you want to store mozilla plugin temporary files in the /tmp directories.
+
-+.SH "SEE ALSO"
-+selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ptchown_selinux.8 b/man/man8/ptchown_selinux.8
-new file mode 100644
-index 0000000..911b6fe
---- /dev/null
-+++ b/man/man8/ptchown_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "ptchown_selinux" "8" "ptchown" "dwalsh at redhat.com" "ptchown SELinux Policy documentation"
-+.SH "NAME"
-+ptchown_selinux \- Security Enhanced Linux Policy for the ptchown processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ptchown processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B mozilla_plugin_tmpfs_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the mozilla_plugin_tmpfs_t type, if you want to store mozilla plugin files on a tmpfs file system.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux ptchown policy is very flexible allowing users to setup their ptchown processes in as secure a method as possible.
-+.PP
-+The following file types are defined for ptchown:
++.B mozilla_tmp_t
++.EE
++
++- Set files with the mozilla_tmp_t type, if you want to store mozilla temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ptchown_exec_t
++.B mozilla_tmpfs_t
+.EE
+
-+- Set files with the ptchown_exec_t type, if you want to transition an executable to the ptchown_t domain.
++- Set files with the mozilla_tmpfs_t type, if you want to store mozilla files on a tmpfs file system.
+
+
+.PP
@@ -40033,108 +46824,121 @@ index 0000000..911b6fe
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ptchown policy is very flexible allowing users to setup their ptchown processes in as secure a method as possible.
++SELinux mozilla policy is very flexible allowing users to setup their mozilla processes in as secure a method as possible.
+.PP
-+The following process types are defined for ptchown:
++The following process types are defined for mozilla:
+
+.EX
-+.B ptchown_t
++.B mozilla_t, mozilla_plugin_config_t, mozilla_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++The SELinux user type mozilla_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B gconf_home_t
+
-+.SH "SEE ALSO"
-+selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/publicfile_selinux.8 b/man/man8/publicfile_selinux.8
-new file mode 100644
-index 0000000..174d4ce
---- /dev/null
-+++ b/man/man8/publicfile_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "publicfile_selinux" "8" "publicfile" "dwalsh at redhat.com" "publicfile SELinux Policy documentation"
-+.SH "NAME"
-+publicfile_selinux \- Security Enhanced Linux Policy for the publicfile processes
-+.SH "DESCRIPTION"
++ /root/\.local.*
++.br
++ /root/\.gconf(d)?(/.*)?
++.br
++ /home/[^/]*/\.local.*
++.br
++ /home/[^/]*/\.gconf(d)?(/.*)?
++.br
+
-+Security-Enhanced Linux secures the publicfile processes via flexible mandatory access
-+control.
++.br
++.B gnome_home_type
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux publicfile policy is very flexible allowing users to setup their publicfile processes in as secure a method as possible.
-+.PP
-+The following file types are defined for publicfile:
++.br
++.B mozilla_home_t
+
++ /home/[^/]*/\.java(/.*)?
++.br
++ /home/[^/]*/\.adobe(/.*)?
++.br
++ /home/[^/]*/\.gnash(/.*)?
++.br
++ /home/[^/]*/\.galeon(/.*)?
++.br
++ /home/[^/]*/\.spicec(/.*)?
++.br
++ /home/[^/]*/\.mozilla(/.*)?
++.br
++ /home/[^/]*/\.phoenix(/.*)?
++.br
++ /home/[^/]*/\.netscape(/.*)?
++.br
++ /home/[^/]*/\.ICAClient(/.*)?
++.br
++ /home/[^/]*/\.macromedia(/.*)?
++.br
++ /home/[^/]*/\.thunderbird(/.*)?
++.br
++ /home/[^/]*/\.gcjwebplugin(/.*)?
++.br
++ /home/[^/]*/\.icedteaplugin(/.*)?
++.br
++ /home/[^/]*/zimbrauserdata(/.*)?
++.br
++ /home/[^/]*/\.config/chromium(/.*)?
++.br
+
-+.EX
-+.PP
-+.B publicfile_content_t
-+.EE
++.br
++.B mozilla_tmp_t
+
-+- Set files with the publicfile_content_t type, if you want to treat the files as publicfile content.
+
++.br
++.B mozilla_tmpfs_t
+
-+.EX
-+.PP
-+.B publicfile_exec_t
-+.EE
+
-+- Set files with the publicfile_exec_t type, if you want to transition an executable to the publicfile_t domain.
++.br
++.B pulseaudio_home_t
+
++ /root/\.pulse(/.*)?
++.br
++ /root/\.esd_auth
++.br
++ /root/\.pulse-cookie
++.br
++ /home/[^/]*/\.pulse(/.*)?
++.br
++ /home/[^/]*/\.esd_auth
++.br
++ /home/[^/]*/\.pulse-cookie
+.br
-+.TP 5
-+Paths:
-+/usr/bin/httpd, /usr/bin/ftpd
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.br
++.B tmpfs_t
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux publicfile policy is very flexible allowing users to setup their publicfile processes in as secure a method as possible.
-+.PP
-+The following process types are defined for publicfile:
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
+
-+.EX
-+.B publicfile_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -40146,98 +46950,166 @@ index 0000000..174d4ce
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pulseaudio_selinux.8 b/man/man8/pulseaudio_selinux.8
++selinux(8), mozilla(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mozilla_plugin_selinux(8), mozilla_plugin_config_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mpd_selinux.8 b/man/man8/mpd_selinux.8
new file mode 100644
-index 0000000..36f8ee1
+index 0000000..98677b7
--- /dev/null
-+++ b/man/man8/pulseaudio_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "pulseaudio_selinux" "8" "pulseaudio" "dwalsh at redhat.com" "pulseaudio SELinux Policy documentation"
++++ b/man/man8/mpd_selinux.8
+@@ -0,0 +1,252 @@
++.TH "mpd_selinux" "8" "mpd" "dwalsh at redhat.com" "mpd SELinux Policy documentation"
+.SH "NAME"
-+pulseaudio_selinux \- Security Enhanced Linux Policy for the pulseaudio processes
++mpd_selinux \- Security Enhanced Linux Policy for the mpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pulseaudio processes via flexible mandatory access
++Security-Enhanced Linux secures the mpd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. mpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mpd with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pulseaudio_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P mplayer_execstack 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the pulseaudio_t, you must turn on the kerberos_enabled boolean.
++If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P gssd_read_tmp 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
-+.PP
-+The following file types are defined for pulseaudio:
++If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
++
++.EX
++.B setsebool -P httpd_tmp_exec 1
++.EE
+
++.PP
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
+
+.EX
++.B setsebool -P unconfined_mplayer 1
++.EE
++
+.PP
-+.B pulseaudio_exec_t
++If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean.
++
++.EX
++.B setsebool -P daemons_dump_core 1
+.EE
+
-+- Set files with the pulseaudio_exec_t type, if you want to transition an executable to the pulseaudio_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mpd_t, mplayer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B pulseaudio_home_t
++If you want to allow confined applications to run with kerberos for the mpd_t, mplayer_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the pulseaudio_home_t type, if you want to store pulseaudio files in the users home directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
++.PP
++The following file types are defined for mpd:
++
++
++.EX
++.PP
++.B mpd_data_t
++.EE
++
++- Set files with the mpd_data_t type, if you want to treat the files as mpd content.
+
+.br
+.TP 5
+Paths:
-+/root/\.pulse-cookie, /root/\.pulse(/.*)?, /root/\.esd_auth
++/var/lib/mpd/playlists(/.*)?, /var/lib/mpd/music(/.*)?
+
+.EX
+.PP
-+.B pulseaudio_tmpfs_t
++.B mpd_etc_t
+.EE
+
-+- Set files with the pulseaudio_tmpfs_t type, if you want to store pulseaudio files on a tmpfs file system.
++- Set files with the mpd_etc_t type, if you want to store mpd files in the /etc directories.
+
+
+.EX
+.PP
-+.B pulseaudio_var_lib_t
++.B mpd_exec_t
+.EE
+
-+- Set files with the pulseaudio_var_lib_t type, if you want to store the pulseaudio files under the /var/lib directory.
++- Set files with the mpd_exec_t type, if you want to transition an executable to the mpd_t domain.
+
+
+.EX
+.PP
-+.B pulseaudio_var_run_t
++.B mpd_initrc_exec_t
+.EE
+
-+- Set files with the pulseaudio_var_run_t type, if you want to store the pulseaudio files under the /run directory.
++- Set files with the mpd_initrc_exec_t type, if you want to transition an executable to the mpd_initrc_t domain.
++
++
++.EX
++.PP
++.B mpd_log_t
++.EE
++
++- Set files with the mpd_log_t type, if you want to treat the data as mpd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B mpd_tmp_t
++.EE
++
++- Set files with the mpd_tmp_t type, if you want to store mpd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B mpd_tmpfs_t
++.EE
++
++- Set files with the mpd_tmpfs_t type, if you want to store mpd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B mpd_var_lib_t
++.EE
++
++- Set files with the mpd_var_lib_t type, if you want to store the mpd files under the /var/lib directory.
+
+
+.PP
@@ -40256,21 +47128,19 @@ index 0000000..36f8ee1
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
++SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
+.PP
-+The following port types are defined for pulseaudio:
++The following port types are defined for mpd:
+
+.EX
+.TP 5
-+.B pulseaudio_port_t
++.B mpd_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 4713
-+.EE
-+udp 4713
++tcp 6600
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -40278,18 +47148,54 @@ index 0000000..36f8ee1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
++SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for pulseaudio:
++The following process types are defined for mpd:
+
+.EX
-+.B pulseaudio_t
++.B mpd_t, mplayer_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B mpd_data_t
++
++ /var/lib/mpd/music(/.*)?
++.br
++ /var/lib/mpd/playlists(/.*)?
++.br
++
++.br
++.B mpd_log_t
++
++ /var/log/mpd(/.*)?
++.br
++
++.br
++.B mpd_tmp_t
++
++
++.br
++.B mpd_tmpfs_t
++
++
++.br
++.B mpd_var_lib_t
++
++ /var/lib/mpd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -40303,61 +47209,66 @@ index 0000000..36f8ee1
+.B semanage port
+can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/puppet_selinux.8 b/man/man8/puppet_selinux.8
++selinux(8), mpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mplayer_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mplayer_selinux.8 b/man/man8/mplayer_selinux.8
new file mode 100644
-index 0000000..6466e46
+index 0000000..f6d95b8
--- /dev/null
-+++ b/man/man8/puppet_selinux.8
-@@ -0,0 +1,215 @@
-+.TH "puppet_selinux" "8" "puppet" "dwalsh at redhat.com" "puppet SELinux Policy documentation"
++++ b/man/man8/mplayer_selinux.8
+@@ -0,0 +1,167 @@
++.TH "mplayer_selinux" "8" "mplayer" "dwalsh at redhat.com" "mplayer SELinux Policy documentation"
+.SH "NAME"
-+puppet_selinux \- Security Enhanced Linux Policy for the puppet processes
++mplayer_selinux \- Security Enhanced Linux Policy for the mplayer processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppet processes via flexible mandatory access
++Security-Enhanced Linux secures the mplayer processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. puppet policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppet with the tightest access possible.
++SELinux policy is customizable based on least access required. mplayer policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mplayer with the tightest access possible.
+
+
+.PP
-+If you want to allow Puppet client to manage all file types, you must turn on the puppet_manage_all_files boolean.
++If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
+
+.EX
-+.B setsebool -P puppet_manage_all_files 1
++.B setsebool -P mplayer_execstack 1
+.EE
+
+.PP
-+If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
+
+.EX
-+.B setsebool -P puppetmaster_use_db 1
++.B setsebool -P unconfined_mplayer 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the puppetmaster_t, puppet_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mplayer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the puppetmaster_t, puppet_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mplayer_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -40366,97 +47277,45 @@ index 0000000..6466e46
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
++SELinux mplayer policy is very flexible allowing users to setup their mplayer processes in as secure a method as possible.
+.PP
-+The following file types are defined for puppet:
-+
-+
-+.EX
-+.PP
-+.B puppet_etc_t
-+.EE
-+
-+- Set files with the puppet_etc_t type, if you want to store puppet files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B puppet_exec_t
-+.EE
-+
-+- Set files with the puppet_exec_t type, if you want to transition an executable to the puppet_t domain.
-+
-+
-+.EX
-+.PP
-+.B puppet_initrc_exec_t
-+.EE
-+
-+- Set files with the puppet_initrc_exec_t type, if you want to transition an executable to the puppet_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B puppet_log_t
-+.EE
-+
-+- Set files with the puppet_log_t type, if you want to treat the data as puppet log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B puppet_tmp_t
-+.EE
-+
-+- Set files with the puppet_tmp_t type, if you want to store puppet temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B puppet_var_lib_t
-+.EE
-+
-+- Set files with the puppet_var_lib_t type, if you want to store the puppet files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B puppet_var_run_t
-+.EE
-+
-+- Set files with the puppet_var_run_t type, if you want to store the puppet files under the /run directory.
++The following file types are defined for mplayer:
+
+
+.EX
+.PP
-+.B puppetca_exec_t
++.B mplayer_etc_t
+.EE
+
-+- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain.
++- Set files with the mplayer_etc_t type, if you want to store mplayer files in the /etc directories.
+
+
+.EX
+.PP
-+.B puppetmaster_exec_t
++.B mplayer_exec_t
+.EE
+
-+- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain.
++- Set files with the mplayer_exec_t type, if you want to transition an executable to the mplayer_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/mplayer, /usr/bin/xine, /usr/bin/vlc
+
+.EX
+.PP
-+.B puppetmaster_initrc_exec_t
++.B mplayer_home_t
+.EE
+
-+- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain.
++- Set files with the mplayer_home_t type, if you want to store mplayer files in the users home directory.
+
+
+.EX
+.PP
-+.B puppetmaster_tmp_t
++.B mplayer_tmpfs_t
+.EE
+
-+- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories.
++- Set files with the mplayer_tmpfs_t type, if you want to store mplayer files on a tmpfs file system.
+
+
+.PP
@@ -40466,47 +47325,54 @@ index 0000000..6466e46
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
-+.PP
-+The following port types are defined for puppet:
-+
-+.EX
-+.TP 5
-+.B puppet_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 8140
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
++SELinux mplayer policy is very flexible allowing users to setup their mplayer processes in as secure a method as possible.
+.PP
-+The following process types are defined for puppet:
++The following process types are defined for mplayer:
+
+.EX
-+.B puppet_t, puppetmaster_t, puppetca_t
++.B mplayer_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mplayer_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mplayer_home_t
++
++ /home/[^/]*/\.mplayer(/.*)?
++.br
++
++.br
++.B mplayer_tmpfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -40517,9 +47383,6 @@ index 0000000..6466e46
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -40528,45 +47391,103 @@ index 0000000..6466e46
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), puppet(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mplayer(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/puppetca_selinux.8 b/man/man8/puppetca_selinux.8
+diff --git a/man/man8/mrtg_selinux.8 b/man/man8/mrtg_selinux.8
new file mode 100644
-index 0000000..65ebab6
+index 0000000..9fcd4d4
--- /dev/null
-+++ b/man/man8/puppetca_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "puppetca_selinux" "8" "puppetca" "dwalsh at redhat.com" "puppetca SELinux Policy documentation"
++++ b/man/man8/mrtg_selinux.8
+@@ -0,0 +1,201 @@
++.TH "mrtg_selinux" "8" "mrtg" "dwalsh at redhat.com" "mrtg SELinux Policy documentation"
+.SH "NAME"
-+puppetca_selinux \- Security Enhanced Linux Policy for the puppetca processes
++mrtg_selinux \- Security Enhanced Linux Policy for the mrtg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppetca processes via flexible mandatory access
++Security-Enhanced Linux secures the mrtg processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mrtg_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the mrtg_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux puppetca policy is very flexible allowing users to setup their puppetca processes in as secure a method as possible.
++SELinux mrtg policy is very flexible allowing users to setup their mrtg processes in as secure a method as possible.
+.PP
-+The following file types are defined for puppetca:
++The following file types are defined for mrtg:
+
+
+.EX
+.PP
-+.B puppetca_exec_t
++.B mrtg_etc_t
+.EE
+
-+- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain.
++- Set files with the mrtg_etc_t type, if you want to store mrtg files in the /etc directories.
++
++
++.EX
++.PP
++.B mrtg_exec_t
++.EE
++
++- Set files with the mrtg_exec_t type, if you want to transition an executable to the mrtg_t domain.
++
++
++.EX
++.PP
++.B mrtg_lock_t
++.EE
++
++- Set files with the mrtg_lock_t type, if you want to treat the files as mrtg lock data, stored under the /var/lock directory
++
++.br
++.TP 5
++Paths:
++/var/lock/mrtg(/.*)?, /etc/mrtg/mrtg\.ok
++
++.EX
++.PP
++.B mrtg_log_t
++.EE
++
++- Set files with the mrtg_log_t type, if you want to treat the data as mrtg log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B mrtg_var_lib_t
++.EE
++
++- Set files with the mrtg_var_lib_t type, if you want to store the mrtg files under the /var/lib directory.
++
++
++.EX
++.PP
++.B mrtg_var_run_t
++.EE
++
++- Set files with the mrtg_var_run_t type, if you want to store the mrtg files under the /run directory.
+
+
+.PP
@@ -40582,18 +47503,88 @@ index 0000000..65ebab6
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux puppetca policy is very flexible allowing users to setup their puppetca processes in as secure a method as possible.
++SELinux mrtg policy is very flexible allowing users to setup their mrtg processes in as secure a method as possible.
+.PP
-+The following process types are defined for puppetca:
++The following process types are defined for mrtg:
+
+.EX
-+.B puppetca_t
++.B mrtg_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mrtg_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_sys_content_t
++
++ /srv/([^/]*/)?www(/.*)?
++.br
++ /var/www(/.*)?
++.br
++ /etc/htdig(/.*)?
++.br
++ /srv/gallery2(/.*)?
++.br
++ /var/lib/trac(/.*)?
++.br
++ /var/lib/htdig(/.*)?
++.br
++ /var/www/icons(/.*)?
++.br
++ /usr/share/htdig(/.*)?
++.br
++ /usr/share/drupal.*
++.br
++ /var/www/svn/conf(/.*)?
++.br
++ /usr/share/icecast(/.*)?
++.br
++ /usr/share/mythweb(/.*)?
++.br
++ /var/lib/cacti/rra(/.*)?
++.br
++ /usr/share/ntop/html(/.*)?
++.br
++ /usr/share/mythtv/data(/.*)?
++.br
++ /usr/share/doc/ghc/html(/.*)?
++.br
++ /usr/share/openca/htdocs(/.*)?
++.br
++ /usr/share/selinux-policy[^/]*/html(/.*)?
++.br
++
++.br
++.B mrtg_lock_t
++
++ /var/lock/mrtg(/.*)?
++.br
++ /etc/mrtg/mrtg\.ok
++.br
++
++.br
++.B mrtg_log_t
++
++ /var/log/mrtg(/.*)?
++.br
++
++.br
++.B mrtg_var_lib_t
++
++ /var/lib/mrtg(/.*)?
++.br
++
++.br
++.B mrtg_var_run_t
++
++ /var/run/mrtg\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -40609,49 +47600,56 @@ index 0000000..65ebab6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/puppetmaster_selinux.8 b/man/man8/puppetmaster_selinux.8
++selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mscan_selinux.8 b/man/man8/mscan_selinux.8
new file mode 100644
-index 0000000..b491444
+index 0000000..112257e
--- /dev/null
-+++ b/man/man8/puppetmaster_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "puppetmaster_selinux" "8" "puppetmaster" "dwalsh at redhat.com" "puppetmaster SELinux Policy documentation"
++++ b/man/man8/mscan_selinux.8
+@@ -0,0 +1,181 @@
++.TH "mscan_selinux" "8" "mscan" "dwalsh at redhat.com" "mscan SELinux Policy documentation"
+.SH "NAME"
-+puppetmaster_selinux \- Security Enhanced Linux Policy for the puppetmaster processes
++mscan_selinux \- Security Enhanced Linux Policy for the mscan processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppetmaster processes via flexible mandatory access
++Security-Enhanced Linux secures the mscan processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. puppetmaster policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppetmaster with the tightest access possible.
++SELinux policy is customizable based on least access required. mscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mscan with the tightest access possible.
+
+
+.PP
-+If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
+
+.EX
-+.B setsebool -P puppetmaster_use_db 1
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
++.PP
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++
++.EX
++.B setsebool -P clamscan_can_scan_system 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the puppetmaster_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mscan_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the puppetmaster_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the mscan_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -40660,33 +47658,53 @@ index 0000000..b491444
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux puppetmaster policy is very flexible allowing users to setup their puppetmaster processes in as secure a method as possible.
++SELinux mscan policy is very flexible allowing users to setup their mscan processes in as secure a method as possible.
+.PP
-+The following file types are defined for puppetmaster:
++The following file types are defined for mscan:
+
+
+.EX
+.PP
-+.B puppetmaster_exec_t
++.B mscan_etc_t
+.EE
+
-+- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain.
++- Set files with the mscan_etc_t type, if you want to store mscan files in the /etc directories.
+
++.br
++.TP 5
++Paths:
++/etc/sysconfig/MailScanner, /etc/MailScanner(/.*)?, /etc/sysconfig/update_spamassassin
+
+.EX
+.PP
-+.B puppetmaster_initrc_exec_t
++.B mscan_exec_t
+.EE
+
-+- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain.
++- Set files with the mscan_exec_t type, if you want to transition an executable to the mscan_t domain.
+
+
+.EX
+.PP
-+.B puppetmaster_tmp_t
++.B mscan_initrc_exec_t
+.EE
+
-+- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories.
++- Set files with the mscan_initrc_exec_t type, if you want to transition an executable to the mscan_initrc_t domain.
++
++
++.EX
++.PP
++.B mscan_tmp_t
++.EE
++
++- Set files with the mscan_tmp_t type, if you want to store mscan temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B mscan_var_run_t
++.EE
++
++- Set files with the mscan_var_run_t type, if you want to store the mscan files under the /run directory.
+
+
+.PP
@@ -40702,18 +47720,54 @@ index 0000000..b491444
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux puppetmaster policy is very flexible allowing users to setup their puppetmaster processes in as secure a method as possible.
++SELinux mscan policy is very flexible allowing users to setup their mscan processes in as secure a method as possible.
+.PP
-+The following process types are defined for puppetmaster:
++The following process types are defined for mscan:
+
+.EX
-+.B puppetmaster_t
++.B mscan_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mscan_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B clamd_var_run_t
++
++ /var/run/clamd.*
++.br
++ /var/run/clamav.*
++.br
++ /var/run/amavis(d)?/clamd\.pid
++.br
++ /var/spool/MailScanner(/.*)?
++.br
++ /var/spool/amavisd/clamd\.sock
++.br
++
++.br
++.B mqueue_spool_t
++
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
++
++.br
++.B mscan_tmp_t
++
++
++.br
++.B mscan_var_run_t
++
++ /var/run/MailScanner\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -40732,40 +47786,40 @@ index 0000000..b491444
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), puppetmaster(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mscan(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/pwauth_selinux.8 b/man/man8/pwauth_selinux.8
+diff --git a/man/man8/munin_selinux.8 b/man/man8/munin_selinux.8
new file mode 100644
-index 0000000..c1ee52c
+index 0000000..e542ab5
--- /dev/null
-+++ b/man/man8/pwauth_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "pwauth_selinux" "8" "pwauth" "dwalsh at redhat.com" "pwauth SELinux Policy documentation"
++++ b/man/man8/munin_selinux.8
+@@ -0,0 +1,207 @@
++.TH "munin_selinux" "8" "munin" "dwalsh at redhat.com" "munin SELinux Policy documentation"
+.SH "NAME"
-+pwauth_selinux \- Security Enhanced Linux Policy for the pwauth processes
++munin_selinux \- Security Enhanced Linux Policy for the munin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pwauth processes via flexible mandatory access
++Security-Enhanced Linux secures the munin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pwauth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the munin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the pwauth_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the munin_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -40774,142 +47828,77 @@ index 0000000..c1ee52c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux pwauth policy is very flexible allowing users to setup their pwauth processes in as secure a method as possible.
++SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
+.PP
-+The following file types are defined for pwauth:
++The following file types are defined for munin:
+
+
+.EX
+.PP
-+.B pwauth_exec_t
++.B munin_etc_t
+.EE
+
-+- Set files with the pwauth_exec_t type, if you want to transition an executable to the pwauth_t domain.
++- Set files with the munin_etc_t type, if you want to store munin files in the /etc directories.
+
+
+.EX
+.PP
-+.B pwauth_var_run_t
++.B munin_exec_t
+.EE
+
-+- Set files with the pwauth_var_run_t type, if you want to store the pwauth files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++- Set files with the munin_exec_t type, if you want to transition an executable to the munin_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux pwauth policy is very flexible allowing users to setup their pwauth processes in as secure a method as possible.
-+.PP
-+The following process types are defined for pwauth:
++.br
++.TP 5
++Paths:
++/usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*, /usr/bin/munin-.*
+
+.EX
-+.B pwauth_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), pwauth(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/pyicqt_selinux.8 b/man/man8/pyicqt_selinux.8
-new file mode 100644
-index 0000000..5a860b7
---- /dev/null
-+++ b/man/man8/pyicqt_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "pyicqt_selinux" "8" "pyicqt" "dwalsh at redhat.com" "pyicqt SELinux Policy documentation"
-+.SH "NAME"
-+pyicqt_selinux \- Security Enhanced Linux Policy for the pyicqt processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the pyicqt processes via flexible mandatory access
-+control.
++.B munin_initrc_exec_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the munin_initrc_exec_t type, if you want to transition an executable to the munin_initrc_t domain.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pyicqt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the pyicqt_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
++.B munin_log_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux pyicqt policy is very flexible allowing users to setup their pyicqt processes in as secure a method as possible.
-+.PP
-+The following file types are defined for pyicqt:
++- Set files with the munin_log_t type, if you want to treat the data as munin log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B pyicqt_exec_t
++.B munin_plugin_state_t
+.EE
+
-+- Set files with the pyicqt_exec_t type, if you want to transition an executable to the pyicqt_t domain.
++- Set files with the munin_plugin_state_t type, if you want to treat the files as munin plugin state data.
+
+
+.EX
+.PP
-+.B pyicqt_log_t
++.B munin_tmp_t
+.EE
+
-+- Set files with the pyicqt_log_t type, if you want to treat the data as pyicqt log data, usually stored under the /var/log directory.
++- Set files with the munin_tmp_t type, if you want to store munin temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B pyicqt_var_run_t
++.B munin_var_lib_t
+.EE
+
-+- Set files with the pyicqt_var_run_t type, if you want to store the pyicqt files under the /run directory.
++- Set files with the munin_var_lib_t type, if you want to store the munin files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B pyicqt_var_spool_t
++.B munin_var_run_t
+.EE
+
-+- Set files with the pyicqt_var_spool_t type, if you want to store the pyicqt var files under the /var/spool directory.
++- Set files with the munin_var_run_t type, if you want to store the munin files under the /run directory.
+
+
+.PP
@@ -40919,24 +47908,81 @@ index 0000000..5a860b7
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
++.PP
++The following port types are defined for munin:
++
++.EX
++.TP 5
++.B munin_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 4949
++.EE
++udp 4949
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux pyicqt policy is very flexible allowing users to setup their pyicqt processes in as secure a method as possible.
++SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible.
+.PP
-+The following process types are defined for pyicqt:
++The following process types are defined for munin:
+
+.EX
-+.B pyicqt_t
++.B munin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type munin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B httpd_munin_content_t
++
++ /var/www/html/munin(/.*)?
++.br
++
++.br
++.B munin_log_t
++
++ /var/log/munin.*
++.br
++
++.br
++.B munin_tmp_t
++
++
++.br
++.B munin_var_lib_t
++
++ /var/lib/munin(/.*)?
++.br
++
++.br
++.B munin_var_run_t
++
++ /var/run/munin(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -40947,94 +47993,51 @@ index 0000000..5a860b7
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/qdiskd_selinux.8 b/man/man8/qdiskd_selinux.8
++selinux(8), munin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/mysqld_safe_selinux.8 b/man/man8/mysqld_safe_selinux.8
new file mode 100644
-index 0000000..3e46dd9
+index 0000000..bb65526
--- /dev/null
-+++ b/man/man8/qdiskd_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "qdiskd_selinux" "8" "qdiskd" "dwalsh at redhat.com" "qdiskd SELinux Policy documentation"
++++ b/man/man8/mysqld_safe_selinux.8
+@@ -0,0 +1,98 @@
++.TH "mysqld_safe_selinux" "8" "mysqld_safe" "dwalsh at redhat.com" "mysqld_safe SELinux Policy documentation"
+.SH "NAME"
-+qdiskd_selinux \- Security Enhanced Linux Policy for the qdiskd processes
++mysqld_safe_selinux \- Security Enhanced Linux Policy for the mysqld_safe processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qdiskd processes via flexible mandatory access
++Security-Enhanced Linux secures the mysqld_safe processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the qdiskd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the qdiskd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux qdiskd policy is very flexible allowing users to setup their qdiskd processes in as secure a method as possible.
++SELinux mysqld_safe policy is very flexible allowing users to setup their mysqld_safe processes in as secure a method as possible.
+.PP
-+The following file types are defined for qdiskd:
-+
-+
-+.EX
-+.PP
-+.B qdiskd_exec_t
-+.EE
-+
-+- Set files with the qdiskd_exec_t type, if you want to transition an executable to the qdiskd_t domain.
-+
-+
-+.EX
-+.PP
-+.B qdiskd_tmpfs_t
-+.EE
-+
-+- Set files with the qdiskd_tmpfs_t type, if you want to store qdiskd files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B qdiskd_var_lib_t
-+.EE
-+
-+- Set files with the qdiskd_var_lib_t type, if you want to store the qdiskd files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B qdiskd_var_log_t
-+.EE
-+
-+- Set files with the qdiskd_var_log_t type, if you want to treat the data as qdiskd var log data, usually stored under the /var/log directory.
++The following file types are defined for mysqld_safe:
+
+
+.EX
+.PP
-+.B qdiskd_var_run_t
++.B mysqld_safe_exec_t
+.EE
+
-+- Set files with the qdiskd_var_run_t type, if you want to store the qdiskd files under the /run directory.
++- Set files with the mysqld_safe_exec_t type, if you want to transition an executable to the mysqld_safe_t domain.
+
+
+.PP
@@ -41050,18 +48053,42 @@ index 0000000..3e46dd9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux qdiskd policy is very flexible allowing users to setup their qdiskd processes in as secure a method as possible.
++SELinux mysqld_safe policy is very flexible allowing users to setup their mysqld_safe processes in as secure a method as possible.
+.PP
-+The following process types are defined for qdiskd:
++The following process types are defined for mysqld_safe:
+
+.EX
-+.B qdiskd_t
++.B mysqld_safe_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mysqld_safe_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mysqld_db_t
++
++ /var/lib/mysql(/.*)?
++.br
++
++.br
++.B mysqld_log_t
++
++ /var/log/mysql.*
++.br
++
++.br
++.B mysqld_var_run_t
++
++ /var/run/mysqld(/.*)?
++.br
++ /var/lib/mysql/mysql\.sock
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41077,114 +48104,162 @@ index 0000000..3e46dd9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/qemu_selinux.8 b/man/man8/qemu_selinux.8
++selinux(8), mysqld_safe(8), semanage(8), restorecon(8), chcon(1)
++, mysqld_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/mysqld_selinux.8 b/man/man8/mysqld_selinux.8
new file mode 100644
-index 0000000..1836a66
+index 0000000..aefb125
--- /dev/null
-+++ b/man/man8/qemu_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "qemu_selinux" "8" "qemu" "dwalsh at redhat.com" "qemu SELinux Policy documentation"
++++ b/man/man8/mysqld_selinux.8
+@@ -0,0 +1,268 @@
++.TH "mysqld_selinux" "8" "mysqld" "dwalsh at redhat.com" "mysqld SELinux Policy documentation"
+.SH "NAME"
-+qemu_selinux \- Security Enhanced Linux Policy for the qemu processes
++mysqld_selinux \- Security Enhanced Linux Policy for the mysqld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qemu processes via flexible mandatory access
++Security-Enhanced Linux secures the mysqld processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. qemu policy is extremely flexible and has several booleans that allow you to manipulate the policy and run qemu with the tightest access possible.
++SELinux policy is customizable based on least access required. mysqld policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mysqld with the tightest access possible.
+
+
+.PP
-+If you want to allow qemu to use serial/parallel communication ports, you must turn on the qemu_use_comm boolean.
++If you want to allow mysqld to connect to all ports, you must turn on the mysql_connect_any boolean.
+
+.EX
-+.B setsebool -P qemu_use_comm 1
++.B setsebool -P mysql_connect_any 1
+.EE
+
+.PP
-+If you want to allow qemu to use nfs file systems, you must turn on the qemu_use_nfs boolean.
++If you want to allow users to connect to the local mysql server, you must turn on the user_mysql_connect boolean.
+
+.EX
-+.B setsebool -P qemu_use_nfs 1
++.B setsebool -P user_mysql_connect 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.PP
-+If you want to allow qemu to use usb devices, you must turn on the qemu_use_usb boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the mysqld_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P qemu_use_usb 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow qemu to connect fully to the network, you must turn on the qemu_full_network boolean.
++If you want to allow confined applications to run with kerberos for the mysqld_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P qemu_full_network 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow xend to run qemu-dm. Not required if using paravirt and no vfb, you must turn on the xend_run_qemu boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
++.PP
++The following file types are defined for mysqld:
++
+
+.EX
-+.B setsebool -P xend_run_qemu 1
++.PP
++.B mysqld_db_t
+.EE
+
++- Set files with the mysqld_db_t type, if you want to treat the files as mysqld database content.
++
++
++.EX
+.PP
-+If you want to allow qemu to use cifs/Samba file systems, you must turn on the qemu_use_cifs boolean.
++.B mysqld_etc_t
++.EE
++
++- Set files with the mysqld_etc_t type, if you want to store mysqld files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/my\.cnf, /etc/mysql(/.*)?
+
+.EX
-+.B setsebool -P qemu_use_cifs 1
++.PP
++.B mysqld_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the mysqld_exec_t type, if you want to transition an executable to the mysqld_t domain.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++.br
++.TP 5
++Paths:
++/usr/libexec/mysqld, /usr/bin/mysql_upgrade, /usr/sbin/mysqld(-max)?, /usr/sbin/ndbd
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B mysqld_home_t
++.EE
++
++- Set files with the mysqld_home_t type, if you want to store mysqld files in the users home directory.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux qemu policy is very flexible allowing users to setup their qemu processes in as secure a method as possible.
-+.PP
-+The following file types are defined for qemu:
++.B mysqld_initrc_exec_t
++.EE
++
++- Set files with the mysqld_initrc_exec_t type, if you want to transition an executable to the mysqld_initrc_t domain.
+
+
+.EX
+.PP
-+.B qemu_dm_exec_t
++.B mysqld_log_t
+.EE
+
-+- Set files with the qemu_dm_exec_t type, if you want to transition an executable to the qemu_dm_t domain.
++- Set files with the mysqld_log_t type, if you want to treat the data as mysqld log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B qemu_exec_t
++.B mysqld_safe_exec_t
+.EE
+
-+- Set files with the qemu_exec_t type, if you want to transition an executable to the qemu_t domain.
++- Set files with the mysqld_safe_exec_t type, if you want to transition an executable to the mysqld_safe_t domain.
++
++
++.EX
++.PP
++.B mysqld_tmp_t
++.EE
++
++- Set files with the mysqld_tmp_t type, if you want to store mysqld temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B mysqld_unit_file_t
++.EE
++
++- Set files with the mysqld_unit_file_t type, if you want to treat the files as mysqld unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/qemu-system-.*, /usr/libexec/qemu.*, /usr/bin/qemu, /usr/bin/qemu-kvm
+
+.EX
+.PP
-+.B qemu_var_run_t
++.B mysqld_var_run_t
+.EE
+
-+- Set files with the qemu_var_run_t type, if you want to store the qemu files under the /run directory.
++- Set files with the mysqld_var_run_t type, if you want to store the mysqld files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/libvirt/qemu(/.*)?, /var/lib/libvirt/qemu(/.*)?
++/var/run/mysqld(/.*)?, /var/lib/mysql/mysql\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -41193,24 +48268,96 @@ index 0000000..1836a66
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
++.PP
++The following port types are defined for mysqld:
++
++.EX
++.TP 5
++.B mysqld_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 1186,3306,63132-63164
++.EE
++
++.EX
++.TP 5
++.B mysqlmanagerd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 2273
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux qemu policy is very flexible allowing users to setup their qemu processes in as secure a method as possible.
++SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible.
+.PP
-+The following process types are defined for qemu:
++The following process types are defined for mysqld:
+
+.EX
-+.B qemu_dm_t
++.B mysqld_safe_t, mysqlmanagerd_t, mysqld_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type mysqld_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B hugetlbfs_t
++
++ /dev/hugepages
++.br
++ /lib/udev/devices/hugepages
++.br
++ /usr/lib/udev/devices/hugepages
++.br
++
++.br
++.B mysqld_db_t
++
++ /var/lib/mysql(/.*)?
++.br
++
++.br
++.B mysqld_log_t
++
++ /var/log/mysql.*
++.br
++
++.br
++.B mysqld_tmp_t
++
++
++.br
++.B mysqld_var_run_t
++
++ /var/run/mysqld(/.*)?
++.br
++ /var/lib/mysql/mysql\.sock
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41221,6 +48368,9 @@ index 0000000..1836a66
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -41229,195 +48379,176 @@ index 0000000..1836a66
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), qemu(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), mysqld(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), mysqld_safe_selinux(8), mysqlmanagerd_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/qmail_selinux.8 b/man/man8/qmail_selinux.8
+diff --git a/man/man8/mysqlmanagerd_selinux.8 b/man/man8/mysqlmanagerd_selinux.8
new file mode 100644
-index 0000000..05df219
+index 0000000..c4cb97f
--- /dev/null
-+++ b/man/man8/qmail_selinux.8
-@@ -0,0 +1,223 @@
-+.TH "qmail_selinux" "8" "qmail" "dwalsh at redhat.com" "qmail SELinux Policy documentation"
++++ b/man/man8/mysqlmanagerd_selinux.8
+@@ -0,0 +1,125 @@
++.TH "mysqlmanagerd_selinux" "8" "mysqlmanagerd" "dwalsh at redhat.com" "mysqlmanagerd SELinux Policy documentation"
+.SH "NAME"
-+qmail_selinux \- Security Enhanced Linux Policy for the qmail processes
++mysqlmanagerd_selinux \- Security Enhanced Linux Policy for the mysqlmanagerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qmail processes via flexible mandatory access
++Security-Enhanced Linux secures the mysqlmanagerd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the qmail_local_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the qmail_local_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux qmail policy is very flexible allowing users to setup their qmail processes in as secure a method as possible.
++SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
+.PP
-+The following file types are defined for qmail:
++The following file types are defined for mysqlmanagerd:
+
+
+.EX
+.PP
-+.B qmail_alias_home_t
++.B mysqlmanagerd_exec_t
+.EE
+
-+- Set files with the qmail_alias_home_t type, if you want to store qmail alias files in the users home directory.
++- Set files with the mysqlmanagerd_exec_t type, if you want to transition an executable to the mysqlmanagerd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/qmail/alias, /var/qmail/alias(/.*)?
+
+.EX
+.PP
-+.B qmail_clean_exec_t
++.B mysqlmanagerd_initrc_exec_t
+.EE
+
-+- Set files with the qmail_clean_exec_t type, if you want to transition an executable to the qmail_clean_t domain.
++- Set files with the mysqlmanagerd_initrc_exec_t type, if you want to transition an executable to the mysqlmanagerd_initrc_t domain.
+
+
+.EX
+.PP
-+.B qmail_etc_t
++.B mysqlmanagerd_var_run_t
+.EE
+
-+- Set files with the qmail_etc_t type, if you want to store qmail files in the /etc directories.
++- Set files with the mysqlmanagerd_var_run_t type, if you want to store the mysqlmanagerd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/qmail/owners(/.*)?, /var/qmail/control(/.*)?
+
-+.EX
+.PP
-+.B qmail_exec_t
-+.EE
-+
-+- Set files with the qmail_exec_t type, if you want to transition an executable to the qmail_t domain.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B qmail_inject_exec_t
-+.EE
-+
-+- Set files with the qmail_inject_exec_t type, if you want to transition an executable to the qmail_inject_t domain.
++You can see the types associated with a port by using the following command:
+
++.B semanage port -l
+
-+.EX
+.PP
-+.B qmail_keytab_t
-+.EE
-+
-+- Set files with the qmail_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
++Policy governs the access confined processes have to these ports.
++SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
++.PP
++The following port types are defined for mysqlmanagerd:
+
+.EX
-+.PP
-+.B qmail_local_exec_t
++.TP 5
++.B mysqlmanagerd_port_t
++.TP 10
+.EE
+
-+- Set files with the qmail_local_exec_t type, if you want to transition an executable to the qmail_local_t domain.
+
++Default Defined Ports:
++tcp 2273
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible.
++.PP
++The following process types are defined for mysqlmanagerd:
+
+.EX
-+.PP
-+.B qmail_lspawn_exec_t
++.B mysqlmanagerd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the qmail_lspawn_exec_t type, if you want to transition an executable to the qmail_lspawn_t domain.
-+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B qmail_queue_exec_t
-+.EE
++The SELinux user type mysqlmanagerd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the qmail_queue_exec_t type, if you want to transition an executable to the qmail_queue_t domain.
++.br
++.B mysqlmanagerd_var_run_t
+
++ /var/run/mysqld/mysqlmanager.*
++.br
+
-+.EX
-+.PP
-+.B qmail_remote_exec_t
-+.EE
-+
-+- Set files with the qmail_remote_exec_t type, if you want to transition an executable to the qmail_remote_t domain.
-+
-+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B qmail_rspawn_exec_t
-+.EE
-+
-+- Set files with the qmail_rspawn_exec_t type, if you want to transition an executable to the qmail_rspawn_t domain.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B qmail_send_exec_t
-+.EE
-+
-+- Set files with the qmail_send_exec_t type, if you want to transition an executable to the qmail_send_t domain.
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
+
-+.EX
+.PP
-+.B qmail_smtpd_exec_t
-+.EE
-+
-+- Set files with the qmail_smtpd_exec_t type, if you want to transition an executable to the qmail_smtpd_t domain.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B qmail_splogger_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nagios_admin_plugin_selinux.8 b/man/man8/nagios_admin_plugin_selinux.8
+new file mode 100644
+index 0000000..0c5ebc6
+--- /dev/null
++++ b/man/man8/nagios_admin_plugin_selinux.8
+@@ -0,0 +1,78 @@
++.TH "nagios_admin_plugin_selinux" "8" "nagios_admin_plugin" "dwalsh at redhat.com" "nagios_admin_plugin SELinux Policy documentation"
++.SH "NAME"
++nagios_admin_plugin_selinux \- Security Enhanced Linux Policy for the nagios_admin_plugin processes
++.SH "DESCRIPTION"
+
-+- Set files with the qmail_splogger_exec_t type, if you want to transition an executable to the qmail_splogger_t domain.
++Security-Enhanced Linux secures the nagios_admin_plugin processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B qmail_spool_t
-+.EE
-+
-+- Set files with the qmail_spool_t type, if you want to store the qmail files under the /var/spool directory.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B qmail_start_exec_t
-+.EE
-+
-+- Set files with the qmail_start_exec_t type, if you want to transition an executable to the qmail_start_t domain.
++Policy governs the access confined processes have to these files.
++SELinux nagios_admin_plugin policy is very flexible allowing users to setup their nagios_admin_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for nagios_admin_plugin:
+
+
+.EX
+.PP
-+.B qmail_tcp_env_exec_t
++.B nagios_admin_plugin_exec_t
+.EE
+
-+- Set files with the qmail_tcp_env_exec_t type, if you want to transition an executable to the qmail_tcp_env_t domain.
++- Set files with the nagios_admin_plugin_exec_t type, if you want to transition an executable to the nagios_admin_plugin_t domain.
+
+
+.PP
@@ -41433,18 +48564,22 @@ index 0000000..05df219
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux qmail policy is very flexible allowing users to setup their qmail processes in as secure a method as possible.
++SELinux nagios_admin_plugin policy is very flexible allowing users to setup their nagios_admin_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for qmail:
++The following process types are defined for nagios_admin_plugin:
+
+.EX
-+.B qmail_tcp_env_t, qmail_rspawn_t, qmail_inject_t, qmail_lspawn_t, qmail_clean_t, qmail_local_t, qmail_smtpd_t, qmail_start_t, qmail_send_t, qmail_remote_t, qmail_queue_t, qmail_splogger_t
++.B nagios_admin_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_admin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41460,22 +48595,24 @@ index 0000000..05df219
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), qmail(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/qpidd_selinux.8 b/man/man8/qpidd_selinux.8
++selinux(8), nagios_admin_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_checkdisk_plugin_selinux.8 b/man/man8/nagios_checkdisk_plugin_selinux.8
new file mode 100644
-index 0000000..a11b85c
+index 0000000..27a6d67
--- /dev/null
-+++ b/man/man8/qpidd_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "qpidd_selinux" "8" "qpidd" "dwalsh at redhat.com" "qpidd SELinux Policy documentation"
++++ b/man/man8/nagios_checkdisk_plugin_selinux.8
+@@ -0,0 +1,82 @@
++.TH "nagios_checkdisk_plugin_selinux" "8" "nagios_checkdisk_plugin" "dwalsh at redhat.com" "nagios_checkdisk_plugin SELinux Policy documentation"
+.SH "NAME"
-+qpidd_selinux \- Security Enhanced Linux Policy for the qpidd processes
++nagios_checkdisk_plugin_selinux \- Security Enhanced Linux Policy for the nagios_checkdisk_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qpidd processes via flexible mandatory access
++Security-Enhanced Linux secures the nagios_checkdisk_plugin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -41486,54 +48623,22 @@ index 0000000..a11b85c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux qpidd policy is very flexible allowing users to setup their qpidd processes in as secure a method as possible.
++SELinux nagios_checkdisk_plugin policy is very flexible allowing users to setup their nagios_checkdisk_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for qpidd:
-+
-+
-+.EX
-+.PP
-+.B qpidd_exec_t
-+.EE
-+
-+- Set files with the qpidd_exec_t type, if you want to transition an executable to the qpidd_t domain.
-+
-+
-+.EX
-+.PP
-+.B qpidd_initrc_exec_t
-+.EE
-+
-+- Set files with the qpidd_initrc_exec_t type, if you want to transition an executable to the qpidd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B qpidd_tmpfs_t
-+.EE
-+
-+- Set files with the qpidd_tmpfs_t type, if you want to store qpidd files on a tmpfs file system.
-+
-+
-+.EX
-+.PP
-+.B qpidd_var_lib_t
-+.EE
-+
-+- Set files with the qpidd_var_lib_t type, if you want to store the qpidd files under the /var/lib directory.
++The following file types are defined for nagios_checkdisk_plugin:
+
+
+.EX
+.PP
-+.B qpidd_var_run_t
++.B nagios_checkdisk_plugin_exec_t
+.EE
+
-+- Set files with the qpidd_var_run_t type, if you want to store the qpidd files under the /run directory.
++- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/qpidd(/.*)?, /var/run/qpidd\.pid
++/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -41548,18 +48653,22 @@ index 0000000..a11b85c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux qpidd policy is very flexible allowing users to setup their qpidd processes in as secure a method as possible.
++SELinux nagios_checkdisk_plugin policy is very flexible allowing users to setup their nagios_checkdisk_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for qpidd:
++The following process types are defined for nagios_checkdisk_plugin:
+
+.EX
-+.B qpidd_t
++.B nagios_checkdisk_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_checkdisk_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41575,143 +48684,181 @@ index 0000000..a11b85c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/quantum_selinux.8 b/man/man8/quantum_selinux.8
++selinux(8), nagios_checkdisk_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_eventhandler_plugin_selinux.8 b/man/man8/nagios_eventhandler_plugin_selinux.8
new file mode 100644
-index 0000000..79f1f0d
+index 0000000..b5cd0c2
--- /dev/null
-+++ b/man/man8/quantum_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "quantum_selinux" "8" "quantum" "dwalsh at redhat.com" "quantum SELinux Policy documentation"
++++ b/man/man8/nagios_eventhandler_plugin_selinux.8
+@@ -0,0 +1,98 @@
++.TH "nagios_eventhandler_plugin_selinux" "8" "nagios_eventhandler_plugin" "dwalsh at redhat.com" "nagios_eventhandler_plugin SELinux Policy documentation"
+.SH "NAME"
-+quantum_selinux \- Security Enhanced Linux Policy for the quantum processes
++nagios_eventhandler_plugin_selinux \- Security Enhanced Linux Policy for the nagios_eventhandler_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the quantum processes via flexible mandatory access
++Security-Enhanced Linux secures the nagios_eventhandler_plugin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the quantum_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the quantum_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++SELinux nagios_eventhandler_plugin policy is very flexible allowing users to setup their nagios_eventhandler_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for quantum:
++The following file types are defined for nagios_eventhandler_plugin:
+
+
+.EX
+.PP
-+.B quantum_exec_t
++.B nagios_eventhandler_plugin_exec_t
+.EE
+
-+- Set files with the quantum_exec_t type, if you want to transition an executable to the quantum_t domain.
++- Set files with the nagios_eventhandler_plugin_exec_t type, if you want to transition an executable to the nagios_eventhandler_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/quantum-openvswitch-agent, /usr/bin/quantum-server, /usr/bin/quantum-ryu-agent, /usr/bin/quantum-linuxbridge-agent
+
+.EX
+.PP
-+.B quantum_log_t
++.B nagios_eventhandler_plugin_tmp_t
+.EE
+
-+- Set files with the quantum_log_t type, if you want to treat the data as quantum log data, usually stored under the /var/log directory.
++- Set files with the nagios_eventhandler_plugin_tmp_t type, if you want to store nagios eventhandler plugin temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B quantum_tmp_t
-+.EE
-+
-+- Set files with the quantum_tmp_t type, if you want to store quantum temporary files in the /tmp directories.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux nagios_eventhandler_plugin policy is very flexible allowing users to setup their nagios_eventhandler_plugin processes in as secure a method as possible.
++.PP
++The following process types are defined for nagios_eventhandler_plugin:
+
+.EX
-+.PP
-+.B quantum_unit_file_t
++.B nagios_eventhandler_plugin_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the quantum_unit_file_t type, if you want to treat the files as quantum unit content.
++.SH "MANAGED FILES"
+
++The SELinux user type nagios_eventhandler_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B quantum_var_lib_t
-+.EE
++.br
++.B nagios_eventhandler_plugin_tmp_t
+
-+- Set files with the quantum_var_lib_t type, if you want to store the quantum files under the /var/lib directory.
+
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
+.PP
-+You can see the types associated with a port by using the following command:
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.B semanage port -l
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nagios_eventhandler_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_mail_plugin_selinux.8 b/man/man8/nagios_mail_plugin_selinux.8
+new file mode 100644
+index 0000000..6d9ae28
+--- /dev/null
++++ b/man/man8/nagios_mail_plugin_selinux.8
+@@ -0,0 +1,78 @@
++.TH "nagios_mail_plugin_selinux" "8" "nagios_mail_plugin" "dwalsh at redhat.com" "nagios_mail_plugin SELinux Policy documentation"
++.SH "NAME"
++nagios_mail_plugin_selinux \- Security Enhanced Linux Policy for the nagios_mail_plugin processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the nagios_mail_plugin processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux nagios_mail_plugin policy is very flexible allowing users to setup their nagios_mail_plugin processes in as secure a method as possible.
+.PP
-+The following port types are defined for quantum:
++The following file types are defined for nagios_mail_plugin:
++
+
+.EX
-+.TP 5
-+.B quantum_port_t
-+.TP 10
++.PP
++.B nagios_mail_plugin_exec_t
+.EE
+
++- Set files with the nagios_mail_plugin_exec_t type, if you want to transition an executable to the nagios_mail_plugin_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+Default Defined Ports:
-+tcp 9696
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++SELinux nagios_mail_plugin policy is very flexible allowing users to setup their nagios_mail_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for quantum:
++The following process types are defined for nagios_mail_plugin:
+
+.EX
-+.B quantum_t
++.B nagios_mail_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_mail_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41722,46 +48869,45 @@ index 0000000..79f1f0d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), quantum(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/quota_selinux.8 b/man/man8/quota_selinux.8
++selinux(8), nagios_mail_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_selinux.8 b/man/man8/nagios_selinux.8
new file mode 100644
-index 0000000..f36de79
+index 0000000..65258c7
--- /dev/null
-+++ b/man/man8/quota_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "quota_selinux" "8" "quota" "dwalsh at redhat.com" "quota SELinux Policy documentation"
++++ b/man/man8/nagios_selinux.8
+@@ -0,0 +1,264 @@
++.TH "nagios_selinux" "8" "nagios" "dwalsh at redhat.com" "nagios SELinux Policy documentation"
+.SH "NAME"
-+quota_selinux \- Security Enhanced Linux Policy for the quota processes
++nagios_selinux \- Security Enhanced Linux Policy for the nagios processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the quota processes via flexible mandatory access
++Security-Enhanced Linux secures the nagios processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the quota_nld_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nagios_services_plugin_t, nagios_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the quota_nld_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nagios_services_plugin_t, nagios_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -41770,160 +48916,165 @@ index 0000000..f36de79
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux quota policy is very flexible allowing users to setup their quota processes in as secure a method as possible.
++SELinux nagios policy is very flexible allowing users to setup their nagios processes in as secure a method as possible.
+.PP
-+The following file types are defined for quota:
++The following file types are defined for nagios:
+
+
+.EX
+.PP
-+.B quota_db_t
++.B nagios_admin_plugin_exec_t
+.EE
+
-+- Set files with the quota_db_t type, if you want to treat the files as quota database content.
++- Set files with the nagios_admin_plugin_exec_t type, if you want to transition an executable to the nagios_admin_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/boot/a?quota\.(user|group), /etc/a?quota\.(user|group), /var/lib/stickshift/a?quota\.(user|group), /a?quota\.(user|group), /var/a?quota\.(user|group), /var/spool/(.*/)?a?quota\.(user|group)
+
+.EX
+.PP
-+.B quota_exec_t
++.B nagios_checkdisk_plugin_exec_t
+.EE
+
-+- Set files with the quota_exec_t type, if you want to transition an executable to the quota_t domain.
++- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/convertquota, /usr/sbin/quota(check|on), /sbin/quota(check|on)
++/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
+
+.EX
+.PP
-+.B quota_flag_t
++.B nagios_etc_t
+.EE
+
-+- Set files with the quota_flag_t type, if you want to treat the files as quota flag data.
++- Set files with the nagios_etc_t type, if you want to store nagios files in the /etc directories.
+
+
+.EX
+.PP
-+.B quota_nld_exec_t
++.B nagios_eventhandler_plugin_exec_t
+.EE
+
-+- Set files with the quota_nld_exec_t type, if you want to transition an executable to the quota_nld_t domain.
++- Set files with the nagios_eventhandler_plugin_exec_t type, if you want to transition an executable to the nagios_eventhandler_plugin_t domain.
+
+
+.EX
+.PP
-+.B quota_nld_var_run_t
++.B nagios_eventhandler_plugin_tmp_t
+.EE
+
-+- Set files with the quota_nld_var_run_t type, if you want to store the quota nld files under the /run directory.
++- Set files with the nagios_eventhandler_plugin_tmp_t type, if you want to store nagios eventhandler plugin temporary files in the /tmp directories.
+
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B nagios_exec_t
++.EE
++
++- Set files with the nagios_exec_t type, if you want to transition an executable to the nagios_t domain.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux quota policy is very flexible allowing users to setup their quota processes in as secure a method as possible.
-+.PP
-+The following process types are defined for quota:
+
+.EX
-+.B quota_t, quota_nld_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B nagios_initrc_exec_t
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
++- Set files with the nagios_initrc_exec_t type, if you want to transition an executable to the nagios_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/nagios, /etc/rc\.d/init\.d/nrpe
++
++.EX
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.B nagios_log_t
++.EE
++
++- Set files with the nagios_log_t type, if you want to treat the data as nagios log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/netsaint(/.*)?, /var/log/nagios(/.*)?
++
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B nagios_mail_plugin_exec_t
++.EE
++
++- Set files with the nagios_mail_plugin_exec_t type, if you want to transition an executable to the nagios_mail_plugin_t domain.
++
+
++.EX
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.B nagios_services_plugin_exec_t
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain.
+
-+.SH "SEE ALSO"
-+selinux(8), quota(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rabbitmq_selinux.8 b/man/man8/rabbitmq_selinux.8
-new file mode 100644
-index 0000000..48bea51
---- /dev/null
-+++ b/man/man8/rabbitmq_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "rabbitmq_selinux" "8" "rabbitmq" "dwalsh at redhat.com" "rabbitmq SELinux Policy documentation"
-+.SH "NAME"
-+rabbitmq_selinux \- Security Enhanced Linux Policy for the rabbitmq processes
-+.SH "DESCRIPTION"
++.br
++.TP 5
++Paths:
++/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/
lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping
+
-+Security-Enhanced Linux secures the rabbitmq processes via flexible mandatory access
-+control.
++.EX
++.PP
++.B nagios_spool_t
++.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the nagios_spool_t type, if you want to store the nagios files under the /var/spool directory.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B nagios_system_plugin_exec_t
++.EE
++
++- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux rabbitmq policy is very flexible allowing users to setup their rabbitmq processes in as secure a method as possible.
-+.PP
-+The following file types are defined for rabbitmq:
++.B nagios_system_plugin_tmp_t
++.EE
++
++- Set files with the nagios_system_plugin_tmp_t type, if you want to store nagios system plugin temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rabbitmq_beam_exec_t
++.B nagios_tmp_t
+.EE
+
-+- Set files with the rabbitmq_beam_exec_t type, if you want to transition an executable to the rabbitmq_beam_t domain.
++- Set files with the nagios_tmp_t type, if you want to store nagios temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rabbitmq_epmd_exec_t
++.B nagios_unconfined_plugin_exec_t
+.EE
+
-+- Set files with the rabbitmq_epmd_exec_t type, if you want to transition an executable to the rabbitmq_epmd_t domain.
++- Set files with the nagios_unconfined_plugin_exec_t type, if you want to transition an executable to the nagios_unconfined_plugin_t domain.
+
+
+.EX
+.PP
-+.B rabbitmq_var_lib_t
++.B nagios_var_lib_t
+.EE
+
-+- Set files with the rabbitmq_var_lib_t type, if you want to store the rabbitmq files under the /var/lib directory.
++- Set files with the nagios_var_lib_t type, if you want to store the nagios files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B rabbitmq_var_log_t
++.B nagios_var_run_t
+.EE
+
-+- Set files with the rabbitmq_var_log_t type, if you want to treat the data as rabbitmq var log data, usually stored under the /var/log directory.
++- Set files with the nagios_var_run_t type, if you want to store the nagios files under the /run directory.
+
+
+.PP
@@ -41939,18 +49090,46 @@ index 0000000..48bea51
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rabbitmq policy is very flexible allowing users to setup their rabbitmq processes in as secure a method as possible.
++SELinux nagios policy is very flexible allowing users to setup their nagios processes in as secure a method as possible.
+.PP
-+The following process types are defined for rabbitmq:
++The following process types are defined for nagios:
+
+.EX
-+.B rabbitmq_beam_t, rabbitmq_epmd_t
++.B nagios_t, nagios_mail_plugin_t, nagios_checkdisk_plugin_t, nagios_services_plugin_t, nagios_eventhandler_plugin_t, nagios_system_plugin_t, nagios_unconfined_plugin_t, nagios_admin_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nagios_log_t
++
++ /var/log/nagios(/.*)?
++.br
++ /var/log/netsaint(/.*)?
++.br
++
++.br
++.B nagios_tmp_t
++
++
++.br
++.B nagios_var_lib_t
++
++ /usr/lib/pnp4nagios(/.*)?
++.br
++
++.br
++.B nagios_var_run_t
++
++ /var/run/nagios.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -41966,49 +49145,40 @@ index 0000000..48bea51
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rabbitmq(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/racoon_selinux.8 b/man/man8/racoon_selinux.8
++selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1)
++, nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_services_plugin_selinux.8 b/man/man8/nagios_services_plugin_selinux.8
new file mode 100644
-index 0000000..5b2cad0
+index 0000000..544779b
--- /dev/null
-+++ b/man/man8/racoon_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "racoon_selinux" "8" "racoon" "dwalsh at redhat.com" "racoon SELinux Policy documentation"
++++ b/man/man8/nagios_services_plugin_selinux.8
+@@ -0,0 +1,96 @@
++.TH "nagios_services_plugin_selinux" "8" "nagios_services_plugin" "dwalsh at redhat.com" "nagios_services_plugin SELinux Policy documentation"
+.SH "NAME"
-+racoon_selinux \- Security Enhanced Linux Policy for the racoon processes
++nagios_services_plugin_selinux \- Security Enhanced Linux Policy for the nagios_services_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the racoon processes via flexible mandatory access
++Security-Enhanced Linux secures the nagios_services_plugin processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. racoon policy is extremely flexible and has several booleans that allow you to manipulate the policy and run racoon with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow racoon to read shadow, you must turn on the racoon_read_shadow boolean.
-+
-+.EX
-+.B setsebool -P racoon_read_shadow 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the racoon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nagios_services_plugin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the racoon_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nagios_services_plugin_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -42017,26 +49187,22 @@ index 0000000..5b2cad0
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux racoon policy is very flexible allowing users to setup their racoon processes in as secure a method as possible.
++SELinux nagios_services_plugin policy is very flexible allowing users to setup their nagios_services_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for racoon:
-+
-+
-+.EX
-+.PP
-+.B racoon_exec_t
-+.EE
-+
-+- Set files with the racoon_exec_t type, if you want to transition an executable to the racoon_t domain.
++The following file types are defined for nagios_services_plugin:
+
+
+.EX
+.PP
-+.B racoon_tmp_t
++.B nagios_services_plugin_exec_t
+.EE
+
-+- Set files with the racoon_tmp_t type, if you want to store racoon temporary files in the /tmp directories.
++- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/
lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42051,18 +49217,22 @@ index 0000000..5b2cad0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux racoon policy is very flexible allowing users to setup their racoon processes in as secure a method as possible.
++SELinux nagios_services_plugin policy is very flexible allowing users to setup their nagios_services_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for racoon:
++The following process types are defined for nagios_services_plugin:
+
+.EX
-+.B racoon_t
++.B nagios_services_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_services_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42073,139 +49243,152 @@ index 0000000..5b2cad0
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), racoon(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), nagios_services_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/radiusd_selinux.8 b/man/man8/radiusd_selinux.8
+diff --git a/man/man8/nagios_system_plugin_selinux.8 b/man/man8/nagios_system_plugin_selinux.8
new file mode 100644
-index 0000000..5e2ca22
+index 0000000..ff562e3
--- /dev/null
-+++ b/man/man8/radiusd_selinux.8
-@@ -0,0 +1,188 @@
-+.TH "radiusd_selinux" "8" "radiusd" "dwalsh at redhat.com" "radiusd SELinux Policy documentation"
++++ b/man/man8/nagios_system_plugin_selinux.8
+@@ -0,0 +1,94 @@
++.TH "nagios_system_plugin_selinux" "8" "nagios_system_plugin" "dwalsh at redhat.com" "nagios_system_plugin SELinux Policy documentation"
+.SH "NAME"
-+radiusd_selinux \- Security Enhanced Linux Policy for the radiusd processes
++nagios_system_plugin_selinux \- Security Enhanced Linux Policy for the nagios_system_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the radiusd processes via flexible mandatory access
++Security-Enhanced Linux secures the nagios_system_plugin processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. radiusd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run radiusd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to login using a radius server, you must turn on the authlogin_radius boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux nagios_system_plugin policy is very flexible allowing users to setup their nagios_system_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for nagios_system_plugin:
++
+
+.EX
-+.B setsebool -P authlogin_radius 1
++.PP
++.B nagios_system_plugin_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the radiusd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B nagios_system_plugin_tmp_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the radiusd_t, you must turn on the kerberos_enabled boolean.
++- Set files with the nagios_system_plugin_tmp_t type, if you want to store nagios system plugin temporary files in the /tmp directories.
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux nagios_system_plugin policy is very flexible allowing users to setup their nagios_system_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for radiusd:
-+
++The following process types are defined for nagios_system_plugin:
+
+.EX
-+.PP
-+.B radiusd_etc_rw_t
++.B nagios_system_plugin_t
+.EE
-+
-+- Set files with the radiusd_etc_rw_t type, if you want to treat the files as radiusd etc read/write content.
-+
-+
-+.EX
+.PP
-+.B radiusd_etc_t
-+.EE
-+
-+- Set files with the radiusd_etc_t type, if you want to store radiusd files in the /etc directories.
-+
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.PP
-+.B radiusd_exec_t
-+.EE
++.SH "MANAGED FILES"
+
-+- Set files with the radiusd_exec_t type, if you want to transition an executable to the radiusd_t domain.
++The SELinux user type nagios_system_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/freeradius, /etc/cron\.(daily|monthly)/radiusd, /usr/sbin/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius
++.B nagios_system_plugin_tmp_t
+
-+.EX
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B radiusd_initrc_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the radiusd_initrc_exec_t type, if you want to transition an executable to the radiusd_initrc_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B radiusd_log_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), nagios_system_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nagios_unconfined_plugin_selinux.8 b/man/man8/nagios_unconfined_plugin_selinux.8
+new file mode 100644
+index 0000000..a87b21c
+--- /dev/null
++++ b/man/man8/nagios_unconfined_plugin_selinux.8
+@@ -0,0 +1,78 @@
++.TH "nagios_unconfined_plugin_selinux" "8" "nagios_unconfined_plugin" "dwalsh at redhat.com" "nagios_unconfined_plugin SELinux Policy documentation"
++.SH "NAME"
++nagios_unconfined_plugin_selinux \- Security Enhanced Linux Policy for the nagios_unconfined_plugin processes
++.SH "DESCRIPTION"
+
-+- Set files with the radiusd_log_t type, if you want to treat the data as radiusd log data, usually stored under the /var/log directory.
++Security-Enhanced Linux secures the nagios_unconfined_plugin processes via flexible mandatory access
++control.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/radacct(/.*)?, /var/log/radiusd-freeradius(/.*)?, /var/log/radius\.log.*, /var/log/radutmp, /var/log/radwtmp.*, /var/log/radius(/.*)?, /var/log/freeradius(/.*)?
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B radiusd_var_lib_t
-+.EE
-+
-+- Set files with the radiusd_var_lib_t type, if you want to store the radiusd files under the /var/lib directory.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux nagios_unconfined_plugin policy is very flexible allowing users to setup their nagios_unconfined_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for nagios_unconfined_plugin:
+
+
+.EX
+.PP
-+.B radiusd_var_run_t
++.B nagios_unconfined_plugin_exec_t
+.EE
+
-+- Set files with the radiusd_var_run_t type, if you want to store the radiusd files under the /run directory.
++- Set files with the nagios_unconfined_plugin_exec_t type, if you want to transition an executable to the nagios_unconfined_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/radiusd\.pid, /var/run/radiusd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42214,47 +49397,28 @@ index 0000000..5e2ca22
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for radiusd:
-+
-+.EX
-+.TP 5
-+.B radius_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 1645,1812
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
++SELinux nagios_unconfined_plugin policy is very flexible allowing users to setup their nagios_unconfined_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for radiusd:
++The following process types are defined for nagios_unconfined_plugin:
+
+.EX
-+.B radiusd_t
++.B nagios_unconfined_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nagios_unconfined_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42265,51 +49429,81 @@ index 0000000..5e2ca22
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), radiusd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), nagios_unconfined_plugin(8), semanage(8), restorecon(8), chcon(1)
++, nagios_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/radvd_selinux.8 b/man/man8/radvd_selinux.8
-new file mode 100644
-index 0000000..51248cc
---- /dev/null
-+++ b/man/man8/radvd_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "radvd_selinux" "8" "radvd" "dwalsh at redhat.com" "radvd SELinux Policy documentation"
-+.SH "NAME"
-+radvd_selinux \- Security Enhanced Linux Policy for the radvd processes
-+.SH "DESCRIPTION"
+diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
+index fce0b48..653194b 100644
+--- a/man/man8/named_selinux.8
++++ b/man/man8/named_selinux.8
+@@ -1,30 +1,269 @@
+-.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
+-.de EX
+-.nf
+-.ft CW
+-..
+-.de EE
+-.ft R
+-.fi
+-..
++.TH "named_selinux" "8" "named" "dwalsh at redhat.com" "named SELinux Policy documentation"
+ .SH "NAME"
+-named_selinux \- Security Enhanced Linux Policy for the Internet Name server (named) daemon
++named_selinux \- Security Enhanced Linux Policy for the named processes
+ .SH "DESCRIPTION"
+
+-Security-Enhanced Linux secures the named server via flexible mandatory access
++Security-Enhanced Linux secures the named processes via flexible mandatory access
+ control.
+
-+Security-Enhanced Linux secures the radvd processes via flexible mandatory access
-+control.
+ .SH BOOLEANS
+-SELinux policy is customizable based on least access required. So by
+-default SELinux policy does not allow named to write master zone files. If you want to have named update the master zone files you need to set the named_write_master_zones boolean.
++SELinux policy is customizable based on least access required. named policy is extremely flexible and has several booleans that allow you to manipulate the policy and run named with the tightest access possible.
++
++
++.PP
++If you want to allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers, you must turn on the named_write_master_zones boolean.
++
+ .EX
+-setsebool -P named_write_master_zones 1
++.B setsebool -P named_write_master_zones 1
+ .EE
++
+ .PP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
+
+-.SH "SEE ALSO"
+-selinux(8), named(8), chcon(1), setsebool(8)
++.EX
++.B setsebool -P named_bind_http_port 1
++.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the radvd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the namespace_init_t, named_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the radvd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the namespace_init_t, named_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -42318,129 +49512,130 @@ index 0000000..51248cc
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux radvd policy is very flexible allowing users to setup their radvd processes in as secure a method as possible.
++SELinux named policy is very flexible allowing users to setup their named processes in as secure a method as possible.
+.PP
-+The following file types are defined for radvd:
++The following file types are defined for named:
+
+
+.EX
+.PP
-+.B radvd_etc_t
++.B named_cache_t
+.EE
+
-+- Set files with the radvd_etc_t type, if you want to store radvd files in the /etc directories.
++- Set files with the named_cache_t type, if you want to store the files under the /var/cache directory.
+
++.br
++.TP 5
++Paths:
++/var/named/chroot/var/named/data(/.*)?, /var/named/chroot/var/tmp(/.*)?, /var/named/data(/.*)?, /var/named/chroot/var/named/slaves(/.*)?, /var/named/dynamic(/.*)?, /var/named/slaves(/.*)?, /var/named/chroot/var/named/dynamic(/.*)?
+
+.EX
+.PP
-+.B radvd_exec_t
++.B named_checkconf_exec_t
+.EE
+
-+- Set files with the radvd_exec_t type, if you want to transition an executable to the radvd_t domain.
++- Set files with the named_checkconf_exec_t type, if you want to transition an executable to the named_checkconf_t domain.
+
+
+.EX
+.PP
-+.B radvd_initrc_exec_t
++.B named_conf_t
+.EE
+
-+- Set files with the radvd_initrc_exec_t type, if you want to transition an executable to the radvd_initrc_t domain.
++- Set files with the named_conf_t type, if you want to treat the files as named configuration data, usually stored under the /etc directory.
+
++.br
++.TP 5
++Paths:
++/var/named/chroot/etc/named\.root\.hints, /var/named/chroot(/.*)?, /var/named/named\.ca, /etc/unbound(/.*)?, /var/named/chroot/etc/named\.caching-nameserver\.conf, /etc/named\.rfc1912.zones, /etc/named\.caching-nameserver\.conf, /etc/named\.conf, /var/named/chroot/var/named/named\.ca, /var/named/chroot/etc/named\.conf, /etc/rndc.*, /var/named/chroot/etc/named\.rfc1912.zones, /etc/named\.root\.hints
+
+.EX
+.PP
-+.B radvd_var_run_t
++.B named_exec_t
+.EE
+
-+- Set files with the radvd_var_run_t type, if you want to store the radvd files under the /run directory.
++- Set files with the named_exec_t type, if you want to transition an executable to the named_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/radvd(/.*)?, /var/run/radvd\.pid
++/usr/sbin/lwresd, /usr/sbin/named, /usr/sbin/unbound
+
++.EX
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B named_initrc_exec_t
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux radvd policy is very flexible allowing users to setup their radvd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for radvd:
++- Set files with the named_initrc_exec_t type, if you want to transition an executable to the named_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound
+
+.EX
-+.B radvd_t
-+.EE
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B named_keytab_t
++.EE
+
++- Set files with the named_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++.EX
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.B named_log_t
++.EE
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++- Set files with the named_log_t type, if you want to treat the data as named log data, usually stored under the /var/log directory.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.TP 5
++Paths:
++/var/log/named.*, /var/named/chroot/var/log/named.*
+
-+.SH "SEE ALSO"
-+selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rdisc_selinux.8 b/man/man8/rdisc_selinux.8
-new file mode 100644
-index 0000000..91fd7f7
---- /dev/null
-+++ b/man/man8/rdisc_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "rdisc_selinux" "8" "rdisc" "dwalsh at redhat.com" "rdisc SELinux Policy documentation"
-+.SH "NAME"
-+rdisc_selinux \- Security Enhanced Linux Policy for the rdisc processes
-+.SH "DESCRIPTION"
++.EX
++.PP
++.B named_tmp_t
++.EE
+
-+Security-Enhanced Linux secures the rdisc processes via flexible mandatory access
-+control.
++- Set files with the named_tmp_t type, if you want to store named temporary files in the /tmp directories.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B named_unit_file_t
++.EE
++
++- Set files with the named_unit_file_t type, if you want to treat the files as named unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/unbound.*, /usr/lib/systemd/system/named.*
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux rdisc policy is very flexible allowing users to setup their rdisc processes in as secure a method as possible.
-+.PP
-+The following file types are defined for rdisc:
++.B named_var_run_t
++.EE
++
++- Set files with the named_var_run_t type, if you want to store the named files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/named/chroot/var/run/named.*, /var/run/ndc, /var/run/bind(/.*)?, /var/run/named(/.*)?, /var/run/unbound(/.*)?
+
+.EX
+.PP
-+.B rdisc_exec_t
++.B named_zone_t
+.EE
+
-+- Set files with the rdisc_exec_t type, if you want to transition an executable to the rdisc_t domain.
++- Set files with the named_zone_t type, if you want to treat the files as named zone data.
+
+.br
+.TP 5
+Paths:
-+/sbin/rdisc, /usr/sbin/rdisc
++/var/named/chroot/var/named(/.*)?, /var/named(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42455,18 +49650,66 @@ index 0000000..91fd7f7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rdisc policy is very flexible allowing users to setup their rdisc processes in as secure a method as possible.
++SELinux named policy is very flexible allowing users to setup their named processes in as secure a method as possible.
+.PP
-+The following process types are defined for rdisc:
++The following process types are defined for named:
+
+.EX
-+.B rdisc_t
++.B named_t, namespace_init_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type named_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B named_cache_t
++
++ /var/named/data(/.*)?
++.br
++ /var/named/slaves(/.*)?
++.br
++ /var/named/dynamic(/.*)?
++.br
++ /var/named/chroot/var/tmp(/.*)?
++.br
++ /var/named/chroot/var/named/data(/.*)?
++.br
++ /var/named/chroot/var/named/slaves(/.*)?
++.br
++ /var/named/chroot/var/named/dynamic(/.*)?
++.br
++
++.br
++.B named_log_t
++
++ /var/log/named.*
++.br
++ /var/named/chroot/var/log/named.*
++.br
++
++.br
++.B named_tmp_t
++
++
++.br
++.B named_var_run_t
++
++ /var/run/bind(/.*)?
++.br
++ /var/run/named(/.*)?
++.br
++ /var/run/unbound(/.*)?
++.br
++ /var/named/chroot/var/run/named.*
++.br
++ /var/run/ndc
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42477,73 +49720,68 @@ index 0000000..91fd7f7
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/readahead_selinux.8 b/man/man8/readahead_selinux.8
++selinux(8), named(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), namespace_init_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/namespace_init_selinux.8 b/man/man8/namespace_init_selinux.8
new file mode 100644
-index 0000000..8f2fb7a
+index 0000000..3310d59
--- /dev/null
-+++ b/man/man8/readahead_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "readahead_selinux" "8" "readahead" "dwalsh at redhat.com" "readahead SELinux Policy documentation"
++++ b/man/man8/namespace_init_selinux.8
+@@ -0,0 +1,103 @@
++.TH "namespace_init_selinux" "8" "namespace_init" "dwalsh at redhat.com" "namespace_init SELinux Policy documentation"
+.SH "NAME"
-+readahead_selinux \- Security Enhanced Linux Policy for the readahead processes
++namespace_init_selinux \- Security Enhanced Linux Policy for the namespace_init processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the readahead processes via flexible mandatory access
++Security-Enhanced Linux secures the namespace_init processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux readahead policy is very flexible allowing users to setup their readahead processes in as secure a method as possible.
-+.PP
-+The following file types are defined for readahead:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the namespace_init_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B readahead_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the readahead_exec_t type, if you want to transition an executable to the readahead_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*, /usr/sbin/readahead.*
++.PP
++If you want to allow confined applications to run with kerberos for the namespace_init_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B readahead_var_lib_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the readahead_var_lib_t type, if you want to store the readahead files under the /var/lib directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux namespace_init policy is very flexible allowing users to setup their namespace_init processes in as secure a method as possible.
++.PP
++The following file types are defined for namespace_init:
+
+
+.EX
+.PP
-+.B readahead_var_run_t
++.B namespace_init_exec_t
+.EE
+
-+- Set files with the readahead_var_run_t type, if you want to store the readahead files under the /run directory.
++- Set files with the namespace_init_exec_t type, if you want to transition an executable to the namespace_init_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/systemd/readahead(/.*)?, /dev/\.systemd/readahead(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42558,18 +49796,34 @@ index 0000000..8f2fb7a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux readahead policy is very flexible allowing users to setup their readahead processes in as secure a method as possible.
++SELinux namespace_init policy is very flexible allowing users to setup their namespace_init processes in as secure a method as possible.
+.PP
-+The following process types are defined for readahead:
++The following process types are defined for namespace_init:
+
+.EX
-+.B readahead_t
++.B namespace_init_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type namespace_init_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42585,22 +49839,22 @@ index 0000000..8f2fb7a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/realmd_selinux.8 b/man/man8/realmd_selinux.8
++selinux(8), namespace_init(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ncftool_selinux.8 b/man/man8/ncftool_selinux.8
new file mode 100644
-index 0000000..9bd9549
+index 0000000..303dfb7
--- /dev/null
-+++ b/man/man8/realmd_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "realmd_selinux" "8" "realmd" "dwalsh at redhat.com" "realmd SELinux Policy documentation"
++++ b/man/man8/ncftool_selinux.8
+@@ -0,0 +1,125 @@
++.TH "ncftool_selinux" "8" "ncftool" "dwalsh at redhat.com" "ncftool SELinux Policy documentation"
+.SH "NAME"
-+realmd_selinux \- Security Enhanced Linux Policy for the realmd processes
++ncftool_selinux \- Security Enhanced Linux Policy for the ncftool processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the realmd processes via flexible mandatory access
++Security-Enhanced Linux secures the ncftool processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -42611,17 +49865,17 @@ index 0000000..9bd9549
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux realmd policy is very flexible allowing users to setup their realmd processes in as secure a method as possible.
++SELinux ncftool policy is very flexible allowing users to setup their ncftool processes in as secure a method as possible.
+.PP
-+The following file types are defined for realmd:
++The following file types are defined for ncftool:
+
+
+.EX
+.PP
-+.B realmd_exec_t
++.B ncftool_exec_t
+.EE
+
-+- Set files with the realmd_exec_t type, if you want to transition an executable to the realmd_t domain.
++- Set files with the ncftool_exec_t type, if you want to transition an executable to the ncftool_t domain.
+
+
+.PP
@@ -42637,18 +49891,70 @@ index 0000000..9bd9549
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux realmd policy is very flexible allowing users to setup their realmd processes in as secure a method as possible.
++SELinux ncftool policy is very flexible allowing users to setup their ncftool processes in as secure a method as possible.
+.PP
-+The following process types are defined for realmd:
++The following process types are defined for ncftool:
+
+.EX
-+.B realmd_t
++.B ncftool_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ncftool_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B system_conf_t
++
++ /etc/sysctl\.conf(\.old)?
++.br
++ /etc/sysconfig/ip6?tables.*
++.br
++ /etc/sysconfig/ipvsadm.*
++.br
++ /etc/sysconfig/ebtables.*
++.br
++ /etc/sysconfig/system-config-firewall.*
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42664,38 +49970,38 @@ index 0000000..9bd9549
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), realmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/regex_selinux.8 b/man/man8/regex_selinux.8
++selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ndc_selinux.8 b/man/man8/ndc_selinux.8
new file mode 100644
-index 0000000..0431f98
+index 0000000..620f09c
--- /dev/null
-+++ b/man/man8/regex_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "regex_selinux" "8" "regex" "dwalsh at redhat.com" "regex SELinux Policy documentation"
++++ b/man/man8/ndc_selinux.8
+@@ -0,0 +1,91 @@
++.TH "ndc_selinux" "8" "ndc" "dwalsh at redhat.com" "ndc SELinux Policy documentation"
+.SH "NAME"
-+regex_selinux \- Security Enhanced Linux Policy for the regex processes
++ndc_selinux \- Security Enhanced Linux Policy for the ndc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the regex processes via flexible mandatory access
++Security-Enhanced Linux secures the ndc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the regex_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ndc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the regex_milter_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the ndc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -42704,25 +50010,17 @@ index 0000000..0431f98
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux regex policy is very flexible allowing users to setup their regex processes in as secure a method as possible.
++SELinux ndc policy is very flexible allowing users to setup their ndc processes in as secure a method as possible.
+.PP
-+The following file types are defined for regex:
++The following file types are defined for ndc:
+
+
+.EX
+.PP
-+.B regex_milter_data_t
++.B ndc_exec_t
+.EE
+
-+- Set files with the regex_milter_data_t type, if you want to treat the files as regex milter content.
-+
-+
-+.EX
-+.PP
-+.B regex_milter_exec_t
-+.EE
-+
-+- Set files with the regex_milter_exec_t type, if you want to transition an executable to the regex_milter_t domain.
++- Set files with the ndc_exec_t type, if you want to transition an executable to the ndc_t domain.
+
+
+.PP
@@ -42738,18 +50036,22 @@ index 0000000..0431f98
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux regex policy is very flexible allowing users to setup their regex processes in as secure a method as possible.
++SELinux ndc policy is very flexible allowing users to setup their ndc processes in as secure a method as possible.
+.PP
-+The following process types are defined for regex:
++The following process types are defined for ndc:
+
+.EX
-+.B regex_milter_t
++.B ndc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ndc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42765,66 +50067,48 @@ index 0000000..0431f98
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), regex(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/restorecond_selinux.8 b/man/man8/restorecond_selinux.8
++selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/netlabel_mgmt_selinux.8 b/man/man8/netlabel_mgmt_selinux.8
new file mode 100644
-index 0000000..c1d4bcc
+index 0000000..cc33498
--- /dev/null
-+++ b/man/man8/restorecond_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "restorecond_selinux" "8" "restorecond" "dwalsh at redhat.com" "restorecond SELinux Policy documentation"
++++ b/man/man8/netlabel_mgmt_selinux.8
+@@ -0,0 +1,81 @@
++.TH "netlabel_mgmt_selinux" "8" "netlabel_mgmt" "dwalsh at redhat.com" "netlabel_mgmt SELinux Policy documentation"
+.SH "NAME"
-+restorecond_selinux \- Security Enhanced Linux Policy for the restorecond processes
++netlabel_mgmt_selinux \- Security Enhanced Linux Policy for the netlabel_mgmt processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the restorecond processes via flexible mandatory access
++Security-Enhanced Linux secures the netlabel_mgmt processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the restorecond_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the restorecond_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux restorecond policy is very flexible allowing users to setup their restorecond processes in as secure a method as possible.
++SELinux netlabel_mgmt policy is very flexible allowing users to setup their netlabel_mgmt processes in as secure a method as possible.
+.PP
-+The following file types are defined for restorecond:
-+
-+
-+.EX
-+.PP
-+.B restorecond_exec_t
-+.EE
-+
-+- Set files with the restorecond_exec_t type, if you want to transition an executable to the restorecond_t domain.
++The following file types are defined for netlabel_mgmt:
+
+
+.EX
+.PP
-+.B restorecond_var_run_t
++.B netlabel_mgmt_exec_t
+.EE
+
-+- Set files with the restorecond_var_run_t type, if you want to store the restorecond files under the /run directory.
++- Set files with the netlabel_mgmt_exec_t type, if you want to transition an executable to the netlabel_mgmt_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/netlabelctl, /usr/sbin/netlabelctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42839,18 +50123,22 @@ index 0000000..c1d4bcc
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux restorecond policy is very flexible allowing users to setup their restorecond processes in as secure a method as possible.
++SELinux netlabel_mgmt policy is very flexible allowing users to setup their netlabel_mgmt processes in as secure a method as possible.
+.PP
-+The following process types are defined for restorecond:
++The following process types are defined for netlabel_mgmt:
+
+.EX
-+.B restorecond_t
++.B netlabel_mgmt_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type netlabel_mgmt_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -42866,113 +50154,72 @@ index 0000000..c1d4bcc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rgmanager_selinux.8 b/man/man8/rgmanager_selinux.8
++selinux(8), netlabel_mgmt(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/netlogond_selinux.8 b/man/man8/netlogond_selinux.8
new file mode 100644
-index 0000000..3abdac8
+index 0000000..c2de904
--- /dev/null
-+++ b/man/man8/rgmanager_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "rgmanager_selinux" "8" "rgmanager" "dwalsh at redhat.com" "rgmanager SELinux Policy documentation"
++++ b/man/man8/netlogond_selinux.8
+@@ -0,0 +1,125 @@
++.TH "netlogond_selinux" "8" "netlogond" "dwalsh at redhat.com" "netlogond SELinux Policy documentation"
+.SH "NAME"
-+rgmanager_selinux \- Security Enhanced Linux Policy for the rgmanager processes
++netlogond_selinux \- Security Enhanced Linux Policy for the netlogond processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rgmanager processes via flexible mandatory access
++Security-Enhanced Linux secures the netlogond processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. rgmanager policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rgmanager with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow rgmanager domain to connect to the network using TCP, you must turn on the rgmanager_can_network_connect boolean.
-+
-+.EX
-+.B setsebool -P rgmanager_can_network_connect 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rgmanager_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the rgmanager_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rgmanager policy is very flexible allowing users to setup their rgmanager processes in as secure a method as possible.
++SELinux netlogond policy is very flexible allowing users to setup their netlogond processes in as secure a method as possible.
+.PP
-+The following file types are defined for rgmanager:
-+
-+
-+.EX
-+.PP
-+.B rgmanager_exec_t
-+.EE
-+
-+- Set files with the rgmanager_exec_t type, if you want to transition an executable to the rgmanager_t domain.
-+
-+
-+.EX
-+.PP
-+.B rgmanager_initrc_exec_t
-+.EE
-+
-+- Set files with the rgmanager_initrc_exec_t type, if you want to transition an executable to the rgmanager_initrc_t domain.
++The following file types are defined for netlogond:
+
+
+.EX
+.PP
-+.B rgmanager_tmp_t
++.B netlogond_exec_t
+.EE
+
-+- Set files with the rgmanager_tmp_t type, if you want to store rgmanager temporary files in the /tmp directories.
++- Set files with the netlogond_exec_t type, if you want to transition an executable to the netlogond_t domain.
+
+
+.EX
+.PP
-+.B rgmanager_tmpfs_t
++.B netlogond_var_lib_t
+.EE
+
-+- Set files with the rgmanager_tmpfs_t type, if you want to store rgmanager files on a tmpfs file system.
++- Set files with the netlogond_var_lib_t type, if you want to store the netlogond files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/likewise-open/krb5-affinity.conf, /var/lib/likewise-open/LWNetsd\.err
+
+.EX
+.PP
-+.B rgmanager_var_log_t
++.B netlogond_var_run_t
+.EE
+
-+- Set files with the rgmanager_var_log_t type, if you want to treat the data as rgmanager var log data, usually stored under the /var/log directory.
++- Set files with the netlogond_var_run_t type, if you want to store the netlogond files under the /run directory.
+
+
+.EX
+.PP
-+.B rgmanager_var_run_t
++.B netlogond_var_socket_t
+.EE
+
-+- Set files with the rgmanager_var_run_t type, if you want to store the rgmanager files under the /run directory.
++- Set files with the netlogond_var_socket_t type, if you want to treat the files as netlogond var socket data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rgmanager\.pid, /var/run/cluster/rgmanager\.sk
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -42987,18 +50234,42 @@ index 0000000..3abdac8
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rgmanager policy is very flexible allowing users to setup their rgmanager processes in as secure a method as possible.
++SELinux netlogond policy is very flexible allowing users to setup their netlogond processes in as secure a method as possible.
+.PP
-+The following process types are defined for rgmanager:
++The following process types are defined for netlogond:
+
+.EX
-+.B rgmanager_t
++.B netlogond_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type netlogond_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B likewise_etc_t
++
++ /etc/likewise-open(/.*)?
++.br
++
++.br
++.B netlogond_var_lib_t
++
++ /var/lib/likewise-open/krb5-affinity.conf
++.br
++ /var/lib/likewise-open/LWNetsd\.err
++.br
++
++.br
++.B netlogond_var_run_t
++
++ /var/run/netlogond.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43009,48 +50280,43 @@ index 0000000..3abdac8
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rgmanager(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/rhev_selinux.8 b/man/man8/rhev_selinux.8
++selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/netutils_selinux.8 b/man/man8/netutils_selinux.8
new file mode 100644
-index 0000000..9d50cd5
+index 0000000..4bc6f16
--- /dev/null
-+++ b/man/man8/rhev_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "rhev_selinux" "8" "rhev" "dwalsh at redhat.com" "rhev SELinux Policy documentation"
++++ b/man/man8/netutils_selinux.8
+@@ -0,0 +1,107 @@
++.TH "netutils_selinux" "8" "netutils" "dwalsh at redhat.com" "netutils SELinux Policy documentation"
+.SH "NAME"
-+rhev_selinux \- Security Enhanced Linux Policy for the rhev processes
++netutils_selinux \- Security Enhanced Linux Policy for the netutils processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhev processes via flexible mandatory access
++Security-Enhanced Linux secures the netutils processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rhev_agentd_t, rhev_agentd_consolehelper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the netutils_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the rhev_agentd_t, rhev_agentd_consolehelper_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the netutils_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -43059,53 +50325,29 @@ index 0000000..9d50cd5
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rhev policy is very flexible allowing users to setup their rhev processes in as secure a method as possible.
++SELinux netutils policy is very flexible allowing users to setup their netutils processes in as secure a method as possible.
+.PP
-+The following file types are defined for rhev:
++The following file types are defined for netutils:
+
+
+.EX
+.PP
-+.B rhev_agentd_exec_t
++.B netutils_exec_t
+.EE
+
-+- Set files with the rhev_agentd_exec_t type, if you want to transition an executable to the rhev_agentd_t domain.
++- Set files with the netutils_exec_t type, if you want to transition an executable to the netutils_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/share/rhev-agent/rhev-agentd\.py, /usr/share/ovirt-guest-agent
-+
-+.EX
-+.PP
-+.B rhev_agentd_log_t
-+.EE
-+
-+- Set files with the rhev_agentd_log_t type, if you want to treat the data as rhev agentd log data, usually stored under the /var/log directory.
-+
-+
-+.EX
-+.PP
-+.B rhev_agentd_tmp_t
-+.EE
-+
-+- Set files with the rhev_agentd_tmp_t type, if you want to store rhev agentd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B rhev_agentd_unit_file_t
-+.EE
-+
-+- Set files with the rhev_agentd_unit_file_t type, if you want to treat the files as rhev agentd unit content.
-+
++/sbin/arping, /usr/sbin/arping, /usr/sbin/tcpdump
+
+.EX
+.PP
-+.B rhev_agentd_var_run_t
++.B netutils_tmp_t
+.EE
+
-+- Set files with the rhev_agentd_var_run_t type, if you want to store the rhev agentd files under the /run directory.
++- Set files with the netutils_tmp_t type, if you want to store netutils temporary files in the /tmp directories.
+
+
+.PP
@@ -43121,18 +50363,26 @@ index 0000000..9d50cd5
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rhev policy is very flexible allowing users to setup their rhev processes in as secure a method as possible.
++SELinux netutils policy is very flexible allowing users to setup their netutils processes in as secure a method as possible.
+.PP
-+The following process types are defined for rhev:
++The following process types are defined for netutils:
+
+.EX
-+.B rhev_agentd_t, rhev_agentd_consolehelper_t
++.B netutils_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type netutils_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B netutils_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43148,51 +50398,57 @@ index 0000000..9d50cd5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rhev(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rhgb_selinux.8 b/man/man8/rhgb_selinux.8
++selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/newrole_selinux.8 b/man/man8/newrole_selinux.8
new file mode 100644
-index 0000000..033248f
+index 0000000..cef1275
--- /dev/null
-+++ b/man/man8/rhgb_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "rhgb_selinux" "8" "rhgb" "dwalsh at redhat.com" "rhgb SELinux Policy documentation"
++++ b/man/man8/newrole_selinux.8
+@@ -0,0 +1,163 @@
++.TH "newrole_selinux" "8" "newrole" "dwalsh at redhat.com" "newrole SELinux Policy documentation"
+.SH "NAME"
-+rhgb_selinux \- Security Enhanced Linux Policy for the rhgb processes
++newrole_selinux \- Security Enhanced Linux Policy for the newrole processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhgb processes via flexible mandatory access
++Security-Enhanced Linux secures the newrole processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the newrole_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the newrole_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rhgb policy is very flexible allowing users to setup their rhgb processes in as secure a method as possible.
++SELinux newrole policy is very flexible allowing users to setup their newrole processes in as secure a method as possible.
+.PP
-+The following file types are defined for rhgb:
-+
-+
-+.EX
-+.PP
-+.B rhgb_exec_t
-+.EE
-+
-+- Set files with the rhgb_exec_t type, if you want to transition an executable to the rhgb_t domain.
++The following file types are defined for newrole:
+
+
+.EX
+.PP
-+.B rhgb_tmpfs_t
++.B newrole_exec_t
+.EE
+
-+- Set files with the rhgb_tmpfs_t type, if you want to store rhgb files on a tmpfs file system.
++- Set files with the newrole_exec_t type, if you want to transition an executable to the newrole_t domain.
+
+
+.PP
@@ -43208,18 +50464,94 @@ index 0000000..033248f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rhgb policy is very flexible allowing users to setup their rhgb processes in as secure a method as possible.
++SELinux newrole policy is very flexible allowing users to setup their newrole processes in as secure a method as possible.
+.PP
-+The following process types are defined for rhgb:
++The following process types are defined for newrole:
+
+.EX
-+.B rhgb_t
++.B newrole_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type newrole_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43235,308 +50567,279 @@ index 0000000..033248f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rhsmcertd_selinux.8 b/man/man8/rhsmcertd_selinux.8
++selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nfs_selinux.8 b/man/man8/nfs_selinux.8
+deleted file mode 100644
+index 8e30c4c..0000000
+--- a/man/man8/nfs_selinux.8
++++ /dev/null
+@@ -1,31 +0,0 @@
+-.TH "nfs_selinux" "8" "9 Feb 2009" "dwalsh at redhat.com" "NFS SELinux Policy documentation"
+-.SH "NAME"
+-nfs_selinux \- Security Enhanced Linux Policy for NFS
+-.SH "DESCRIPTION"
+-
+-Security Enhanced Linux secures the NFS server via flexible mandatory access
+-control.
+-.SH BOOLEANS
+-SELinux policy is customizable based on the least level of access required. SELinux can be configured to not allow NFS to share files. If you want to share NFS partitions, and only allow read-only access to those NFS partitions, turn the nfs_export_all_ro boolean on:
+-
+-.TP
+-setsebool -P nfs_export_all_ro 1
+-.TP
+-If you want to share files read/write you must set the nfs_export_all_rw boolean.
+-.TP
+-setsebool -P nfs_export_all_rw 1
+-
+-.TP
+-These booleans are not required when files to be shared are labeled with the public_content_t or public_content_rw_t types. NFS can share files labeled with the public_content_t or public_content_rw_t types even if the nfs_export_all_ro and nfs_export_all_rw booleans are off.
+-
+-.TP
+-If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dirs boolean:
+-.TP
+-setsebool -P use_nfs_home_dirs 1
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+-
+-.SH "SEE ALSO"
+-selinux(8), chcon(1), setsebool(8)
+diff --git a/man/man8/nfsd_selinux.8 b/man/man8/nfsd_selinux.8
new file mode 100644
-index 0000000..a147aab
+index 0000000..5f84f1c
--- /dev/null
-+++ b/man/man8/rhsmcertd_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "rhsmcertd_selinux" "8" "rhsmcertd" "dwalsh at redhat.com" "rhsmcertd SELinux Policy documentation"
++++ b/man/man8/nfsd_selinux.8
+@@ -0,0 +1,326 @@
++.TH "nfsd_selinux" "8" "nfsd" "dwalsh at redhat.com" "nfsd SELinux Policy documentation"
+.SH "NAME"
-+rhsmcertd_selinux \- Security Enhanced Linux Policy for the rhsmcertd processes
++nfsd_selinux \- Security Enhanced Linux Policy for the nfsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhsmcertd processes via flexible mandatory access
++Security-Enhanced Linux secures the nfsd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. nfsd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nfsd with the tightest access possible.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux rhsmcertd policy is very flexible allowing users to setup their rhsmcertd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for rhsmcertd:
+
++.PP
++If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_exec_t
++.B setsebool -P xen_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_exec_t type, if you want to transition an executable to the rhsmcertd_t domain.
-+
++.PP
++If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_initrc_exec_t
++.B setsebool -P virt_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_initrc_exec_t type, if you want to transition an executable to the rhsmcertd_initrc_t domain.
-+
++.PP
++If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_lock_t
++.B setsebool -P git_system_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_lock_t type, if you want to treat the files as rhsmcertd lock data, stored under the /var/lock directory
-+
++.PP
++If you want to allow qemu to use nfs file systems, you must turn on the qemu_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_log_t
++.B setsebool -P qemu_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_log_t type, if you want to treat the data as rhsmcertd log data, usually stored under the /var/log directory.
-+
++.PP
++If you want to determine whether Git CGI can access nfs file systems, you must turn on the git_cgi_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_var_lib_t
++.B setsebool -P git_cgi_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_var_lib_t type, if you want to store the rhsmcertd files under the /var/lib directory.
-+
++.PP
++If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
+
+.EX
-+.PP
-+.B rhsmcertd_var_run_t
++.B setsebool -P rsync_use_nfs 1
+.EE
+
-+- Set files with the rhsmcertd_var_run_t type, if you want to store the rhsmcertd files under the /run directory.
-+
-+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean.
++
++.EX
++.B setsebool -P use_nfs_home_dirs 1
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux rhsmcertd policy is very flexible allowing users to setup their rhsmcertd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for rhsmcertd:
++If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
+
+.EX
-+.B rhsmcertd_t
++.B setsebool -P cobbler_use_nfs 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.EX
++.B setsebool -P httpd_use_nfs 1
++.EE
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.PP
++If you want to allow sge to access nfs file systems, you must turn on the sge_use_nfs boolean.
+
-+.SH "SEE ALSO"
-+selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ricci_selinux.8 b/man/man8/ricci_selinux.8
-new file mode 100644
-index 0000000..f2556e7
---- /dev/null
-+++ b/man/man8/ricci_selinux.8
-@@ -0,0 +1,260 @@
-+.TH "ricci_selinux" "8" "ricci" "dwalsh at redhat.com" "ricci SELinux Policy documentation"
-+.SH "NAME"
-+ricci_selinux \- Security Enhanced Linux Policy for the ricci processes
-+.SH "DESCRIPTION"
++.EX
++.B setsebool -P sge_use_nfs 1
++.EE
+
-+Security-Enhanced Linux secures the ricci processes via flexible mandatory access
-+control.
++.PP
++If you want to allow any files/directories to be exported read/write via NFS, you must turn on the nfs_export_all_rw boolean.
+
-+.SH NSSWITCH DOMAIN
++.EX
++.B setsebool -P nfs_export_all_rw 1
++.EE
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P sanlock_use_nfs 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the kerberos_enabled boolean.
++If you want to allow samba to export NFS volumes, you must turn on the samba_share_nfs boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P samba_share_nfs 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
-+.PP
-+The following file types are defined for ricci:
-+
++If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.PP
-+.B ricci_exec_t
++.B setsebool -P ftpd_use_nfs 1
+.EE
+
-+- Set files with the ricci_exec_t type, if you want to transition an executable to the ricci_t domain.
-+
++.PP
++If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
+
+.EX
-+.PP
-+.B ricci_initrc_exec_t
++.B setsebool -P polipo_use_nfs 1
+.EE
+
-+- Set files with the ricci_initrc_exec_t type, if you want to transition an executable to the ricci_initrc_t domain.
-+
++.PP
++If you want to allow the portage domains to use NFS mounts (regular nfs_t), you must turn on the portage_use_nfs boolean.
+
+.EX
-+.PP
-+.B ricci_modcluster_exec_t
++.B setsebool -P portage_use_nfs 1
+.EE
+
-+- Set files with the ricci_modcluster_exec_t type, if you want to transition an executable to the ricci_modcluster_t domain.
-+
++.PP
++If you want to allow any files/directories to be exported read/only via NFS, you must turn on the nfs_export_all_ro boolean.
+
+.EX
-+.PP
-+.B ricci_modcluster_var_lib_t
++.B setsebool -P nfs_export_all_ro 1
+.EE
+
-+- Set files with the ricci_modcluster_var_lib_t type, if you want to store the ricci modcluster files under the /var/lib directory.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nfsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B ricci_modcluster_var_log_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the ricci_modcluster_var_log_t type, if you want to treat the data as ricci modcluster var log data, usually stored under the /var/log directory.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the nfsd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B ricci_modcluster_var_run_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/modclusterd\.pid, /var/run/clumond\.sock
-+
-+.EX
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow nfsd servers to read the /var/nfsd directory by adding the public_content_t file type to the directory and by restoring the file type.
+.PP
-+.B ricci_modclusterd_exec_t
-+.EE
-+
-+- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain.
-+
-+
-+.EX
++.B
++semanage fcontext -a -t public_content_t "/var/nfsd(/.*)?"
++.br
++.B restorecon -F -R -v /var/nfsd
++.pp
++.TP
++Allow nfsd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_nfsdd_anon_write boolean to be set.
+.PP
-+.B ricci_modclusterd_tmpfs_t
-+.EE
-+
-+- Set files with the ricci_modclusterd_tmpfs_t type, if you want to store ricci modclusterd files on a tmpfs file system.
++.B
++semanage fcontext -a -t public_content_rw_t "/var/nfsd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/nfsd/incoming
+
+
-+.EX
+.PP
-+.B ricci_modlog_exec_t
-+.EE
-+
-+- Set files with the ricci_modlog_exec_t type, if you want to transition an executable to the ricci_modlog_t domain.
-+
++If you want to allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the nfsd_anon_write boolean.
+
+.EX
-+.PP
-+.B ricci_modrpm_exec_t
++.B setsebool -P nfsd_anon_write 1
+.EE
+
-+- Set files with the ricci_modrpm_exec_t type, if you want to transition an executable to the ricci_modrpm_t domain.
-+
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B ricci_modservice_exec_t
-+.EE
-+
-+- Set files with the ricci_modservice_exec_t type, if you want to transition an executable to the ricci_modservice_t domain.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B ricci_modstorage_exec_t
-+.EE
-+
-+- Set files with the ricci_modstorage_exec_t type, if you want to transition an executable to the ricci_modstorage_t domain.
++Policy governs the access confined processes have to these files.
++SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
++.PP
++The following file types are defined for nfsd:
+
+
+.EX
+.PP
-+.B ricci_modstorage_lock_t
++.B nfsd_exec_t
+.EE
+
-+- Set files with the ricci_modstorage_lock_t type, if you want to treat the files as ricci modstorage lock data, stored under the /var/lock directory
++- Set files with the nfsd_exec_t type, if you want to transition an executable to the nfsd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/rpc\.mountd, /usr/sbin/rpc\.nfsd
+
+.EX
+.PP
-+.B ricci_tmp_t
++.B nfsd_initrc_exec_t
+.EE
+
-+- Set files with the ricci_tmp_t type, if you want to store ricci temporary files in the /tmp directories.
++- Set files with the nfsd_initrc_exec_t type, if you want to transition an executable to the nfsd_initrc_t domain.
+
+
+.EX
+.PP
-+.B ricci_var_lib_t
++.B nfsd_ro_t
+.EE
+
-+- Set files with the ricci_var_lib_t type, if you want to store the ricci files under the /var/lib directory.
++- Set files with the nfsd_ro_t type, if you want to treat the files as nfsd read/only content.
+
+
+.EX
+.PP
-+.B ricci_var_log_t
++.B nfsd_rw_t
+.EE
+
-+- Set files with the ricci_var_log_t type, if you want to treat the data as ricci var log data, usually stored under the /var/log directory.
++- Set files with the nfsd_rw_t type, if you want to treat the files as nfsd read/write content.
+
+
+.EX
+.PP
-+.B ricci_var_run_t
++.B nfsd_unit_file_t
+.EE
+
-+- Set files with the ricci_var_run_t type, if you want to store the ricci files under the /run directory.
++- Set files with the nfsd_unit_file_t type, if you want to treat the files as nfsd unit content.
+
+
+.PP
@@ -43555,34 +50858,21 @@ index 0000000..f2556e7
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
++SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
+.PP
-+The following port types are defined for ricci:
-+
-+.EX
-+.TP 5
-+.B ricci_modcluster_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 16851
-+.EE
-+udp 16851
-+.EE
++The following port types are defined for nfsd:
+
+.EX
+.TP 5
-+.B ricci_port_t
++.B nfs_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 11111
++tcp 2049,20048-20049
+.EE
-+udp 11111
++udp 2049,20048-20049
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -43590,18 +50880,40 @@ index 0000000..f2556e7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
++SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for ricci:
++The following process types are defined for nfsd:
+
+.EX
-+.B ricci_t, ricci_modservice_t, ricci_modstorage_t, ricci_modclusterd_t, ricci_modlog_t, ricci_modrpm_t, ricci_modcluster_t
++.B nfsd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nfsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nfsd_fs_t
++
++
++.br
++.B var_lib_nfs_t
++
++ /var/lib/nfs(/.*)?
++.br
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43615,43 +50927,55 @@ index 0000000..f2556e7
+.B semanage port
+can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rlogind_selinux.8 b/man/man8/rlogind_selinux.8
++selinux(8), nfsd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/nis_selinux.8 b/man/man8/nis_selinux.8
+deleted file mode 100644
+index 6271c95..0000000
+--- a/man/man8/nis_selinux.8
++++ /dev/null
+@@ -1 +0,0 @@
+-.so man8/ypbind_selinux.8
+diff --git a/man/man8/nmbd_selinux.8 b/man/man8/nmbd_selinux.8
new file mode 100644
-index 0000000..d24aec9
+index 0000000..d7a3320
--- /dev/null
-+++ b/man/man8/rlogind_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "rlogind_selinux" "8" "rlogind" "dwalsh at redhat.com" "rlogind SELinux Policy documentation"
++++ b/man/man8/nmbd_selinux.8
+@@ -0,0 +1,161 @@
++.TH "nmbd_selinux" "8" "nmbd" "dwalsh at redhat.com" "nmbd SELinux Policy documentation"
+.SH "NAME"
-+rlogind_selinux \- Security Enhanced Linux Policy for the rlogind processes
++nmbd_selinux \- Security Enhanced Linux Policy for the nmbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rlogind processes via flexible mandatory access
++Security-Enhanced Linux secures the nmbd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rlogind_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nmbd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the rlogind_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nmbd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -43660,58 +50984,30 @@ index 0000000..d24aec9
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
+.PP
-+The following file types are defined for rlogind:
++The following file types are defined for nmbd:
+
+
+.EX
+.PP
-+.B rlogind_exec_t
++.B nmbd_exec_t
+.EE
+
-+- Set files with the rlogind_exec_t type, if you want to transition an executable to the rlogind_t domain.
++- Set files with the nmbd_exec_t type, if you want to transition an executable to the nmbd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/telnetlogin, /usr/kerberos/sbin/klogind, /usr/sbin/in\.rlogind
+
+.EX
+.PP
-+.B rlogind_home_t
++.B nmbd_var_run_t
+.EE
+
-+- Set files with the rlogind_home_t type, if you want to store rlogind files in the users home directory.
++- Set files with the nmbd_var_run_t type, if you want to store the nmbd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/root/\.rlogin, /root/\.rhosts
-+
-+.EX
-+.PP
-+.B rlogind_keytab_t
-+.EE
-+
-+- Set files with the rlogind_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
-+
-+.EX
-+.PP
-+.B rlogind_tmp_t
-+.EE
-+
-+- Set files with the rlogind_tmp_t type, if you want to store rlogind temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B rlogind_var_run_t
-+.EE
-+
-+- Set files with the rlogind_var_run_t type, if you want to store the rlogind files under the /run directory.
-+
++/var/run/samba/nmbd\.pid, /var/run/samba/nmbd(/.*)?, /var/run/samba/messages\.tdb, /var/run/samba/namelist\.debug, /var/run/nmbd(/.*)?, /var/run/samba/unexpected\.tdb
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -43729,19 +51025,19 @@ index 0000000..d24aec9
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
+.PP
-+The following port types are defined for rlogind:
++The following port types are defined for nmbd:
+
+.EX
+.TP 5
-+.B rlogind_port_t
++.B nmbd_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 513
++udp 137,138
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -43749,18 +51045,54 @@ index 0000000..d24aec9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible.
+.PP
-+The following process types are defined for rlogind:
++The following process types are defined for nmbd:
+
+.EX
-+.B rlogind_t
++.B nmbd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nmbd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nmbd_var_run_t
++
++ /var/run/nmbd(/.*)?
++.br
++ /var/run/samba/nmbd(/.*)?
++.br
++ /var/run/samba/nmbd\.pid
++.br
++ /var/run/samba/messages\.tdb
++.br
++ /var/run/samba/namelist\.debug
++.br
++ /var/run/samba/unexpected\.tdb
++.br
++
++.br
++.B samba_log_t
++
++ /var/log/samba(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43779,22 +51111,22 @@ index 0000000..d24aec9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/roundup_selinux.8 b/man/man8/roundup_selinux.8
++selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_ajax_selinux.8 b/man/man8/nova_ajax_selinux.8
new file mode 100644
-index 0000000..34ca865
+index 0000000..9544e58
--- /dev/null
-+++ b/man/man8/roundup_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "roundup_selinux" "8" "roundup" "dwalsh at redhat.com" "roundup SELinux Policy documentation"
++++ b/man/man8/nova_ajax_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_ajax_selinux" "8" "nova_ajax" "dwalsh at redhat.com" "nova_ajax SELinux Policy documentation"
+.SH "NAME"
-+roundup_selinux \- Security Enhanced Linux Policy for the roundup processes
++nova_ajax_selinux \- Security Enhanced Linux Policy for the nova_ajax processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the roundup processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_ajax processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -43805,41 +51137,33 @@ index 0000000..34ca865
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux roundup policy is very flexible allowing users to setup their roundup processes in as secure a method as possible.
++SELinux nova_ajax policy is very flexible allowing users to setup their nova_ajax processes in as secure a method as possible.
+.PP
-+The following file types are defined for roundup:
-+
-+
-+.EX
-+.PP
-+.B roundup_exec_t
-+.EE
-+
-+- Set files with the roundup_exec_t type, if you want to transition an executable to the roundup_t domain.
++The following file types are defined for nova_ajax:
+
+
+.EX
+.PP
-+.B roundup_initrc_exec_t
++.B nova_ajax_exec_t
+.EE
+
-+- Set files with the roundup_initrc_exec_t type, if you want to transition an executable to the roundup_initrc_t domain.
++- Set files with the nova_ajax_exec_t type, if you want to transition an executable to the nova_ajax_t domain.
+
+
+.EX
+.PP
-+.B roundup_var_lib_t
++.B nova_ajax_tmp_t
+.EE
+
-+- Set files with the roundup_var_lib_t type, if you want to store the roundup files under the /var/lib directory.
++- Set files with the nova_ajax_tmp_t type, if you want to store nova ajax temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B roundup_var_run_t
++.B nova_ajax_unit_file_t
+.EE
+
-+- Set files with the roundup_var_run_t type, if you want to store the roundup files under the /run directory.
++- Set files with the nova_ajax_unit_file_t type, if you want to treat the files as nova ajax unit content.
+
+
+.PP
@@ -43855,18 +51179,44 @@ index 0000000..34ca865
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux roundup policy is very flexible allowing users to setup their roundup processes in as secure a method as possible.
++SELinux nova_ajax policy is very flexible allowing users to setup their nova_ajax processes in as secure a method as possible.
+.PP
-+The following process types are defined for roundup:
++The following process types are defined for nova_ajax:
+
+.EX
-+.B roundup_t
++.B nova_ajax_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_ajax_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_ajax_tmp_t
++
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43882,22 +51232,22 @@ index 0000000..34ca865
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rpcbind_selinux.8 b/man/man8/rpcbind_selinux.8
++selinux(8), nova_ajax(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_api_selinux.8 b/man/man8/nova_api_selinux.8
new file mode 100644
-index 0000000..070558a
+index 0000000..7a9aeef
--- /dev/null
-+++ b/man/man8/rpcbind_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "rpcbind_selinux" "8" "rpcbind" "dwalsh at redhat.com" "rpcbind SELinux Policy documentation"
++++ b/man/man8/nova_api_selinux.8
+@@ -0,0 +1,123 @@
++.TH "nova_api_selinux" "8" "nova_api" "dwalsh at redhat.com" "nova_api SELinux Policy documentation"
+.SH "NAME"
-+rpcbind_selinux \- Security Enhanced Linux Policy for the rpcbind processes
++nova_api_selinux \- Security Enhanced Linux Policy for the nova_api processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpcbind processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_api processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -43908,54 +51258,42 @@ index 0000000..070558a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rpcbind policy is very flexible allowing users to setup their rpcbind processes in as secure a method as possible.
++SELinux nova_api policy is very flexible allowing users to setup their nova_api processes in as secure a method as possible.
+.PP
-+The following file types are defined for rpcbind:
++The following file types are defined for nova_api:
+
+
+.EX
+.PP
-+.B rpcbind_exec_t
++.B nova_api_exec_t
+.EE
+
-+- Set files with the rpcbind_exec_t type, if you want to transition an executable to the rpcbind_t domain.
++- Set files with the nova_api_exec_t type, if you want to transition an executable to the nova_api_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/rpcbind, /sbin/rpcbind
-+
-+.EX
-+.PP
-+.B rpcbind_initrc_exec_t
-+.EE
-+
-+- Set files with the rpcbind_initrc_exec_t type, if you want to transition an executable to the rpcbind_initrc_t domain.
-+
++/usr/bin/nova-api, /usr//bin/nova-api-metadata
+
+.EX
+.PP
-+.B rpcbind_var_lib_t
++.B nova_api_tmp_t
+.EE
+
-+- Set files with the rpcbind_var_lib_t type, if you want to store the rpcbind files under the /var/lib directory.
++- Set files with the nova_api_tmp_t type, if you want to store nova api temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/rpcbind(/.*)?, /var/cache/rpcbind(/.*)?
+
+.EX
+.PP
-+.B rpcbind_var_run_t
++.B nova_api_unit_file_t
+.EE
+
-+- Set files with the rpcbind_var_run_t type, if you want to store the rpcbind files under the /run directory.
++- Set files with the nova_api_unit_file_t type, if you want to treat the files as nova api unit content.
+
+.br
+.TP 5
+Paths:
-+/var/run/rpcbind\.sock, /var/run/rpcbind\.lock, /var/run/rpc.statd\.pid
++/usr/lib/systemd/system/openstack-nova-metadata-api.service.*, /usr/lib/systemd/system/openstack-nova-api.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -43970,18 +51308,44 @@ index 0000000..070558a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rpcbind policy is very flexible allowing users to setup their rpcbind processes in as secure a method as possible.
++SELinux nova_api policy is very flexible allowing users to setup their nova_api processes in as secure a method as possible.
+.PP
-+The following process types are defined for rpcbind:
++The following process types are defined for nova_api:
+
+.EX
-+.B rpcbind_t
++.B nova_api_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_api_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_api_tmp_t
++
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -43997,38 +51361,38 @@ index 0000000..070558a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rpcd_selinux.8 b/man/man8/rpcd_selinux.8
++selinux(8), nova_api(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_cert_selinux.8 b/man/man8/nova_cert_selinux.8
new file mode 100644
-index 0000000..eee7969
+index 0000000..61864b7
--- /dev/null
-+++ b/man/man8/rpcd_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "rpcd_selinux" "8" "rpcd" "dwalsh at redhat.com" "rpcd SELinux Policy documentation"
++++ b/man/man8/nova_cert_selinux.8
+@@ -0,0 +1,129 @@
++.TH "nova_cert_selinux" "8" "nova_cert" "dwalsh at redhat.com" "nova_cert SELinux Policy documentation"
+.SH "NAME"
-+rpcd_selinux \- Security Enhanced Linux Policy for the rpcd processes
++nova_cert_selinux \- Security Enhanced Linux Policy for the nova_cert processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpcd processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_cert processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rpcd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nova_cert_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the rpcd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nova_cert_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -44037,54 +51401,34 @@ index 0000000..eee7969
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rpcd policy is very flexible allowing users to setup their rpcd processes in as secure a method as possible.
++SELinux nova_cert policy is very flexible allowing users to setup their nova_cert processes in as secure a method as possible.
+.PP
-+The following file types are defined for rpcd:
++The following file types are defined for nova_cert:
+
+
+.EX
+.PP
-+.B rpcd_exec_t
-+.EE
-+
-+- Set files with the rpcd_exec_t type, if you want to transition an executable to the rpcd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/sbin/sm-notify, /usr/sbin/rpc\..*, /usr/sbin/rpc\.idmapd, /usr/sbin/sm-notify, /usr/sbin/rpc\.rquotad, /sbin/rpc\..*
-+
-+.EX
-+.PP
-+.B rpcd_initrc_exec_t
++.B nova_cert_exec_t
+.EE
+
-+- Set files with the rpcd_initrc_exec_t type, if you want to transition an executable to the rpcd_initrc_t domain.
++- Set files with the nova_cert_exec_t type, if you want to transition an executable to the nova_cert_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd
+
+.EX
+.PP
-+.B rpcd_unit_file_t
++.B nova_cert_tmp_t
+.EE
+
-+- Set files with the rpcd_unit_file_t type, if you want to treat the files as rpcd unit content.
++- Set files with the nova_cert_tmp_t type, if you want to store nova cert temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rpcd_var_run_t
++.B nova_cert_unit_file_t
+.EE
+
-+- Set files with the rpcd_var_run_t type, if you want to store the rpcd files under the /run directory.
++- Set files with the nova_cert_unit_file_t type, if you want to treat the files as nova cert unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rpc\.statd(/.*)?, /var/run/rpc\.statd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -44099,18 +51443,44 @@ index 0000000..eee7969
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rpcd policy is very flexible allowing users to setup their rpcd processes in as secure a method as possible.
++SELinux nova_cert policy is very flexible allowing users to setup their nova_cert processes in as secure a method as possible.
+.PP
-+The following process types are defined for rpcd:
++The following process types are defined for nova_cert:
+
+.EX
-+.B rpcd_t, rpcbind_t
++.B nova_cert_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_cert_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_cert_tmp_t
++
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -44126,179 +51496,111 @@ index 0000000..eee7969
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rpm_selinux.8 b/man/man8/rpm_selinux.8
++selinux(8), nova_cert(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_compute_selinux.8 b/man/man8/nova_compute_selinux.8
new file mode 100644
-index 0000000..c1b5773
+index 0000000..8149b81
--- /dev/null
-+++ b/man/man8/rpm_selinux.8
-@@ -0,0 +1,183 @@
-+.TH "rpm_selinux" "8" "rpm" "dwalsh at redhat.com" "rpm SELinux Policy documentation"
++++ b/man/man8/nova_compute_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_compute_selinux" "8" "nova_compute" "dwalsh at redhat.com" "nova_compute SELinux Policy documentation"
+.SH "NAME"
-+rpm_selinux \- Security Enhanced Linux Policy for the rpm processes
++nova_compute_selinux \- Security Enhanced Linux Policy for the nova_compute processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpm processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_compute processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rpm_script_t, rpm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the rpm_script_t, rpm_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rpm policy is very flexible allowing users to setup their rpm processes in as secure a method as possible.
++SELinux nova_compute policy is very flexible allowing users to setup their nova_compute processes in as secure a method as possible.
+.PP
-+The following file types are defined for rpm:
++The following file types are defined for nova_compute:
+
+
+.EX
+.PP
-+.B rpm_exec_t
++.B nova_compute_exec_t
+.EE
+
-+- Set files with the rpm_exec_t type, if you want to transition an executable to the rpm_t domain.
++- Set files with the nova_compute_exec_t type, if you want to transition an executable to the nova_compute_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/apt-get, /usr/sbin/bcfg2, /usr/sbin/rhn_check, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/synaptic, /usr/share/yumex/yumex-yum-backend, /usr/bin/apt-shell, /usr/sbin/yum-updatesd, /usr/sbin/pup, /usr/libexec/packagekitd, /usr/libexec/yumDBUSBackend.py, /usr/sbin/pirut, /usr/bin/package-cleanup, /bin/rpm, /usr/bin/yum, /usr/sbin/system-install-packages, /usr/bin/zif, /usr/bin/rpm, /usr/sbin/yum-complete-transaction, /usr/bin/smart, /usr/sbin/packagekitd, /usr/bin/fedora-rmdevelrpms, /usr/sbin/rhnreg_ks, /usr/share/yumex/yum_childtask\.py, /usr/sbin/up2date
+
+.EX
+.PP
-+.B rpm_file_t
++.B nova_compute_tmp_t
+.EE
+
-+- Set files with the rpm_file_t type, if you want to treat the files as rpm content.
++- Set files with the nova_compute_tmp_t type, if you want to store nova compute temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rpm_log_t
++.B nova_compute_unit_file_t
+.EE
+
-+- Set files with the rpm_log_t type, if you want to treat the data as rpm log data, usually stored under the /var/log directory.
++- Set files with the nova_compute_unit_file_t type, if you want to treat the files as nova compute unit content.
+
+
-+.EX
+.PP
-+.B rpm_script_exec_t
-+.EE
-+
-+- Set files with the rpm_script_exec_t type, if you want to transition an executable to the rpm_script_t domain.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B rpm_script_tmp_t
-+.EE
-+
-+- Set files with the rpm_script_tmp_t type, if you want to store rpm script temporary files in the /tmp directories.
-+
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B rpm_script_tmpfs_t
-+.EE
-+
-+- Set files with the rpm_script_tmpfs_t type, if you want to store rpm script files on a tmpfs file system.
-+
++Policy governs the access confined processes have to files.
++SELinux nova_compute policy is very flexible allowing users to setup their nova_compute processes in as secure a method as possible.
++.PP
++The following process types are defined for nova_compute:
+
+.EX
-+.PP
-+.B rpm_tmp_t
++.B nova_compute_t
+.EE
-+
-+- Set files with the rpm_tmp_t type, if you want to store rpm temporary files in the /tmp directories.
-+
-+
-+.EX
+.PP
-+.B rpm_tmpfs_t
-+.EE
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the rpm_tmpfs_t type, if you want to store rpm files on a tmpfs file system.
++.SH "MANAGED FILES"
+
++The SELinux user type nova_compute_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B rpm_var_cache_t
-+.EE
++.br
++.B nova_compute_tmp_t
+
-+- Set files with the rpm_var_cache_t type, if you want to store the files under the /var/cache directory.
+
+.br
-+.TP 5
-+Paths:
-+/var/cache/PackageKit(/.*)?, /var/cache/yum(/.*)?, /var/spool/up2date(/.*)?
-+
-+.EX
-+.PP
-+.B rpm_var_lib_t
-+.EE
++.B nova_log_t
+
-+- Set files with the rpm_var_lib_t type, if you want to store the rpm files under the /var/lib directory.
++ /var/log/nova(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/var/lib/yum(/.*)?, /var/lib/rpm(/.*)?, /var/lib/alternatives(/.*)?
++.B nova_var_lib_t
+
-+.EX
-+.PP
-+.B rpm_var_run_t
-+.EE
++ /var/lib/nova(/.*)?
++.br
+
-+- Set files with the rpm_var_run_t type, if you want to store the rpm files under the /run directory.
++.br
++.B nova_var_run_t
+
++ /var/run/nova(/.*)?
+.br
-+.TP 5
-+Paths:
-+/var/run/PackageKit(/.*)?, /var/run/yum.*
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux rpm policy is very flexible allowing users to setup their rpm processes in as secure a method as possible.
-+.PP
-+The following process types are defined for rpm:
-+
-+.EX
-+.B rpm_t, rpm_script_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -44315,38 +51617,38 @@ index 0000000..c1b5773
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rshd_selinux.8 b/man/man8/rshd_selinux.8
++selinux(8), nova_compute(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_console_selinux.8 b/man/man8/nova_console_selinux.8
new file mode 100644
-index 0000000..2686e88
+index 0000000..2a9c3e7
--- /dev/null
-+++ b/man/man8/rshd_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "rshd_selinux" "8" "rshd" "dwalsh at redhat.com" "rshd SELinux Policy documentation"
++++ b/man/man8/nova_console_selinux.8
+@@ -0,0 +1,129 @@
++.TH "nova_console_selinux" "8" "nova_console" "dwalsh at redhat.com" "nova_console SELinux Policy documentation"
+.SH "NAME"
-+rshd_selinux \- Security Enhanced Linux Policy for the rshd processes
++nova_console_selinux \- Security Enhanced Linux Policy for the nova_console processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rshd processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_console processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rshd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nova_console_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the rshd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nova_console_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -44355,29 +51657,33 @@ index 0000000..2686e88
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
++SELinux nova_console policy is very flexible allowing users to setup their nova_console processes in as secure a method as possible.
+.PP
-+The following file types are defined for rshd:
++The following file types are defined for nova_console:
+
+
+.EX
+.PP
-+.B rshd_exec_t
++.B nova_console_exec_t
+.EE
+
-+- Set files with the rshd_exec_t type, if you want to transition an executable to the rshd_t domain.
++- Set files with the nova_console_exec_t type, if you want to transition an executable to the nova_console_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.rshd, /usr/kerberos/sbin/kshd, /usr/sbin/in\.rexecd
+
+.EX
+.PP
-+.B rshd_keytab_t
++.B nova_console_tmp_t
+.EE
+
-+- Set files with the rshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the nova_console_tmp_t type, if you want to store nova console temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B nova_console_unit_file_t
++.EE
++
++- Set files with the nova_console_unit_file_t type, if you want to treat the files as nova console unit content.
+
+
+.PP
@@ -44387,47 +51693,50 @@ index 0000000..2686e88
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for rshd:
-+
-+.EX
-+.TP 5
-+.B rsh_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 514
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
++SELinux nova_console policy is very flexible allowing users to setup their nova_console processes in as secure a method as possible.
+.PP
-+The following process types are defined for rshd:
++The following process types are defined for nova_console:
+
+.EX
-+.B rshd_t
++.B nova_console_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_console_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_console_tmp_t
++
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -44438,89 +51747,64 @@ index 0000000..2686e88
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rssh_selinux.8 b/man/man8/rssh_selinux.8
++selinux(8), nova_console(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_direct_selinux.8 b/man/man8/nova_direct_selinux.8
new file mode 100644
-index 0000000..9988547
+index 0000000..1198be5
--- /dev/null
-+++ b/man/man8/rssh_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "rssh_selinux" "8" "rssh" "dwalsh at redhat.com" "rssh SELinux Policy documentation"
++++ b/man/man8/nova_direct_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_direct_selinux" "8" "nova_direct" "dwalsh at redhat.com" "nova_direct SELinux Policy documentation"
+.SH "NAME"
-+rssh_selinux \- Security Enhanced Linux Policy for the rssh processes
++nova_direct_selinux \- Security Enhanced Linux Policy for the nova_direct processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rssh processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_direct processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rssh_chroot_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the rssh_chroot_helper_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rssh policy is very flexible allowing users to setup their rssh processes in as secure a method as possible.
++SELinux nova_direct policy is very flexible allowing users to setup their nova_direct processes in as secure a method as possible.
+.PP
-+The following file types are defined for rssh:
-+
-+
-+.EX
-+.PP
-+.B rssh_chroot_helper_exec_t
-+.EE
-+
-+- Set files with the rssh_chroot_helper_exec_t type, if you want to transition an executable to the rssh_chroot_helper_t domain.
++The following file types are defined for nova_direct:
+
+
+.EX
+.PP
-+.B rssh_exec_t
++.B nova_direct_exec_t
+.EE
+
-+- Set files with the rssh_exec_t type, if you want to transition an executable to the rssh_t domain.
++- Set files with the nova_direct_exec_t type, if you want to transition an executable to the nova_direct_t domain.
+
+
+.EX
+.PP
-+.B rssh_ro_t
++.B nova_direct_tmp_t
+.EE
+
-+- Set files with the rssh_ro_t type, if you want to treat the files as rssh read/only content.
++- Set files with the nova_direct_tmp_t type, if you want to store nova direct temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rssh_rw_t
++.B nova_direct_unit_file_t
+.EE
+
-+- Set files with the rssh_rw_t type, if you want to treat the files as rssh read/write content.
++- Set files with the nova_direct_unit_file_t type, if you want to treat the files as nova direct unit content.
+
+
+.PP
@@ -44536,18 +51820,44 @@ index 0000000..9988547
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rssh policy is very flexible allowing users to setup their rssh processes in as secure a method as possible.
++SELinux nova_direct policy is very flexible allowing users to setup their nova_direct processes in as secure a method as possible.
+.PP
-+The following process types are defined for rssh:
++The following process types are defined for nova_direct:
+
+.EX
-+.B rssh_t, rssh_chroot_helper_t
++.B nova_direct_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_direct_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_direct_tmp_t
++
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -44563,188 +51873,59 @@ index 0000000..9988547
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
-index ad9ccf5..805c4ab 100644
---- a/man/man8/rsync_selinux.8
-+++ b/man/man8/rsync_selinux.8
-@@ -1,52 +1,217 @@
--.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
--.de EX
--.nf
--.ft CW
--..
--.de EE
--.ft R
--.fi
--..
-+.TH "rsync_selinux" "8" "rsync" "dwalsh at redhat.com" "rsync SELinux Policy documentation"
- .SH "NAME"
--rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
-+rsync_selinux \- Security Enhanced Linux Policy for the rsync processes
- .SH "DESCRIPTION"
-
--Security-Enhanced Linux secures the rsync server via flexible mandatory access
-+Security-Enhanced Linux secures the rsync processes via flexible mandatory access
- control.
--.SH FILE_CONTEXTS
--SELinux requires files to have an extended attribute to define the file type.
--Policy governs the access daemons have to these files.
--If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
--would need to label the directory with the chcon tool.
--.TP
--chcon -t public_content_t /var/rsync
--.TP
--.TP
--To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
-+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. rsync policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rsync with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow rsync to run as a client, you must turn on the rsync_client boolean.
-+
-+.EX
-+.B setsebool -P rsync_client 1
-+.EE
-+
-+.PP
-+If you want to allow rsync to export any files/directories read only, you must turn on the rsync_export_all_ro boolean.
-+
-+.EX
-+.B setsebool -P rsync_export_all_ro 1
-+.EE
-+
-+.PP
-+If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P rsync_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow rsync servers to share cifs files systems, you must turn on the rsync_use_cifs boolean.
++selinux(8), nova_direct(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_network_selinux.8 b/man/man8/nova_network_selinux.8
+new file mode 100644
+index 0000000..a9485e6
+--- /dev/null
++++ b/man/man8/nova_network_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_network_selinux" "8" "nova_network" "dwalsh at redhat.com" "nova_network SELinux Policy documentation"
++.SH "NAME"
++nova_network_selinux \- Security Enhanced Linux Policy for the nova_network processes
++.SH "DESCRIPTION"
+
-+.EX
-+.B setsebool -P rsync_use_cifs 1
-+.EE
++Security-Enhanced Linux secures the nova_network processes via flexible mandatory access
++control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rsync_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the rsync_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
- .TP
-+Allow rsync servers to read the /var/rsync directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
- semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/rsync
-+.pp
- .TP
--This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
--.TP
--/var/rsync(/.*)? system_u:object_r:publix_content_t:s0
--.TP
--Run the restorecon command to apply the changes:
--.TP
--restorecon -R -v /var/rsync/
-+Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsyncd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/rsync/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/rsync/incoming
-+
-+
-+.PP
-+If you want to allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the rsync_anon_write boolean.
-+
-+.EX
-+.B setsebool -P rsync_anon_write 1
- .EE
-
--.SH SHARING FILES
--If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
++SELinux nova_network policy is very flexible allowing users to setup their nova_network processes in as secure a method as possible.
+.PP
-+The following file types are defined for rsync:
-+
-
- .EX
--setsebool -P allow_rsync_anon_write=1
-+.PP
-+.B rsync_data_t
- .EE
-
--.SH BOOLEANS
--.TP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
-+- Set files with the rsync_data_t type, if you want to treat the files as rsync content.
-+
-+
-+.EX
-+.PP
-+.B rsync_etc_t
-+.EE
-+
-+- Set files with the rsync_etc_t type, if you want to store rsync files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B rsync_exec_t
-+.EE
-+
-+- Set files with the rsync_exec_t type, if you want to transition an executable to the rsync_t domain.
++The following file types are defined for nova_network:
+
+
+.EX
+.PP
-+.B rsync_log_t
++.B nova_network_exec_t
+.EE
+
-+- Set files with the rsync_log_t type, if you want to treat the data as rsync log data, usually stored under the /var/log directory.
++- Set files with the nova_network_exec_t type, if you want to transition an executable to the nova_network_t domain.
+
+
+.EX
+.PP
-+.B rsync_tmp_t
++.B nova_network_tmp_t
+.EE
+
-+- Set files with the rsync_tmp_t type, if you want to store rsync temporary files in the /tmp directories.
++- Set files with the nova_network_tmp_t type, if you want to store nova network temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rsync_var_run_t
++.B nova_network_unit_file_t
+.EE
+
-+- Set files with the rsync_var_run_t type, if you want to store the rsync files under the /run directory.
++- Set files with the nova_network_unit_file_t type, if you want to treat the files as nova network unit content.
+
+
+.PP
@@ -44754,49 +51935,50 @@ index ad9ccf5..805c4ab 100644
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
-+.PP
-+The following port types are defined for rsync:
-+
-+.EX
-+.TP 5
-+.B rsync_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 873
-+.EE
-+udp 873
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
++SELinux nova_network policy is very flexible allowing users to setup their nova_network processes in as secure a method as possible.
+.PP
-+The following process types are defined for rsync:
++The following process types are defined for nova_network:
+
+.EX
-+.B rsync_t
++.B nova_network_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_network_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_network_tmp_t
++
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -44807,72 +51989,64 @@ index ad9ccf5..805c4ab 100644
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
- .SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+This manual page was autogenerated by genman.py.
-
- .SH "SEE ALSO"
--selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)
-+selinux(8), rsync(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/rtkit_selinux.8 b/man/man8/rtkit_selinux.8
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nova_network(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_objectstore_selinux.8 b/man/man8/nova_objectstore_selinux.8
new file mode 100644
-index 0000000..6388e55
+index 0000000..cb98335
--- /dev/null
-+++ b/man/man8/rtkit_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "rtkit_selinux" "8" "rtkit" "dwalsh at redhat.com" "rtkit SELinux Policy documentation"
++++ b/man/man8/nova_objectstore_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_objectstore_selinux" "8" "nova_objectstore" "dwalsh at redhat.com" "nova_objectstore SELinux Policy documentation"
+.SH "NAME"
-+rtkit_selinux \- Security Enhanced Linux Policy for the rtkit processes
++nova_objectstore_selinux \- Security Enhanced Linux Policy for the nova_objectstore processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rtkit processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_objectstore processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rtkit_daemon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux nova_objectstore policy is very flexible allowing users to setup their nova_objectstore processes in as secure a method as possible.
++.PP
++The following file types are defined for nova_objectstore:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B nova_objectstore_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the rtkit_daemon_t, you must turn on the kerberos_enabled boolean.
++- Set files with the nova_objectstore_exec_t type, if you want to transition an executable to the nova_objectstore_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B nova_objectstore_tmp_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux rtkit policy is very flexible allowing users to setup their rtkit processes in as secure a method as possible.
-+.PP
-+The following file types are defined for rtkit:
++- Set files with the nova_objectstore_tmp_t type, if you want to store nova objectstore temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rtkit_daemon_exec_t
++.B nova_objectstore_unit_file_t
+.EE
+
-+- Set files with the rtkit_daemon_exec_t type, if you want to transition an executable to the rtkit_daemon_t domain.
++- Set files with the nova_objectstore_unit_file_t type, if you want to treat the files as nova objectstore unit content.
+
+
+.PP
@@ -44888,18 +52062,44 @@ index 0000000..6388e55
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rtkit policy is very flexible allowing users to setup their rtkit processes in as secure a method as possible.
++SELinux nova_objectstore policy is very flexible allowing users to setup their nova_objectstore processes in as secure a method as possible.
+.PP
-+The following process types are defined for rtkit:
++The following process types are defined for nova_objectstore:
+
+.EX
-+.B rtkit_daemon_t
++.B nova_objectstore_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_objectstore_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_objectstore_tmp_t
++
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -44915,89 +52115,59 @@ index 0000000..6388e55
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rtkit(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/run_selinux.8 b/man/man8/run_selinux.8
++selinux(8), nova_objectstore(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_scheduler_selinux.8 b/man/man8/nova_scheduler_selinux.8
new file mode 100644
-index 0000000..da9ce6c
+index 0000000..c8be529
--- /dev/null
-+++ b/man/man8/run_selinux.8
-@@ -0,0 +1,123 @@
-+.TH "run_selinux" "8" "run" "dwalsh at redhat.com" "run SELinux Policy documentation"
++++ b/man/man8/nova_scheduler_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_scheduler_selinux" "8" "nova_scheduler" "dwalsh at redhat.com" "nova_scheduler SELinux Policy documentation"
+.SH "NAME"
-+run_selinux \- Security Enhanced Linux Policy for the run processes
++nova_scheduler_selinux \- Security Enhanced Linux Policy for the nova_scheduler processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the run processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_scheduler processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. run policy is extremely flexible and has several booleans that allow you to manipulate the policy and run run with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
-+
-+.EX
-+.B setsebool -P httpd_run_stickshift 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow xend to run qemu-dm. Not required if using paravirt and no vfb, you must turn on the xend_run_qemu boolean.
-+
-+.EX
-+.B setsebool -P xend_run_qemu 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux nova_scheduler policy is very flexible allowing users to setup their nova_scheduler processes in as secure a method as possible.
++.PP
++The following file types are defined for nova_scheduler:
+
-+.PP
-+If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
+
+.EX
-+.B setsebool -P xend_run_blktap 1
-+.EE
-+
+.PP
-+If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
-+
-+.EX
-+.B setsebool -P samba_run_unconfined 1
++.B nova_scheduler_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the nova_scheduler_exec_t type, if you want to transition an executable to the nova_scheduler_t domain.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the run_init_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the run_init_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
++.B nova_scheduler_tmp_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux run policy is very flexible allowing users to setup their run processes in as secure a method as possible.
-+.PP
-+The following file types are defined for run:
++- Set files with the nova_scheduler_tmp_t type, if you want to store nova scheduler temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B run_init_exec_t
++.B nova_scheduler_unit_file_t
+.EE
+
-+- Set files with the run_init_exec_t type, if you want to transition an executable to the run_init_t domain.
++- Set files with the nova_scheduler_unit_file_t type, if you want to treat the files as nova scheduler unit content.
+
+
+.PP
@@ -45013,18 +52183,44 @@ index 0000000..da9ce6c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux run policy is very flexible allowing users to setup their run processes in as secure a method as possible.
++SELinux nova_scheduler policy is very flexible allowing users to setup their nova_scheduler processes in as secure a method as possible.
+.PP
-+The following process types are defined for run:
++The following process types are defined for nova_scheduler:
+
+.EX
-+.B run_init_t
++.B nova_scheduler_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_scheduler_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_scheduler_tmp_t
++
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45035,32 +52231,27 @@ index 0000000..da9ce6c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), run(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/rwho_selinux.8 b/man/man8/rwho_selinux.8
++selinux(8), nova_scheduler(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_vncproxy_selinux.8 b/man/man8/nova_vncproxy_selinux.8
new file mode 100644
-index 0000000..8acacbd
+index 0000000..c70cb21
--- /dev/null
-+++ b/man/man8/rwho_selinux.8
++++ b/man/man8/nova_vncproxy_selinux.8
@@ -0,0 +1,123 @@
-+.TH "rwho_selinux" "8" "rwho" "dwalsh at redhat.com" "rwho SELinux Policy documentation"
++.TH "nova_vncproxy_selinux" "8" "nova_vncproxy" "dwalsh at redhat.com" "nova_vncproxy SELinux Policy documentation"
+.SH "NAME"
-+rwho_selinux \- Security Enhanced Linux Policy for the rwho processes
++nova_vncproxy_selinux \- Security Enhanced Linux Policy for the nova_vncproxy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rwho processes via flexible mandatory access
++Security-Enhanced Linux secures the nova_vncproxy processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -45071,42 +52262,42 @@ index 0000000..8acacbd
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux rwho policy is very flexible allowing users to setup their rwho processes in as secure a method as possible.
++SELinux nova_vncproxy policy is very flexible allowing users to setup their nova_vncproxy processes in as secure a method as possible.
+.PP
-+The following file types are defined for rwho:
++The following file types are defined for nova_vncproxy:
+
+
+.EX
+.PP
-+.B rwho_exec_t
++.B nova_vncproxy_exec_t
+.EE
+
-+- Set files with the rwho_exec_t type, if you want to transition an executable to the rwho_t domain.
-+
-+
-+.EX
-+.PP
-+.B rwho_initrc_exec_t
-+.EE
-+
-+- Set files with the rwho_initrc_exec_t type, if you want to transition an executable to the rwho_initrc_t domain.
++- Set files with the nova_vncproxy_exec_t type, if you want to transition an executable to the nova_vncproxy_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/nova-vncproxy, /usr/bin/nova-xvpvncproxy
+
+.EX
+.PP
-+.B rwho_log_t
++.B nova_vncproxy_tmp_t
+.EE
+
-+- Set files with the rwho_log_t type, if you want to treat the data as rwho log data, usually stored under the /var/log directory.
++- Set files with the nova_vncproxy_tmp_t type, if you want to store nova vncproxy temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B rwho_spool_t
++.B nova_vncproxy_unit_file_t
+.EE
+
-+- Set files with the rwho_spool_t type, if you want to store the rwho files under the /var/spool directory.
++- Set files with the nova_vncproxy_unit_file_t type, if you want to treat the files as nova vncproxy unit content.
+
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/openstack-nova-xvpvncproxy.*, /usr/lib/systemd/system/openstack-nova-vncproxy.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -45115,47 +52306,50 @@ index 0000000..8acacbd
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux rwho policy is very flexible allowing users to setup their rwho processes in as secure a method as possible.
-+.PP
-+The following port types are defined for rwho:
-+
-+.EX
-+.TP 5
-+.B rwho_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 513
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux rwho policy is very flexible allowing users to setup their rwho processes in as secure a method as possible.
++SELinux nova_vncproxy policy is very flexible allowing users to setup their nova_vncproxy processes in as secure a method as possible.
+.PP
-+The following process types are defined for rwho:
++The following process types are defined for nova_vncproxy:
+
+.EX
-+.B rwho_t
++.B nova_vncproxy_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nova_vncproxy_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nova_log_t
++
++ /var/log/nova(/.*)?
++.br
++
++.br
++.B nova_var_lib_t
++
++ /var/lib/nova(/.*)?
++.br
++
++.br
++.B nova_var_run_t
++
++ /var/run/nova(/.*)?
++.br
++
++.br
++.B nova_vncproxy_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45166,167 +52360,164 @@ index 0000000..8acacbd
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), rwho(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
-index ca702c7..2a88102 100644
---- a/man/man8/samba_selinux.8
-+++ b/man/man8/samba_selinux.8
-@@ -1,56 +1,275 @@
--.TH "samba_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "Samba Selinux Policy documentation"
-+.TH "samba_selinux" "8" "samba" "dwalsh at redhat.com" "samba SELinux Policy documentation"
- .SH "NAME"
--samba_selinux \- Security Enhanced Linux Policy for Samba
-+samba_selinux \- Security Enhanced Linux Policy for the samba processes
- .SH "DESCRIPTION"
-
--Security-Enhanced Linux secures the Samba server via flexible mandatory access
-+Security-Enhanced Linux secures the samba processes via flexible mandatory access
- control.
--.SH FILE_CONTEXTS
--SELinux requires files to have an extended attribute to define the file type.
--Policy governs the access daemons have to these files.
--If you want to share files other than home directories, those files must be
--labeled samba_share_t. So if you created a special directory /var/eng, you
--would need to label the directory with the chcon tool.
--.TP
--chcon -t samba_share_t /var/eng
--.TP
--To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
--.TP
--semanage fcontext -a -t samba_share_t "/var/eng(/.*)?"
--.TP
--This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
--.TP
--/var/eng(/.*)? system_u:object_r:samba_share_t:s0
--.TP
--Run the restorecon command to apply the changes:
--.TP
--restorecon -R -v /var/eng/
--
--.SH SHARING FILES
--If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute:
--
--setsebool -P allow_smbd_anon_write=1
-
- .SH BOOLEANS
--.br
--SELinux policy is customizable based on least access required. So by
--default SELinux policy turns off SELinux sharing of home directories and
--the use of Samba shares from a remote machine as a home directory.
--.TP
--If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean.
-+SELinux policy is customizable based on least access required. samba policy is extremely flexible and has several booleans that allow you to manipulate the policy and run samba with the tightest access possible.
++selinux(8), nova_vncproxy(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nova_volume_selinux.8 b/man/man8/nova_volume_selinux.8
+new file mode 100644
+index 0000000..0867727
+--- /dev/null
++++ b/man/man8/nova_volume_selinux.8
+@@ -0,0 +1,115 @@
++.TH "nova_volume_selinux" "8" "nova_volume" "dwalsh at redhat.com" "nova_volume SELinux Policy documentation"
++.SH "NAME"
++nova_volume_selinux \- Security Enhanced Linux Policy for the nova_volume processes
++.SH "DESCRIPTION"
+
++Security-Enhanced Linux secures the nova_volume processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow samba to act as the domain controller, add users, groups and change passwords, you must turn on the samba_domain_controller boolean.
++Policy governs the access confined processes have to these files.
++SELinux nova_volume policy is very flexible allowing users to setup their nova_volume processes in as secure a method as possible.
++.PP
++The following file types are defined for nova_volume:
++
+
+.EX
-+.B setsebool -P samba_domain_controller 1
++.PP
++.B nova_volume_exec_t
+.EE
+
-+.PP
-+If you want to allow samba to share any file/directory read only, you must turn on the samba_export_all_ro boolean.
++- Set files with the nova_volume_exec_t type, if you want to transition an executable to the nova_volume_t domain.
++
+
+.EX
-+.B setsebool -P samba_export_all_ro 1
++.PP
++.B nova_volume_tmp_t
+.EE
+
-+.PP
-+If you want to support SAMBA home directories, you must turn on the use_samba_home_dirs boolean.
++- Set files with the nova_volume_tmp_t type, if you want to store nova volume temporary files in the /tmp directories.
++
+
+.EX
-+.B setsebool -P use_samba_home_dirs 1
++.PP
++.B nova_volume_unit_file_t
+.EE
+
-+.PP
-+If you want to allow samba to create new home directories (e.g. via PAM), you must turn on the samba_create_home_dirs boolean.
++- Set files with the nova_volume_unit_file_t type, if you want to treat the files as nova volume unit content.
+
-+.EX
-+.B setsebool -P samba_create_home_dirs 1
-+.EE
+
+.PP
-+If you want to allow samba to share users home directories, you must turn on the samba_enable_home_dirs boolean.
-+
-+.EX
-+.B setsebool -P samba_enable_home_dirs 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow samba to act as a portmapper, you must turn on the samba_portmapper boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux nova_volume policy is very flexible allowing users to setup their nova_volume processes in as secure a method as possible.
++.PP
++The following process types are defined for nova_volume:
+
+.EX
-+.B setsebool -P samba_portmapper 1
++.B nova_volume_t
+.EE
-+
+.PP
-+If you want to allow samba to export ntfs/fusefs volumes, you must turn on the samba_share_fusefs boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.B setsebool -P samba_share_fusefs 1
-+.EE
++.SH "MANAGED FILES"
+
-+.PP
-+If you want to allow samba to export NFS volumes, you must turn on the samba_share_nfs boolean.
++The SELinux user type nova_volume_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.B setsebool -P samba_share_nfs 1
-+.EE
++.br
++.B nova_log_t
+
-+.PP
-+If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
++ /var/log/nova(/.*)?
++.br
+
-+.EX
-+.B setsebool -P samba_run_unconfined 1
-+.EE
++.br
++.B nova_var_lib_t
+
-+.PP
-+If you want to allow sanlock to manage cifs files, you must turn on the sanlock_use_samba boolean.
++ /var/lib/nova(/.*)?
++.br
+
-+.EX
-+.B setsebool -P sanlock_use_samba 1
-+.EE
++.br
++.B nova_var_run_t
+
-+.PP
-+If you want to allow samba to share any file/directory read/write, you must turn on the samba_export_all_rw boolean.
++ /var/run/nova(/.*)?
++.br
++
++.br
++.B nova_volume_tmp_t
+
-+.EX
-+.B setsebool -P samba_export_all_rw 1
-+.EE
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
-+.B setsebool -P virt_use_samba 1
-+.EE
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nova_volume(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nrpe_selinux.8 b/man/man8/nrpe_selinux.8
+new file mode 100644
+index 0000000..6656a32
+--- /dev/null
++++ b/man/man8/nrpe_selinux.8
+@@ -0,0 +1,111 @@
++.TH "nrpe_selinux" "8" "nrpe" "dwalsh at redhat.com" "nrpe SELinux Policy documentation"
++.SH "NAME"
++nrpe_selinux \- Security Enhanced Linux Policy for the nrpe processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the nrpe processes via flexible mandatory access
++control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the samba_net_t, sambagui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nrpe_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the samba_net_t, sambagui_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nrpe_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -45335,114 +52526,182 @@ index ca702c7..2a88102 100644
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux samba policy is very flexible allowing users to setup their samba processes in as secure a method as possible.
++SELinux nrpe policy is very flexible allowing users to setup their nrpe processes in as secure a method as possible.
+.PP
-+The following file types are defined for samba:
++The following file types are defined for nrpe:
+
+
+.EX
+.PP
-+.B samba_etc_t
++.B nrpe_etc_t
+.EE
+
-+- Set files with the samba_etc_t type, if you want to store samba files in the /etc directories.
++- Set files with the nrpe_etc_t type, if you want to store nrpe files in the /etc directories.
+
+
+.EX
+.PP
-+.B samba_initrc_exec_t
++.B nrpe_exec_t
+.EE
+
-+- Set files with the samba_initrc_exec_t type, if you want to transition an executable to the samba_initrc_t domain.
++- Set files with the nrpe_exec_t type, if you want to transition an executable to the nrpe_t domain.
+
- .br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/nmb, /etc/rc\.d/init\.d/smb, /etc/rc\.d/init\.d/winbind
+
+.EX
+.PP
-+.B samba_log_t
++.B nrpe_var_run_t
+.EE
+
-+- Set files with the samba_log_t type, if you want to treat the data as samba log data, usually stored under the /var/log directory.
++- Set files with the nrpe_var_run_t type, if you want to store the nrpe files under the /run directory.
+
+
-+.EX
+.PP
-+.B samba_net_exec_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux nrpe policy is very flexible allowing users to setup their nrpe processes in as secure a method as possible.
++.PP
++The following process types are defined for nrpe:
++
++.EX
++.B nrpe_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the samba_net_exec_t type, if you want to transition an executable to the samba_net_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type nrpe_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.br
++.B nrpe_var_run_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B samba_net_tmp_t
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nscd_selinux.8 b/man/man8/nscd_selinux.8
+new file mode 100644
+index 0000000..aeb9ee4
+--- /dev/null
++++ b/man/man8/nscd_selinux.8
+@@ -0,0 +1,168 @@
++.TH "nscd_selinux" "8" "nscd" "dwalsh at redhat.com" "nscd SELinux Policy documentation"
++.SH "NAME"
++nscd_selinux \- Security Enhanced Linux Policy for the nscd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the nscd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. nscd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nscd with the tightest access possible.
++
++
++.PP
++If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean.
++
++.EX
++.B setsebool -P nscd_use_shm 1
+.EE
+
-+- Set files with the samba_net_tmp_t type, if you want to store samba net temporary files in the /tmp directories.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nscd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B samba_secrets_t
++If you want to allow confined applications to run with kerberos for the nscd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the samba_secrets_t type, if you want to treat the files as samba secrets data.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux nscd policy is very flexible allowing users to setup their nscd processes in as secure a method as possible.
++.PP
++The following file types are defined for nscd:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/samba/secrets\.tdb, /etc/samba/passdb\.tdb, /etc/samba/MACHINE\.SID, /etc/samba/smbpasswd
+
+.EX
+.PP
-+.B samba_share_t
++.B nscd_exec_t
+.EE
+
-+- Set files with the samba_share_t type, if you want to treat the files as samba share data.
++- Set files with the nscd_exec_t type, if you want to transition an executable to the nscd_t domain.
+
+
+.EX
+.PP
-+.B samba_unconfined_script_exec_t
++.B nscd_initrc_exec_t
+.EE
+
-+- Set files with the samba_unconfined_script_exec_t type, if you want to transition an executable to the samba_unconfined_script_t domain.
++- Set files with the nscd_initrc_exec_t type, if you want to transition an executable to the nscd_initrc_t domain.
+
+
+.EX
+.PP
-+.B samba_unit_file_t
++.B nscd_log_t
+.EE
+
-+- Set files with the samba_unit_file_t type, if you want to treat the files as samba unit content.
++- Set files with the nscd_log_t type, if you want to treat the data as nscd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/smb.*, /usr/lib/systemd/system/nmb.*
+
+.EX
+.PP
-+.B samba_var_t
++.B nscd_unit_file_t
+.EE
+
-+- Set files with the samba_var_t type, if you want to store the s files under the /var directory.
++- Set files with the nscd_unit_file_t type, if you want to treat the files as nscd unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/samba(/.*)?, /var/cache/samba(/.*)?, /var/lib/samba(/.*)?
+
+.EX
+.PP
-+.B sambagui_exec_t
++.B nscd_var_run_t
+.EE
+
-+- Set files with the sambagui_exec_t type, if you want to transition an executable to the sambagui_t domain.
++- Set files with the nscd_var_run_t type, if you want to store the nscd files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/nscd\.pid, /var/run/nscd(/.*)?, /var/db/nscd(/.*)?, /var/run/\.nscd_socket, /var/cache/nscd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -45457,18 +52716,48 @@ index ca702c7..2a88102 100644
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux samba policy is very flexible allowing users to setup their samba processes in as secure a method as possible.
++SELinux nscd policy is very flexible allowing users to setup their nscd processes in as secure a method as possible.
+.PP
-+The following process types are defined for samba:
++The following process types are defined for nscd:
+
+.EX
-+.B samba_net_t, samba_unconfined_script_t, sambagui_t
++.B nscd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nscd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nscd_log_t
++
++ /var/log/nscd\.log.*
++.br
++
++.br
++.B nscd_var_run_t
++
++ /var/db/nscd(/.*)?
++.br
++ /var/run/nscd(/.*)?
++.br
++ /var/cache/nscd(/.*)?
++.br
++ /var/run/nscd\.pid
++.br
++ /var/run/\.nscd_socket
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45478,58 +52767,49 @@ index ca702c7..2a88102 100644
+.PP
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
-
--setsebool -P samba_enable_home_dirs 1
--.TP
--If you want to use a remote Samba server for the home directories on this machine, you must set the use_samba_home_dirs boolean.
--.br
++
+.B semanage boolean
+can also be used to manipulate the booleans
-
--setsebool -P use_samba_home_dirs 1
--.TP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
-
- .SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+This manual page was autogenerated by genman.py.
-
- .SH "SEE ALSO"
--selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)
-+selinux(8), samba(8), semanage(8), restorecon(8), chcon(1)
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nscd(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/sambagui_selinux.8 b/man/man8/sambagui_selinux.8
+diff --git a/man/man8/nslcd_selinux.8 b/man/man8/nslcd_selinux.8
new file mode 100644
-index 0000000..0016c04
+index 0000000..39b5918
--- /dev/null
-+++ b/man/man8/sambagui_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "sambagui_selinux" "8" "sambagui" "dwalsh at redhat.com" "sambagui SELinux Policy documentation"
++++ b/man/man8/nslcd_selinux.8
+@@ -0,0 +1,121 @@
++.TH "nslcd_selinux" "8" "nslcd" "dwalsh at redhat.com" "nslcd SELinux Policy documentation"
+.SH "NAME"
-+sambagui_selinux \- Security Enhanced Linux Policy for the sambagui processes
++nslcd_selinux \- Security Enhanced Linux Policy for the nslcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sambagui processes via flexible mandatory access
++Security-Enhanced Linux secures the nslcd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sambagui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nslcd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sambagui_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nslcd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -45538,17 +52818,41 @@ index 0000000..0016c04
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sambagui policy is very flexible allowing users to setup their sambagui processes in as secure a method as possible.
++SELinux nslcd policy is very flexible allowing users to setup their nslcd processes in as secure a method as possible.
+.PP
-+The following file types are defined for sambagui:
++The following file types are defined for nslcd:
+
+
+.EX
+.PP
-+.B sambagui_exec_t
++.B nslcd_conf_t
+.EE
+
-+- Set files with the sambagui_exec_t type, if you want to transition an executable to the sambagui_t domain.
++- Set files with the nslcd_conf_t type, if you want to treat the files as nslcd configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B nslcd_exec_t
++.EE
++
++- Set files with the nslcd_exec_t type, if you want to transition an executable to the nslcd_t domain.
++
++
++.EX
++.PP
++.B nslcd_initrc_exec_t
++.EE
++
++- Set files with the nslcd_initrc_exec_t type, if you want to transition an executable to the nslcd_initrc_t domain.
++
++
++.EX
++.PP
++.B nslcd_var_run_t
++.EE
++
++- Set files with the nslcd_var_run_t type, if you want to store the nslcd files under the /run directory.
+
+
+.PP
@@ -45564,18 +52868,28 @@ index 0000000..0016c04
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sambagui policy is very flexible allowing users to setup their sambagui processes in as secure a method as possible.
++SELinux nslcd policy is very flexible allowing users to setup their nslcd processes in as secure a method as possible.
+.PP
-+The following process types are defined for sambagui:
++The following process types are defined for nslcd:
+
+.EX
-+.B sambagui_t
++.B nslcd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nslcd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nslcd_var_run_t
++
++ /var/run/nslcd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45591,49 +52905,38 @@ index 0000000..0016c04
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sandbox_selinux.8 b/man/man8/sandbox_selinux.8
++selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ntop_selinux.8 b/man/man8/ntop_selinux.8
new file mode 100644
-index 0000000..76f0d9f
+index 0000000..8dbc99f
--- /dev/null
-+++ b/man/man8/sandbox_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "sandbox_selinux" "8" "sandbox" "dwalsh at redhat.com" "sandbox SELinux Policy documentation"
++++ b/man/man8/ntop_selinux.8
+@@ -0,0 +1,175 @@
++.TH "ntop_selinux" "8" "ntop" "dwalsh at redhat.com" "ntop SELinux Policy documentation"
+.SH "NAME"
-+sandbox_selinux \- Security Enhanced Linux Policy for the sandbox processes
++ntop_selinux \- Security Enhanced Linux Policy for the ntop processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sandbox processes via flexible mandatory access
++Security-Enhanced Linux secures the ntop processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sandbox with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
-+
-+.EX
-+.B setsebool -P unconfined_chrome_sandbox_transition 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ntop_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the ntop_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -45642,108 +52945,129 @@ index 0000000..76f0d9f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
++SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
+.PP
-+The following file types are defined for sandbox:
++The following file types are defined for ntop:
+
+
+.EX
+.PP
-+.B sandbox_devpts_t
++.B ntop_etc_t
+.EE
+
-+- Set files with the sandbox_devpts_t type, if you want to treat the files as sandbox devpts data.
++- Set files with the ntop_etc_t type, if you want to store ntop files in the /etc directories.
+
+
+.EX
+.PP
-+.B sandbox_exec_t
++.B ntop_exec_t
+.EE
+
-+- Set files with the sandbox_exec_t type, if you want to transition an executable to the sandbox_t domain.
++- Set files with the ntop_exec_t type, if you want to transition an executable to the ntop_t domain.
+
+
+.EX
+.PP
-+.B sandbox_file_t
++.B ntop_initrc_exec_t
+.EE
+
-+- Set files with the sandbox_file_t type, if you want to treat the files as sandbox content.
++- Set files with the ntop_initrc_exec_t type, if you want to transition an executable to the ntop_initrc_t domain.
+
+
+.EX
+.PP
-+.B sandbox_min_client_tmpfs_t
++.B ntop_tmp_t
+.EE
+
-+- Set files with the sandbox_min_client_tmpfs_t type, if you want to store sandbox min client files on a tmpfs file system.
++- Set files with the ntop_tmp_t type, if you want to store ntop temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B sandbox_net_client_tmpfs_t
++.B ntop_var_lib_t
+.EE
+
-+- Set files with the sandbox_net_client_tmpfs_t type, if you want to store sandbox net client files on a tmpfs file system.
++- Set files with the ntop_var_lib_t type, if you want to store the ntop files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B sandbox_staff_file_t
++.B ntop_var_run_t
+.EE
+
-+- Set files with the sandbox_staff_file_t type, if you want to treat the files as sandbox staff content.
++- Set files with the ntop_var_run_t type, if you want to store the ntop files under the /run directory.
+
+
-+.EX
+.PP
-+.B sandbox_web_client_tmpfs_t
-+.EE
-+
-+- Set files with the sandbox_web_client_tmpfs_t type, if you want to store sandbox web client files on a tmpfs file system.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B sandbox_x_client_tmpfs_t
-+.EE
-+
-+- Set files with the sandbox_x_client_tmpfs_t type, if you want to store sandbox x client files on a tmpfs file system.
++You can see the types associated with a port by using the following command:
+
++.B semanage port -l
+
-+.EX
+.PP
-+.B sandbox_xserver_tmpfs_t
-+.EE
-+
-+- Set files with the sandbox_xserver_tmpfs_t type, if you want to store sandbox xserver files on a tmpfs file system.
++Policy governs the access confined processes have to these ports.
++SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
++.PP
++The following port types are defined for ntop:
+
++.EX
++.TP 5
++.B ntop_port_t
++.TP 10
++.EE
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
++Default Defined Ports:
++tcp 3000-3001
++.EE
++udp 3000-3001
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
++SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible.
+.PP
-+The following process types are defined for sandbox:
++The following process types are defined for ntop:
+
+.EX
-+.B sandbox_x_client_t, sandbox_net_client_t, sandbox_xserver_t, sandbox_x_t, sandbox_staff_t, sandbox_web_client_t, sandbox_min_t, sandbox_net_t, sandbox_web_t, sandbox_min_client_t, sandbox_t
++.B ntop_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ntop_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ntop_tmp_t
++
++
++.br
++.B ntop_var_lib_t
++
++ /var/lib/ntop(/.*)?
++.br
++
++.br
++.B ntop_var_run_t
++
++ /var/run/ntop\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45754,116 +53078,141 @@ index 0000000..76f0d9f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.B semanage port
++can also be used to manipulate the port definitions
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sandbox(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/sanlock_selinux.8 b/man/man8/sanlock_selinux.8
++selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ntpd_selinux.8 b/man/man8/ntpd_selinux.8
new file mode 100644
-index 0000000..7b9ea7a
+index 0000000..12218b3
--- /dev/null
-+++ b/man/man8/sanlock_selinux.8
-@@ -0,0 +1,140 @@
-+.TH "sanlock_selinux" "8" "sanlock" "dwalsh at redhat.com" "sanlock SELinux Policy documentation"
++++ b/man/man8/ntpd_selinux.8
+@@ -0,0 +1,239 @@
++.TH "ntpd_selinux" "8" "ntpd" "dwalsh at redhat.com" "ntpd SELinux Policy documentation"
+.SH "NAME"
-+sanlock_selinux \- Security Enhanced Linux Policy for the sanlock processes
++ntpd_selinux \- Security Enhanced Linux Policy for the ntpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sanlock processes via flexible mandatory access
++Security-Enhanced Linux secures the ntpd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sanlock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sanlock with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ntpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P virt_use_sanlock 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++If you want to allow confined applications to run with kerberos for the ntpd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P sanlock_use_nfs 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow sanlock to manage cifs files, you must turn on the sanlock_use_samba boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
++.PP
++The following file types are defined for ntpd:
++
+
+.EX
-+.B setsebool -P sanlock_use_samba 1
++.PP
++.B ntpd_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the ntpd_exec_t type, if you want to transition an executable to the ntpd_t domain.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sanlock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.TP 5
++Paths:
++/usr/sbin/ntpd, /etc/cron\.(daily|weekly)/ntp-server, /etc/cron\.(daily|weekly)/ntp-simple
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B ntpd_initrc_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the sanlock_t, you must turn on the kerberos_enabled boolean.
++- Set files with the ntpd_initrc_exec_t type, if you want to transition an executable to the ntpd_initrc_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B ntpd_key_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++- Set files with the ntpd_key_t type, if you want to treat the files as ntpd key data.
++
++.br
++.TP 5
++Paths:
++/etc/ntp/crypto(/.*)?, /etc/ntp/keys
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B ntpd_log_t
++.EE
++
++- Set files with the ntpd_log_t type, if you want to treat the data as ntpd log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/ntpstats(/.*)?, /var/log/xntpd.*, /var/log/ntp.*
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux sanlock policy is very flexible allowing users to setup their sanlock processes in as secure a method as possible.
-+.PP
-+The following file types are defined for sanlock:
++.B ntpd_tmp_t
++.EE
++
++- Set files with the ntpd_tmp_t type, if you want to store ntpd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B sanlock_exec_t
++.B ntpd_tmpfs_t
+.EE
+
-+- Set files with the sanlock_exec_t type, if you want to transition an executable to the sanlock_t domain.
++- Set files with the ntpd_tmpfs_t type, if you want to store ntpd files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B sanlock_initrc_exec_t
++.B ntpd_unit_file_t
+.EE
+
-+- Set files with the sanlock_initrc_exec_t type, if you want to transition an executable to the sanlock_initrc_t domain.
++- Set files with the ntpd_unit_file_t type, if you want to treat the files as ntpd unit content.
+
+
+.EX
+.PP
-+.B sanlock_log_t
++.B ntpd_var_run_t
+.EE
+
-+- Set files with the sanlock_log_t type, if you want to treat the data as sanlock log data, usually stored under the /var/log directory.
++- Set files with the ntpd_var_run_t type, if you want to store the ntpd files under the /run directory.
+
+
+.EX
+.PP
-+.B sanlock_var_run_t
++.B ntpdate_exec_t
+.EE
+
-+- Set files with the sanlock_var_run_t type, if you want to store the sanlock files under the /run directory.
++- Set files with the ntpdate_exec_t type, if you want to transition an executable to the ntpdate_t domain.
+
+
+.PP
@@ -45873,24 +53222,97 @@ index 0000000..7b9ea7a
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
++.PP
++The following port types are defined for ntpd:
++
++.EX
++.TP 5
++.B ntp_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 123
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sanlock policy is very flexible allowing users to setup their sanlock processes in as secure a method as possible.
++SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for sanlock:
++The following process types are defined for ntpd:
+
+.EX
-+.B sanlock_t
++.B ntpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ntpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gpsd_tmpfs_t
++
++
++.br
++.B ntp_drift_t
++
++ /var/lib/ntp(/.*)?
++.br
++ /etc/ntp/data(/.*)?
++.br
++
++.br
++.B ntpd_log_t
++
++ /var/log/ntp.*
++.br
++ /var/log/xntpd.*
++.br
++ /var/log/ntpstats(/.*)?
++.br
++
++.br
++.B ntpd_tmp_t
++
++
++.br
++.B ntpd_tmpfs_t
++
++
++.br
++.B ntpd_var_run_t
++
++ /var/run/ntpd\.pid
++.br
++
++.br
++.B tmpfs_t
++
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -45901,107 +53323,76 @@ index 0000000..7b9ea7a
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.B semanage port
++can also be used to manipulate the port definitions
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sanlock(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/saslauthd_selinux.8 b/man/man8/saslauthd_selinux.8
++selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/numad_selinux.8 b/man/man8/numad_selinux.8
new file mode 100644
-index 0000000..d96e37e
+index 0000000..f32b8bd
--- /dev/null
-+++ b/man/man8/saslauthd_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "saslauthd_selinux" "8" "saslauthd" "dwalsh at redhat.com" "saslauthd SELinux Policy documentation"
++++ b/man/man8/numad_selinux.8
+@@ -0,0 +1,113 @@
++.TH "numad_selinux" "8" "numad" "dwalsh at redhat.com" "numad SELinux Policy documentation"
+.SH "NAME"
-+saslauthd_selinux \- Security Enhanced Linux Policy for the saslauthd processes
++numad_selinux \- Security Enhanced Linux Policy for the numad processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the saslauthd processes via flexible mandatory access
++Security-Enhanced Linux secures the numad processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. saslauthd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run saslauthd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow sasl to read shadow, you must turn on the saslauthd_read_shadow boolean.
-+
-+.EX
-+.B setsebool -P saslauthd_read_shadow 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the saslauthd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the saslauthd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux saslauthd policy is very flexible allowing users to setup their saslauthd processes in as secure a method as possible.
++SELinux numad policy is very flexible allowing users to setup their numad processes in as secure a method as possible.
+.PP
-+The following file types are defined for saslauthd:
++The following file types are defined for numad:
+
+
+.EX
+.PP
-+.B saslauthd_exec_t
++.B numad_exec_t
+.EE
+
-+- Set files with the saslauthd_exec_t type, if you want to transition an executable to the saslauthd_t domain.
++- Set files with the numad_exec_t type, if you want to transition an executable to the numad_t domain.
+
+
+.EX
+.PP
-+.B saslauthd_initrc_exec_t
++.B numad_unit_file_t
+.EE
+
-+- Set files with the saslauthd_initrc_exec_t type, if you want to transition an executable to the saslauthd_initrc_t domain.
++- Set files with the numad_unit_file_t type, if you want to treat the files as numad unit content.
+
+
+.EX
+.PP
-+.B saslauthd_keytab_t
++.B numad_var_log_t
+.EE
+
-+- Set files with the saslauthd_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the numad_var_log_t type, if you want to treat the data as numad var log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B saslauthd_var_run_t
++.B numad_var_run_t
+.EE
+
-+- Set files with the saslauthd_var_run_t type, if you want to store the saslauthd files under the /run directory.
++- Set files with the numad_var_run_t type, if you want to store the numad files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/saslauthd(/.*)?, /var/lib/sasl2(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46016,18 +53407,34 @@ index 0000000..d96e37e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux saslauthd policy is very flexible allowing users to setup their saslauthd processes in as secure a method as possible.
++SELinux numad policy is very flexible allowing users to setup their numad processes in as secure a method as possible.
+.PP
-+The following process types are defined for saslauthd:
++The following process types are defined for numad:
+
+.EX
-+.B saslauthd_t
++.B numad_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type numad_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B numad_var_log_t
++
++ /var/log/numad\.log.*
++.br
++
++.br
++.B numad_var_run_t
++
++ /var/run/numad\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46038,70 +53445,75 @@ index 0000000..d96e37e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), saslauthd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/sblim_selinux.8 b/man/man8/sblim_selinux.8
++selinux(8), numad(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nut_upsd_selinux.8 b/man/man8/nut_upsd_selinux.8
new file mode 100644
-index 0000000..4e9252e
+index 0000000..efd7061
--- /dev/null
-+++ b/man/man8/sblim_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "sblim_selinux" "8" "sblim" "dwalsh at redhat.com" "sblim SELinux Policy documentation"
++++ b/man/man8/nut_upsd_selinux.8
+@@ -0,0 +1,110 @@
++.TH "nut_upsd_selinux" "8" "nut_upsd" "dwalsh at redhat.com" "nut_upsd SELinux Policy documentation"
+.SH "NAME"
-+sblim_selinux \- Security Enhanced Linux Policy for the sblim processes
++nut_upsd_selinux \- Security Enhanced Linux Policy for the nut_upsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sblim processes via flexible mandatory access
++Security-Enhanced Linux secures the nut_upsd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nut_upsmon_t, nut_upsdrvctl_t, nut_upsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the nut_upsmon_t, nut_upsdrvctl_t, nut_upsd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sblim policy is very flexible allowing users to setup their sblim processes in as secure a method as possible.
++SELinux nut_upsd policy is very flexible allowing users to setup their nut_upsd processes in as secure a method as possible.
+.PP
-+The following file types are defined for sblim:
-+
-+
-+.EX
-+.PP
-+.B sblim_gatherd_exec_t
-+.EE
-+
-+- Set files with the sblim_gatherd_exec_t type, if you want to transition an executable to the sblim_gatherd_t domain.
++The following file types are defined for nut_upsd:
+
+
+.EX
+.PP
-+.B sblim_reposd_exec_t
++.B nut_upsd_exec_t
+.EE
+
-+- Set files with the sblim_reposd_exec_t type, if you want to transition an executable to the sblim_reposd_t domain.
++- Set files with the nut_upsd_exec_t type, if you want to transition an executable to the nut_upsd_t domain.
+
+
+.EX
+.PP
-+.B sblim_var_run_t
++.B nut_upsdrvctl_exec_t
+.EE
+
-+- Set files with the sblim_var_run_t type, if you want to store the sblim files under the /run directory.
++- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/upsdrvctl, /sbin/upsdrvctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46116,18 +53528,28 @@ index 0000000..4e9252e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sblim policy is very flexible allowing users to setup their sblim processes in as secure a method as possible.
++SELinux nut_upsd policy is very flexible allowing users to setup their nut_upsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for sblim:
++The following process types are defined for nut_upsd:
+
+.EX
-+.B sblim_reposd_t, sblim_gatherd_t
++.B nut_upsd_t, nut_upsmon_t, nut_upsdrvctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nut_upsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nut_var_run_t
++
++ /var/run/nut(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46143,109 +53565,40 @@ index 0000000..4e9252e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), sblim(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/secadm_selinux.8 b/man/man8/secadm_selinux.8
-new file mode 100644
-index 0000000..6bf3e2b
---- /dev/null
-+++ b/man/man8/secadm_selinux.8
-@@ -0,0 +1,65 @@
-+.TH "secadm_selinux" "8" "secadm" "mgrepl at redhat.com" "secadm SELinux Policy documentation"
-+.SH "NAME"
-+secadm_r \- \fBSecurity administrator role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
-+
-+Note: The examples in the man page will user the staff_u user.
-+
-+Non login roles are usually used for administrative tasks.
-+
-+Roles usually have default types assigned to them.
-+
-+The default type for the secadm_r role is secadm_t.
-+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
-+
-+.B newrole -r secadm_r -t secadm_t
-+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
-+
-+USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
-+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
-+
-+You can see all of the assigned SELinux roles using the following
-+
-+.B semanage user -l
-+
-+If you wanted to add secadm_r to the staff_u user, you would execute:
-+
-+.B $ semanage user -m -R 'staff_r secadm_r' staff_u
-+
-+
-+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
-+
-+.B sesearch --role_allow
-+
-+SELinux policy allows the sysadm_r, staff_r, auditadm_r roles can transition to the secadm_r role.
-+
-+
-+.SH "COMMANDS"
-+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
-+
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8
++selinux(8), nut_upsd(8), semanage(8), restorecon(8), chcon(1)
++, nut_upsdrvctl_selinux(8), nut_upsmon_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nut_upsdrvctl_selinux.8 b/man/man8/nut_upsdrvctl_selinux.8
new file mode 100644
-index 0000000..584af3d
+index 0000000..44c6d00
--- /dev/null
-+++ b/man/man8/sectoolm_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh at redhat.com" "sectoolm SELinux Policy documentation"
++++ b/man/man8/nut_upsdrvctl_selinux.8
+@@ -0,0 +1,102 @@
++.TH "nut_upsdrvctl_selinux" "8" "nut_upsdrvctl" "dwalsh at redhat.com" "nut_upsdrvctl SELinux Policy documentation"
+.SH "NAME"
-+sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes
++nut_upsdrvctl_selinux \- Security Enhanced Linux Policy for the nut_upsdrvctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sectoolm processes via flexible mandatory access
++Security-Enhanced Linux secures the nut_upsdrvctl processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sectoolm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nut_upsdrvctl_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sectoolm_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the nut_upsdrvctl_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -46254,18 +53607,22 @@ index 0000000..584af3d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
++SELinux nut_upsdrvctl policy is very flexible allowing users to setup their nut_upsdrvctl processes in as secure a method as possible.
+.PP
-+The following file types are defined for sectoolm:
++The following file types are defined for nut_upsdrvctl:
+
+
+.EX
+.PP
-+.B sectoolm_exec_t
++.B nut_upsdrvctl_exec_t
+.EE
+
-+- Set files with the sectoolm_exec_t type, if you want to transition an executable to the sectoolm_t domain.
++- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/upsdrvctl, /sbin/upsdrvctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46280,18 +53637,28 @@ index 0000000..584af3d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
++SELinux nut_upsdrvctl policy is very flexible allowing users to setup their nut_upsdrvctl processes in as secure a method as possible.
+.PP
-+The following process types are defined for sectoolm:
++The following process types are defined for nut_upsdrvctl:
+
+.EX
-+.B sectoolm_t
++.B nut_upsdrvctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nut_upsdrvctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B nut_var_run_t
++
++ /var/run/nut(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46307,96 +53674,59 @@ index 0000000..584af3d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/selinux_selinux.8 b/man/man8/selinux_selinux.8
++selinux(8), nut_upsdrvctl(8), semanage(8), restorecon(8), chcon(1)
++, nut_upsd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/nut_upsmon_selinux.8 b/man/man8/nut_upsmon_selinux.8
new file mode 100644
-index 0000000..13e68bf
+index 0000000..165cca3
--- /dev/null
-+++ b/man/man8/selinux_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "selinux_selinux" "8" "selinux" "dwalsh at redhat.com" "selinux SELinux Policy documentation"
++++ b/man/man8/nut_upsmon_selinux.8
+@@ -0,0 +1,171 @@
++.TH "nut_upsmon_selinux" "8" "nut_upsmon" "dwalsh at redhat.com" "nut_upsmon SELinux Policy documentation"
+.SH "NAME"
-+selinux_selinux \- Security Enhanced Linux Policy for the selinux processes
++nut_upsmon_selinux \- Security Enhanced Linux Policy for the nut_upsmon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the selinux processes via flexible mandatory access
++Security-Enhanced Linux secures the nut_upsmon processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. selinux policy is extremely flexible and has several booleans that allow you to manipulate the policy and run selinux with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execheap boolean.
-+
-+.EX
-+.B setsebool -P selinuxuser_execheap 1
-+.EE
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must turn on the selinuxuser_execmod boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the nut_upsmon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P selinuxuser_execmod 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.
++If you want to allow confined applications to run with kerberos for the nut_upsmon_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P selinuxuser_execstack 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
++SELinux nut_upsmon policy is very flexible allowing users to setup their nut_upsmon processes in as secure a method as possible.
+.PP
-+The following file types are defined for selinux:
-+
-+
-+.EX
-+.PP
-+.B selinux_config_t
-+.EE
-+
-+- Set files with the selinux_config_t type, if you want to treat the files as selinux configuration data, usually stored under the /etc directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/selinux/([^/]*/)?users(/.*)?, /etc/selinux/([^/]*/)?setrans\.conf, /etc/selinux(/.*)?, /etc/selinux/([^/]*/)?seusers
-+
-+.EX
-+.PP
-+.B selinux_munin_plugin_exec_t
-+.EE
-+
-+- Set files with the selinux_munin_plugin_exec_t type, if you want to transition an executable to the selinux_munin_plugin_t domain.
-+
-+
-+.EX
-+.PP
-+.B selinux_munin_plugin_tmp_t
-+.EE
-+
-+- Set files with the selinux_munin_plugin_tmp_t type, if you want to store selinux munin plugin temporary files in the /tmp directories.
++The following file types are defined for nut_upsmon:
+
+
+.EX
+.PP
-+.B selinux_var_lib_t
++.B nut_upsmon_exec_t
+.EE
+
-+- Set files with the selinux_var_lib_t type, if you want to store the selinux files under the /var/lib directory.
++- Set files with the nut_upsmon_exec_t type, if you want to transition an executable to the nut_upsmon_t domain.
+
+
+.PP
@@ -46412,18 +53742,102 @@ index 0000000..13e68bf
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
++SELinux nut_upsmon policy is very flexible allowing users to setup their nut_upsmon processes in as secure a method as possible.
+.PP
-+The following process types are defined for selinux:
++The following process types are defined for nut_upsmon:
+
+.EX
-+.B selinux_munin_plugin_t
++.B nut_upsmon_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type nut_upsmon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B nut_var_run_t
++
++ /var/run/nut(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46434,115 +53848,171 @@ index 0000000..13e68bf
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), selinux(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8
++selinux(8), nut_upsmon(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nx_server_selinux.8 b/man/man8/nx_server_selinux.8
new file mode 100644
-index 0000000..bb8dd56
+index 0000000..f93f088
--- /dev/null
-+++ b/man/man8/semanage_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "semanage_selinux" "8" "semanage" "dwalsh at redhat.com" "semanage SELinux Policy documentation"
++++ b/man/man8/nx_server_selinux.8
+@@ -0,0 +1,117 @@
++.TH "nx_server_selinux" "8" "nx_server" "mgrepl at redhat.com" "nx_server SELinux Policy documentation"
+.SH "NAME"
-+semanage_selinux \- Security Enhanced Linux Policy for the semanage processes
-+.SH "DESCRIPTION"
++nx_server_r \- \fBnx_server user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the semanage processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH NSSWITCH DOMAIN
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the semanage_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the semanage_t, you must turn on the kerberos_enabled boolean.
++The default type for the nx_server_r role is nx_server_t.
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++The
++.B newrole
++program to transition directly to this role.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
-+.PP
-+The following file types are defined for semanage:
++.B newrole -r nx_server_r -t nx_server_t
+
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to nx_server_r by adding a similar line to the /etc/sudoers file.
+
-+.EX
-+.PP
-+.B semanage_exec_t
-+.EE
++USERNAME ALL=(ALL) ROLE=nx_server_r TYPE=nx_server_t COMMAND
+
-+- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain.
++.br
++sudo will run COMMAND as staff_u:nx_server_r:nx_server_t:LEVEL
++
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach nx_server_r role.
++
++Execute the following to see all of the assigned SELinux roles:
++
++.B semanage user -l
++
++You need to add nx_server_r to the staff_u user. You could setup the staff_u user to be able to use the nx_server_r role with a command like:
++
++.B $ semanage user -m -R 'staff_r system_r nx_server_r' staff_u
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type nx_server_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
++.B nx_server_home_ssh_t
+
-+.EX
-+.PP
-+.B semanage_read_lock_t
-+.EE
++ /opt/NX/home/nx/\.ssh(/.*)?
++.br
++ /usr/NX/home/nx/\.ssh(/.*)?
++.br
++ /var/lib/nxserver/home/.ssh(/.*)?
++.br
+
-+- Set files with the semanage_read_lock_t type, if you want to treat the files as semanage read lock data, stored under the /var/lock directory
++.br
++.B nx_server_tmp_t
+
+
-+.EX
-+.PP
-+.B semanage_store_t
-+.EE
++.br
++.B nx_server_var_lib_t
+
-+- Set files with the semanage_store_t type, if you want to treat the files as semanage store data.
++ /opt/NX/home(/.*)?
++.br
++ /usr/NX/home(/.*)?
++.br
++ /var/lib/nxserver(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)?
++.B nx_server_var_run_t
+
-+.EX
-+.PP
-+.B semanage_tmp_t
-+.EE
++ /opt/NX/var(/.*)?
++.br
+
-+- Set files with the semanage_tmp_t type, if you want to store semanage temporary files in the /tmp directories.
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B semanage_trans_lock_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the semanage_trans_lock_t type, if you want to treat the files as semanage trans lock data, stored under the /var/lock directory
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), nx_server(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/obex_selinux.8 b/man/man8/obex_selinux.8
+new file mode 100644
+index 0000000..d901467
+--- /dev/null
++++ b/man/man8/obex_selinux.8
+@@ -0,0 +1,77 @@
++.TH "obex_selinux" "8" "obex" "dwalsh at redhat.com" "obex SELinux Policy documentation"
++.SH "NAME"
++obex_selinux \- Security Enhanced Linux Policy for the obex processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the obex processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux obex policy is very flexible allowing users to setup their obex processes in as secure a method as possible.
++.PP
++The following file types are defined for obex:
+
+
+.EX
+.PP
-+.B semanage_var_lib_t
++.B obex_exec_t
+.EE
+
-+- Set files with the semanage_var_lib_t type, if you want to store the semanage files under the /var/lib directory.
++- Set files with the obex_exec_t type, if you want to transition an executable to the obex_t domain.
+
+
+.PP
@@ -46558,18 +54028,22 @@ index 0000000..bb8dd56
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++SELinux obex policy is very flexible allowing users to setup their obex processes in as secure a method as possible.
+.PP
-+The following process types are defined for semanage:
++The following process types are defined for obex:
+
+.EX
-+.B semanage_t
++.B obex_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type obex_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46585,63 +54059,38 @@ index 0000000..bb8dd56
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sendmail_selinux.8 b/man/man8/sendmail_selinux.8
++selinux(8), obex(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/oddjob_mkhomedir_selinux.8 b/man/man8/oddjob_mkhomedir_selinux.8
new file mode 100644
-index 0000000..85c765e
+index 0000000..d79ae34
--- /dev/null
-+++ b/man/man8/sendmail_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "sendmail_selinux" "8" "sendmail" "dwalsh at redhat.com" "sendmail SELinux Policy documentation"
++++ b/man/man8/oddjob_mkhomedir_selinux.8
+@@ -0,0 +1,108 @@
++.TH "oddjob_mkhomedir_selinux" "8" "oddjob_mkhomedir" "dwalsh at redhat.com" "oddjob_mkhomedir SELinux Policy documentation"
+.SH "NAME"
-+sendmail_selinux \- Security Enhanced Linux Policy for the sendmail processes
++oddjob_mkhomedir_selinux \- Security Enhanced Linux Policy for the oddjob_mkhomedir processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sendmail processes via flexible mandatory access
++Security-Enhanced Linux secures the oddjob_mkhomedir processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sendmail policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sendmail with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
-+
-+.EX
-+.B setsebool -P httpd_can_sendmail 1
-+.EE
-+
-+.PP
-+If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
-+
-+.EX
-+.B setsebool -P logging_syslogd_can_sendmail 1
-+.EE
-+
-+.PP
-+If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
-+
-+.EX
-+.B setsebool -P gitosis_can_sendmail 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sendmail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the oddjob_mkhomedir_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sendmail_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the oddjob_mkhomedir_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -46650,70 +54099,22 @@ index 0000000..85c765e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sendmail policy is very flexible allowing users to setup their sendmail processes in as secure a method as possible.
++SELinux oddjob_mkhomedir policy is very flexible allowing users to setup their oddjob_mkhomedir processes in as secure a method as possible.
+.PP
-+The following file types are defined for sendmail:
++The following file types are defined for oddjob_mkhomedir:
+
+
+.EX
+.PP
-+.B sendmail_exec_t
-+.EE
-+
-+- Set files with the sendmail_exec_t type, if you want to transition an executable to the sendmail_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/mail(x)?, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/bin/esmtp, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail, /usr/lib/sendmail, /bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)?
-+
-+.EX
-+.PP
-+.B sendmail_initrc_exec_t
-+.EE
-+
-+- Set files with the sendmail_initrc_exec_t type, if you want to transition an executable to the sendmail_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B sendmail_keytab_t
-+.EE
-+
-+- Set files with the sendmail_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
-+
-+.EX
-+.PP
-+.B sendmail_log_t
-+.EE
-+
-+- Set files with the sendmail_log_t type, if you want to treat the data as sendmail log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/sendmail\.st, /var/log/mail(/.*)?
-+
-+.EX
-+.PP
-+.B sendmail_tmp_t
-+.EE
-+
-+- Set files with the sendmail_tmp_t type, if you want to store sendmail temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B sendmail_var_run_t
++.B oddjob_mkhomedir_exec_t
+.EE
+
-+- Set files with the sendmail_var_run_t type, if you want to store the sendmail files under the /run directory.
++- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/run/sendmail\.pid, /var/run/sm-client\.pid
++/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46728,18 +54129,34 @@ index 0000000..85c765e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sendmail policy is very flexible allowing users to setup their sendmail processes in as secure a method as possible.
++SELinux oddjob_mkhomedir policy is very flexible allowing users to setup their oddjob_mkhomedir processes in as secure a method as possible.
+.PP
-+The following process types are defined for sendmail:
++The following process types are defined for oddjob_mkhomedir:
+
+.EX
-+.B sendmail_t
++.B oddjob_mkhomedir_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type oddjob_mkhomedir_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46750,65 +54167,95 @@ index 0000000..85c765e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sendmail(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), oddjob_mkhomedir(8), semanage(8), restorecon(8), chcon(1)
++, oddjob_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/services_selinux.8 b/man/man8/services_selinux.8
+diff --git a/man/man8/oddjob_selinux.8 b/man/man8/oddjob_selinux.8
new file mode 100644
-index 0000000..ac4a98f
+index 0000000..8ba6cc2
--- /dev/null
-+++ b/man/man8/services_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "services_selinux" "8" "services" "dwalsh at redhat.com" "services SELinux Policy documentation"
++++ b/man/man8/oddjob_selinux.8
+@@ -0,0 +1,138 @@
++.TH "oddjob_selinux" "8" "oddjob" "dwalsh at redhat.com" "oddjob SELinux Policy documentation"
+.SH "NAME"
-+services_selinux \- Security Enhanced Linux Policy for the services processes
++oddjob_selinux \- Security Enhanced Linux Policy for the oddjob processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the services processes via flexible mandatory access
++Security-Enhanced Linux secures the oddjob processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. oddjob policy is extremely flexible and has several booleans that allow you to manipulate the policy and run oddjob with the tightest access possible.
++
++
++.PP
++If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
++
++.EX
++.B setsebool -P httpd_use_oddjob 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the oddjob_mkhomedir_t, oddjob_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the oddjob_mkhomedir_t, oddjob_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux services policy is very flexible allowing users to setup their services processes in as secure a method as possible.
++SELinux oddjob policy is very flexible allowing users to setup their oddjob processes in as secure a method as possible.
+.PP
-+The following file types are defined for services:
++The following file types are defined for oddjob:
+
+
+.EX
+.PP
-+.B services_munin_plugin_exec_t
++.B oddjob_exec_t
+.EE
+
-+- Set files with the services_munin_plugin_exec_t type, if you want to transition an executable to the services_munin_plugin_t domain.
++- Set files with the oddjob_exec_t type, if you want to transition an executable to the oddjob_t domain.
++
++
++.EX
++.PP
++.B oddjob_mkhomedir_exec_t
++.EE
++
++- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/http_loadtime
++/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
+
+.EX
+.PP
-+.B services_munin_plugin_tmp_t
++.B oddjob_var_run_t
+.EE
+
-+- Set files with the services_munin_plugin_tmp_t type, if you want to store services munin plugin temporary files in the /tmp directories.
++- Set files with the oddjob_var_run_t type, if you want to store the oddjob files under the /run directory.
+
+
+.PP
@@ -46824,18 +54271,34 @@ index 0000000..ac4a98f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux services policy is very flexible allowing users to setup their services processes in as secure a method as possible.
++SELinux oddjob policy is very flexible allowing users to setup their oddjob processes in as secure a method as possible.
+.PP
-+The following process types are defined for services:
++The following process types are defined for oddjob:
+
+.EX
-+.B services_munin_plugin_t
++.B oddjob_mkhomedir_t, oddjob_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type oddjob_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B oddjob_var_run_t
++
++ /var/run/oddjobd\.pid
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46846,27 +54309,32 @@ index 0000000..ac4a98f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), services(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setfiles_selinux.8 b/man/man8/setfiles_selinux.8
++selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), oddjob_mkhomedir_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/openct_selinux.8 b/man/man8/openct_selinux.8
new file mode 100644
-index 0000000..5229951
+index 0000000..f7155b6
--- /dev/null
-+++ b/man/man8/setfiles_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "setfiles_selinux" "8" "setfiles" "dwalsh at redhat.com" "setfiles SELinux Policy documentation"
++++ b/man/man8/openct_selinux.8
+@@ -0,0 +1,99 @@
++.TH "openct_selinux" "8" "openct" "dwalsh at redhat.com" "openct SELinux Policy documentation"
+.SH "NAME"
-+setfiles_selinux \- Security Enhanced Linux Policy for the setfiles processes
++openct_selinux \- Security Enhanced Linux Policy for the openct processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setfiles processes via flexible mandatory access
++Security-Enhanced Linux secures the openct processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -46877,22 +54345,30 @@ index 0000000..5229951
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setfiles policy is very flexible allowing users to setup their setfiles processes in as secure a method as possible.
++SELinux openct policy is very flexible allowing users to setup their openct processes in as secure a method as possible.
+.PP
-+The following file types are defined for setfiles:
++The following file types are defined for openct:
+
+
+.EX
+.PP
-+.B setfiles_exec_t
++.B openct_exec_t
+.EE
+
-+- Set files with the setfiles_exec_t type, if you want to transition an executable to the setfiles_t domain.
++- Set files with the openct_exec_t type, if you want to transition an executable to the openct_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon
++/usr/sbin/ifdhandler, /usr/sbin/openct-control
++
++.EX
++.PP
++.B openct_var_run_t
++.EE
++
++- Set files with the openct_var_run_t type, if you want to store the openct files under the /run directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46907,18 +54383,32 @@ index 0000000..5229951
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux setfiles policy is very flexible allowing users to setup their setfiles processes in as secure a method as possible.
++SELinux openct policy is very flexible allowing users to setup their openct processes in as secure a method as possible.
+.PP
-+The following process types are defined for setfiles:
++The following process types are defined for openct:
+
+.EX
-+.B setfiles_mac_t, setfiles_t
++.B openct_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type openct_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B openct_var_run_t
++
++ /var/run/openct(/.*)?
++.br
++
++.br
++.B usbfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -46934,22 +54424,22 @@ index 0000000..5229951
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setkey_selinux.8 b/man/man8/setkey_selinux.8
++selinux(8), openct(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/openshift_cgroup_read_selinux.8 b/man/man8/openshift_cgroup_read_selinux.8
new file mode 100644
-index 0000000..156aefb
+index 0000000..54de9de
--- /dev/null
-+++ b/man/man8/setkey_selinux.8
++++ b/man/man8/openshift_cgroup_read_selinux.8
@@ -0,0 +1,77 @@
-+.TH "setkey_selinux" "8" "setkey" "dwalsh at redhat.com" "setkey SELinux Policy documentation"
++.TH "openshift_cgroup_read_selinux" "8" "openshift_cgroup_read" "dwalsh at redhat.com" "openshift_cgroup_read SELinux Policy documentation"
+.SH "NAME"
-+setkey_selinux \- Security Enhanced Linux Policy for the setkey processes
++openshift_cgroup_read_selinux \- Security Enhanced Linux Policy for the openshift_cgroup_read processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setkey processes via flexible mandatory access
++Security-Enhanced Linux secures the openshift_cgroup_read processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -46960,22 +54450,18 @@ index 0000000..156aefb
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setkey policy is very flexible allowing users to setup their setkey processes in as secure a method as possible.
++SELinux openshift_cgroup_read policy is very flexible allowing users to setup their openshift_cgroup_read processes in as secure a method as possible.
+.PP
-+The following file types are defined for setkey:
++The following file types are defined for openshift_cgroup_read:
+
+
+.EX
+.PP
-+.B setkey_exec_t
++.B openshift_cgroup_read_exec_t
+.EE
+
-+- Set files with the setkey_exec_t type, if you want to transition an executable to the setkey_t domain.
++- Set files with the openshift_cgroup_read_exec_t type, if you want to transition an executable to the openshift_cgroup_read_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/setkey, /sbin/setkey
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46990,18 +54476,22 @@ index 0000000..156aefb
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux setkey policy is very flexible allowing users to setup their setkey processes in as secure a method as possible.
++SELinux openshift_cgroup_read policy is very flexible allowing users to setup their openshift_cgroup_read processes in as secure a method as possible.
+.PP
-+The following process types are defined for setkey:
++The following process types are defined for openshift_cgroup_read:
+
+.EX
-+.B setkey_t
++.B openshift_cgroup_read_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type openshift_cgroup_read_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47017,22 +54507,22 @@ index 0000000..156aefb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setrans_selinux.8 b/man/man8/setrans_selinux.8
++selinux(8), openshift_cgroup_read(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/openshift_initrc_selinux.8 b/man/man8/openshift_initrc_selinux.8
new file mode 100644
-index 0000000..53a7586
+index 0000000..e1928fb
--- /dev/null
-+++ b/man/man8/setrans_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "setrans_selinux" "8" "setrans" "dwalsh at redhat.com" "setrans SELinux Policy documentation"
++++ b/man/man8/openshift_initrc_selinux.8
+@@ -0,0 +1,95 @@
++.TH "openshift_initrc_selinux" "8" "openshift_initrc" "dwalsh at redhat.com" "openshift_initrc SELinux Policy documentation"
+.SH "NAME"
-+setrans_selinux \- Security Enhanced Linux Policy for the setrans processes
++openshift_initrc_selinux \- Security Enhanced Linux Policy for the openshift_initrc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setrans processes via flexible mandatory access
++Security-Enhanced Linux secures the openshift_initrc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -47043,42 +54533,30 @@ index 0000000..53a7586
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setrans policy is very flexible allowing users to setup their setrans processes in as secure a method as possible.
++SELinux openshift_initrc policy is very flexible allowing users to setup their openshift_initrc processes in as secure a method as possible.
+.PP
-+The following file types are defined for setrans:
++The following file types are defined for openshift_initrc:
+
+
+.EX
+.PP
-+.B setrans_exec_t
++.B openshift_initrc_exec_t
+.EE
+
-+- Set files with the setrans_exec_t type, if you want to transition an executable to the setrans_t domain.
++- Set files with the openshift_initrc_exec_t type, if you want to transition an executable to the openshift_initrc_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/mcstransd, /usr/sbin/mcstransd
-+
-+.EX
-+.PP
-+.B setrans_initrc_exec_t
-+.EE
-+
-+- Set files with the setrans_initrc_exec_t type, if you want to transition an executable to the setrans_initrc_t domain.
-+
++/usr/bin/rhc-restorer, /etc/rc\.d/init\.d/mcollective, /etc/rc\.d/init\.d/libra
+
+.EX
+.PP
-+.B setrans_var_run_t
++.B openshift_initrc_tmp_t
+.EE
+
-+- Set files with the setrans_var_run_t type, if you want to store the setrans files under the /run directory.
++- Set files with the openshift_initrc_tmp_t type, if you want to store openshift initrc temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mcstransd\.pid, /var/run/setrans(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47093,18 +54571,28 @@ index 0000000..53a7586
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux setrans policy is very flexible allowing users to setup their setrans processes in as secure a method as possible.
++SELinux openshift_initrc policy is very flexible allowing users to setup their openshift_initrc processes in as secure a method as possible.
+.PP
-+The following process types are defined for setrans:
++The following process types are defined for openshift_initrc:
+
+.EX
-+.B setrans_t
++.B openshift_initrc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type openshift_initrc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B file_type
++
++ all files on the system
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47120,38 +54608,49 @@ index 0000000..53a7586
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setroubleshoot_selinux.8 b/man/man8/setroubleshoot_selinux.8
++selinux(8), openshift_initrc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/openvpn_selinux.8 b/man/man8/openvpn_selinux.8
new file mode 100644
-index 0000000..8f116c9
+index 0000000..2140d05
--- /dev/null
-+++ b/man/man8/setroubleshoot_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "setroubleshoot_selinux" "8" "setroubleshoot" "dwalsh at redhat.com" "setroubleshoot SELinux Policy documentation"
++++ b/man/man8/openvpn_selinux.8
+@@ -0,0 +1,296 @@
++.TH "openvpn_selinux" "8" "openvpn" "dwalsh at redhat.com" "openvpn SELinux Policy documentation"
+.SH "NAME"
-+setroubleshoot_selinux \- Security Enhanced Linux Policy for the setroubleshoot processes
++openvpn_selinux \- Security Enhanced Linux Policy for the openvpn processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setroubleshoot processes via flexible mandatory access
++Security-Enhanced Linux secures the openvpn processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. openvpn policy is extremely flexible and has several booleans that allow you to manipulate the policy and run openvpn with the tightest access possible.
++
++
++.PP
++If you want to allow openvpn to read home directories, you must turn on the openvpn_enable_homedirs boolean.
++
++.EX
++.B setsebool -P openvpn_enable_homedirs 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the openvpn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the openvpn_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47160,50 +54659,70 @@ index 0000000..8f116c9
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setroubleshoot policy is very flexible allowing users to setup their setroubleshoot processes in as secure a method as possible.
++SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
+.PP
-+The following file types are defined for setroubleshoot:
++The following file types are defined for openvpn:
+
+
+.EX
+.PP
-+.B setroubleshoot_fixit_exec_t
++.B openvpn_etc_rw_t
+.EE
+
-+- Set files with the setroubleshoot_fixit_exec_t type, if you want to transition an executable to the setroubleshoot_fixit_t domain.
++- Set files with the openvpn_etc_rw_t type, if you want to treat the files as openvpn etc read/write content.
++
++
++.EX
++.PP
++.B openvpn_etc_t
++.EE
++
++- Set files with the openvpn_etc_t type, if you want to store openvpn files in the /etc directories.
+
+
+.EX
+.PP
-+.B setroubleshoot_var_lib_t
++.B openvpn_exec_t
+.EE
+
-+- Set files with the setroubleshoot_var_lib_t type, if you want to store the setroubleshoot files under the /var/lib directory.
++- Set files with the openvpn_exec_t type, if you want to transition an executable to the openvpn_t domain.
+
+
+.EX
+.PP
-+.B setroubleshoot_var_log_t
++.B openvpn_initrc_exec_t
+.EE
+
-+- Set files with the setroubleshoot_var_log_t type, if you want to treat the data as setroubleshoot var log data, usually stored under the /var/log directory.
++- Set files with the openvpn_initrc_exec_t type, if you want to transition an executable to the openvpn_initrc_t domain.
+
+
+.EX
+.PP
-+.B setroubleshoot_var_run_t
++.B openvpn_tmp_t
+.EE
+
-+- Set files with the setroubleshoot_var_run_t type, if you want to store the setroubleshoot files under the /run directory.
++- Set files with the openvpn_tmp_t type, if you want to store openvpn temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B setroubleshootd_exec_t
++.B openvpn_var_log_t
+.EE
+
-+- Set files with the setroubleshootd_exec_t type, if you want to transition an executable to the setroubleshootd_t domain.
++- Set files with the openvpn_var_log_t type, if you want to treat the data as openvpn var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B openvpn_var_run_t
++.EE
++
++- Set files with the openvpn_var_run_t type, if you want to store the openvpn files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/openvpn(/.*)?, /var/run/openvpn\.client.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47212,24 +54731,163 @@ index 0000000..8f116c9
+.B restorecon
+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux setroubleshoot policy is very flexible allowing users to setup their setroubleshoot processes in as secure a method as possible.
++Policy governs the access confined processes have to these ports.
++SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
+.PP
-+The following process types are defined for setroubleshoot:
++The following port types are defined for openvpn:
+
+.EX
-+.B setroubleshoot_fixit_t, setroubleshootd_t
++.TP 5
++.B openvpn_port_t
++.TP 10
+.EE
-+.PP
-+Note:
++
++
++Default Defined Ports:
++tcp 1194
++.EE
++udp 1194
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible.
++.PP
++The following process types are defined for openvpn:
++
++.EX
++.B openvpn_t
++.EE
++.PP
++Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type openvpn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B openvpn_etc_rw_t
++
++ /etc/openvpn/ipp.txt
++.br
++
++.br
++.B openvpn_tmp_t
++
++
++.br
++.B openvpn_var_log_t
++
++ /var/log/openvpn.*
++.br
++
++.br
++.B openvpn_var_run_t
++
++ /var/run/openvpn(/.*)?
++.br
++ /var/run/openvpn\.client.*
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47240,43 +54898,51 @@ index 0000000..8f116c9
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setroubleshoot(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setroubleshootd_selinux.8 b/man/man8/setroubleshootd_selinux.8
++selinux(8), openvpn(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/pacemaker_selinux.8 b/man/man8/pacemaker_selinux.8
new file mode 100644
-index 0000000..3804fc4
+index 0000000..6f7f43b
--- /dev/null
-+++ b/man/man8/setroubleshootd_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "setroubleshootd_selinux" "8" "setroubleshootd" "dwalsh at redhat.com" "setroubleshootd SELinux Policy documentation"
++++ b/man/man8/pacemaker_selinux.8
+@@ -0,0 +1,141 @@
++.TH "pacemaker_selinux" "8" "pacemaker" "dwalsh at redhat.com" "pacemaker SELinux Policy documentation"
+.SH "NAME"
-+setroubleshootd_selinux \- Security Enhanced Linux Policy for the setroubleshootd processes
++pacemaker_selinux \- Security Enhanced Linux Policy for the pacemaker processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setroubleshootd processes via flexible mandatory access
++Security-Enhanced Linux secures the pacemaker processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pacemaker_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the pacemaker_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47285,17 +54951,53 @@ index 0000000..3804fc4
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setroubleshootd policy is very flexible allowing users to setup their setroubleshootd processes in as secure a method as possible.
++SELinux pacemaker policy is very flexible allowing users to setup their pacemaker processes in as secure a method as possible.
+.PP
-+The following file types are defined for setroubleshootd:
++The following file types are defined for pacemaker:
+
+
+.EX
+.PP
-+.B setroubleshootd_exec_t
++.B pacemaker_exec_t
+.EE
+
-+- Set files with the setroubleshootd_exec_t type, if you want to transition an executable to the setroubleshootd_t domain.
++- Set files with the pacemaker_exec_t type, if you want to transition an executable to the pacemaker_t domain.
++
++
++.EX
++.PP
++.B pacemaker_initrc_exec_t
++.EE
++
++- Set files with the pacemaker_initrc_exec_t type, if you want to transition an executable to the pacemaker_initrc_t domain.
++
++
++.EX
++.PP
++.B pacemaker_unit_file_t
++.EE
++
++- Set files with the pacemaker_unit_file_t type, if you want to treat the files as pacemaker unit content.
++
++
++.EX
++.PP
++.B pacemaker_var_lib_t
++.EE
++
++- Set files with the pacemaker_var_lib_t type, if you want to store the pacemaker files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/pengine(/.*)?, /var/lib/heartbeat/crm(/.*)?
++
++.EX
++.PP
++.B pacemaker_var_run_t
++.EE
++
++- Set files with the pacemaker_var_run_t type, if you want to store the pacemaker files under the /run directory.
+
+
+.PP
@@ -47311,18 +55013,36 @@ index 0000000..3804fc4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux setroubleshootd policy is very flexible allowing users to setup their setroubleshootd processes in as secure a method as possible.
++SELinux pacemaker policy is very flexible allowing users to setup their pacemaker processes in as secure a method as possible.
+.PP
-+The following process types are defined for setroubleshootd:
++The following process types are defined for pacemaker:
+
+.EX
-+.B setroubleshoot_fixit_t, setroubleshootd_t
++.B pacemaker_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type pacemaker_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pacemaker_var_lib_t
++
++ /var/lib/pengine(/.*)?
++.br
++ /var/lib/heartbeat/crm(/.*)?
++.br
++
++.br
++.B pacemaker_var_run_t
++
++ /var/run/crm(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47338,38 +55058,175 @@ index 0000000..3804fc4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/setsebool_selinux.8 b/man/man8/setsebool_selinux.8
++selinux(8), pacemaker(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pads_selinux.8 b/man/man8/pads_selinux.8
new file mode 100644
-index 0000000..7e5c3d1
+index 0000000..59f31f3
--- /dev/null
-+++ b/man/man8/setsebool_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "setsebool_selinux" "8" "setsebool" "dwalsh at redhat.com" "setsebool SELinux Policy documentation"
++++ b/man/man8/pads_selinux.8
+@@ -0,0 +1,131 @@
++.TH "pads_selinux" "8" "pads" "dwalsh at redhat.com" "pads SELinux Policy documentation"
+.SH "NAME"
-+setsebool_selinux \- Security Enhanced Linux Policy for the setsebool processes
++pads_selinux \- Security Enhanced Linux Policy for the pads processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setsebool processes via flexible mandatory access
++Security-Enhanced Linux secures the pads processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setsebool_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pads policy is very flexible allowing users to setup their pads processes in as secure a method as possible.
++.PP
++The following file types are defined for pads:
++
++
++.EX
++.PP
++.B pads_config_t
++.EE
++
++- Set files with the pads_config_t type, if you want to treat the files as pads configuration data, usually stored under the /etc directory.
++
++.br
++.TP 5
++Paths:
++/etc/pads-assets.csv, /etc/pads-ether-codes, /etc/pads\.conf, /etc/pads-signature-list
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B pads_exec_t
+.EE
+
++- Set files with the pads_exec_t type, if you want to transition an executable to the pads_t domain.
++
++
++.EX
+.PP
-+If you want to allow confined applications to run with kerberos for the setsebool_t, you must turn on the kerberos_enabled boolean.
++.B pads_initrc_exec_t
++.EE
++
++- Set files with the pads_initrc_exec_t type, if you want to transition an executable to the pads_initrc_t domain.
++
++
++.EX
++.PP
++.B pads_var_run_t
++.EE
++
++- Set files with the pads_var_run_t type, if you want to store the pads files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pads policy is very flexible allowing users to setup their pads processes in as secure a method as possible.
++.PP
++The following process types are defined for pads:
++
++.EX
++.B pads_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pads_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pads_config_t
++
++ /etc/pads-assets.csv
++.br
++ /etc/pads\.conf
++.br
++ /etc/pads-ether-codes
++.br
++ /etc/pads-signature-list
++.br
++
++.br
++.B pads_var_run_t
++
++ /var/run/pads\.pid
++.br
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pads(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pam_console_selinux.8 b/man/man8/pam_console_selinux.8
+new file mode 100644
+index 0000000..cc869e0
+--- /dev/null
++++ b/man/man8/pam_console_selinux.8
+@@ -0,0 +1,96 @@
++.TH "pam_console_selinux" "8" "pam_console" "dwalsh at redhat.com" "pam_console SELinux Policy documentation"
++.SH "NAME"
++pam_console_selinux \- Security Enhanced Linux Policy for the pam_console processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pam_console processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pam_console_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pam_console_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47378,18 +55235,22 @@ index 0000000..7e5c3d1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux setsebool policy is very flexible allowing users to setup their setsebool processes in as secure a method as possible.
++SELinux pam_console policy is very flexible allowing users to setup their pam_console processes in as secure a method as possible.
+.PP
-+The following file types are defined for setsebool:
++The following file types are defined for pam_console:
+
+
+.EX
+.PP
-+.B setsebool_exec_t
++.B pam_console_exec_t
+.EE
+
-+- Set files with the setsebool_exec_t type, if you want to transition an executable to the setsebool_t domain.
++- Set files with the pam_console_exec_t type, if you want to transition an executable to the pam_console_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/pam_console_apply, /usr/sbin/pam_console_apply
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47404,18 +55265,22 @@ index 0000000..7e5c3d1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux setsebool policy is very flexible allowing users to setup their setsebool processes in as secure a method as possible.
++SELinux pam_console policy is very flexible allowing users to setup their pam_console processes in as secure a method as possible.
+.PP
-+The following process types are defined for setsebool:
++The following process types are defined for pam_console:
+
+.EX
-+.B setsebool_t
++.B pam_console_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type pam_console_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47431,56 +55296,72 @@ index 0000000..7e5c3d1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sge_selinux.8 b/man/man8/sge_selinux.8
++selinux(8), pam_console(8), semanage(8), restorecon(8), chcon(1)
++, pam_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/pam_selinux.8 b/man/man8/pam_selinux.8
new file mode 100644
-index 0000000..4259e52
+index 0000000..b9c9a6b
--- /dev/null
-+++ b/man/man8/sge_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "sge_selinux" "8" "sge" "dwalsh at redhat.com" "sge SELinux Policy documentation"
++++ b/man/man8/pam_selinux.8
+@@ -0,0 +1,175 @@
++.TH "pam_selinux" "8" "pam" "dwalsh at redhat.com" "pam SELinux Policy documentation"
+.SH "NAME"
-+sge_selinux \- Security Enhanced Linux Policy for the sge processes
++pam_selinux \- Security Enhanced Linux Policy for the pam processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sge processes via flexible mandatory access
++Security-Enhanced Linux secures the pam processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sge policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sge with the tightest access possible.
++SELinux policy is customizable based on least access required. pam policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pam with the tightest access possible.
+
+
+.PP
-+If you want to allow sge to connect to the network using any TCP port, you must turn on the sge_domain_can_network_connect boolean.
++If you want to allow user spamassassin clients to use the network, you must turn on the spamassassin_can_network boolean.
+
+.EX
-+.B setsebool -P sge_domain_can_network_connect 1
++.B setsebool -P spamassassin_can_network 1
+.EE
+
+.PP
-+If you want to allow sge to access nfs file systems, you must turn on the sge_use_nfs boolean.
++If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
+
+.EX
-+.B setsebool -P sge_use_nfs 1
++.B setsebool -P httpd_mod_auth_pam 1
++.EE
++
++.PP
++If you want to allow spamd to read/write user home directories, you must turn on the spamd_enable_home_dirs boolean.
++
++.EX
++.B setsebool -P spamd_enable_home_dirs 1
++.EE
++
++.PP
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
++
++.EX
++.B setsebool -P httpd_can_check_spam 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sge_execd_t, sge_job_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pam_console_t, pam_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sge_execd_t, sge_job_ssh_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the pam_console_t, pam_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47489,50 +55370,62 @@ index 0000000..4259e52
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sge policy is very flexible allowing users to setup their sge processes in as secure a method as possible.
++SELinux pam policy is very flexible allowing users to setup their pam processes in as secure a method as possible.
+.PP
-+The following file types are defined for sge:
++The following file types are defined for pam:
+
+
+.EX
+.PP
-+.B sge_execd_exec_t
++.B pam_console_exec_t
+.EE
+
-+- Set files with the sge_execd_exec_t type, if you want to transition an executable to the sge_execd_t domain.
++- Set files with the pam_console_exec_t type, if you want to transition an executable to the pam_console_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/pam_console_apply, /usr/sbin/pam_console_apply
+
+.EX
+.PP
-+.B sge_job_exec_t
++.B pam_exec_t
+.EE
+
-+- Set files with the sge_job_exec_t type, if you want to transition an executable to the sge_job_t domain.
++- Set files with the pam_exec_t type, if you want to transition an executable to the pam_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/pam_timestamp_check, /usr/sbin/pam_timestamp_check
+
+.EX
+.PP
-+.B sge_shepherd_exec_t
++.B pam_tmp_t
+.EE
+
-+- Set files with the sge_shepherd_exec_t type, if you want to transition an executable to the sge_shepherd_t domain.
++- Set files with the pam_tmp_t type, if you want to store pam temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B sge_spool_t
++.B pam_var_console_t
+.EE
+
-+- Set files with the sge_spool_t type, if you want to store the sge files under the /var/spool directory.
++- Set files with the pam_var_console_t type, if you want to treat the files as pam var console data.
+
+
+.EX
+.PP
-+.B sge_tmp_t
++.B pam_var_run_t
+.EE
+
-+- Set files with the sge_tmp_t type, if you want to store sge temporary files in the /tmp directories.
++- Set files with the pam_var_run_t type, if you want to store the pam files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/sudo(/.*)?, /var/run/pam_mount(/.*)?, /var/(db|lib|adm)/sudo(/.*)?, /var/run/sepermit(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47547,18 +55440,26 @@ index 0000000..4259e52
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sge policy is very flexible allowing users to setup their sge processes in as secure a method as possible.
++SELinux pam policy is very flexible allowing users to setup their pam processes in as secure a method as possible.
+.PP
-+The following process types are defined for sge:
++The following process types are defined for pam:
+
+.EX
-+.B sge_execd_t, sge_job_ssh_t, sge_shepherd_t, sge_job_t
++.B pam_console_t, pam_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type pam_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pam_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47577,40 +55478,40 @@ index 0000000..4259e52
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sge(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), pam(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), pam_console_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/shorewall_selinux.8 b/man/man8/shorewall_selinux.8
+diff --git a/man/man8/passenger_selinux.8 b/man/man8/passenger_selinux.8
new file mode 100644
-index 0000000..734941b
+index 0000000..d724a7a
--- /dev/null
-+++ b/man/man8/shorewall_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "shorewall_selinux" "8" "shorewall" "dwalsh at redhat.com" "shorewall SELinux Policy documentation"
++++ b/man/man8/passenger_selinux.8
+@@ -0,0 +1,161 @@
++.TH "passenger_selinux" "8" "passenger" "dwalsh at redhat.com" "passenger SELinux Policy documentation"
+.SH "NAME"
-+shorewall_selinux \- Security Enhanced Linux Policy for the shorewall processes
++passenger_selinux \- Security Enhanced Linux Policy for the passenger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the shorewall processes via flexible mandatory access
++Security-Enhanced Linux secures the passenger processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the shorewall_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the passenger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the shorewall_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the passenger_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47619,82 +55520,58 @@ index 0000000..734941b
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux shorewall policy is very flexible allowing users to setup their shorewall processes in as secure a method as possible.
++SELinux passenger policy is very flexible allowing users to setup their passenger processes in as secure a method as possible.
+.PP
-+The following file types are defined for shorewall:
-+
-+
-+.EX
-+.PP
-+.B shorewall_etc_t
-+.EE
-+
-+- Set files with the shorewall_etc_t type, if you want to store shorewall files in the /etc directories.
++The following file types are defined for passenger:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/shorewall-lite(/.*)?, /etc/shorewall(/.*)?
+
+.EX
+.PP
-+.B shorewall_exec_t
++.B passenger_exec_t
+.EE
+
-+- Set files with the shorewall_exec_t type, if you want to transition an executable to the shorewall_t domain.
++- Set files with the passenger_exec_t type, if you want to transition an executable to the passenger_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite, /usr/sbin/shorewall6?
++/usr/.*/gems/.*/passenger-.*/agents/PassengerWatchdog, /usr/.*/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent, /usr/.*/gems/.*/passenger-.*/agents/PassengerLoggingAgent, /usr/.*/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable
+
+.EX
+.PP
-+.B shorewall_initrc_exec_t
++.B passenger_log_t
+.EE
+
-+- Set files with the shorewall_initrc_exec_t type, if you want to transition an executable to the shorewall_initrc_t domain.
++- Set files with the passenger_log_t type, if you want to treat the data as passenger log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite
-+
-+.EX
-+.PP
-+.B shorewall_lock_t
-+.EE
-+
-+- Set files with the shorewall_lock_t type, if you want to treat the files as shorewall lock data, stored under the /var/lock directory
-+
++/var/log/passenger.*, /var/log/passenger(/.*)?
+
+.EX
+.PP
-+.B shorewall_log_t
++.B passenger_tmp_t
+.EE
+
-+- Set files with the shorewall_log_t type, if you want to treat the data as shorewall log data, usually stored under the /var/log directory.
++- Set files with the passenger_tmp_t type, if you want to store passenger temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B shorewall_tmp_t
++.B passenger_var_lib_t
+.EE
+
-+- Set files with the shorewall_tmp_t type, if you want to store shorewall temporary files in the /tmp directories.
++- Set files with the passenger_var_lib_t type, if you want to store the passenger files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B shorewall_var_lib_t
++.B passenger_var_run_t
+.EE
+
-+- Set files with the shorewall_var_lib_t type, if you want to store the shorewall files under the /var/lib directory.
++- Set files with the passenger_var_run_t type, if you want to store the passenger files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47709,18 +55586,52 @@ index 0000000..734941b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux shorewall policy is very flexible allowing users to setup their shorewall processes in as secure a method as possible.
++SELinux passenger policy is very flexible allowing users to setup their passenger processes in as secure a method as possible.
+.PP
-+The following process types are defined for shorewall:
++The following process types are defined for passenger:
+
+.EX
-+.B shorewall_t
++.B passenger_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type passenger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B passenger_log_t
++
++ /var/log/passenger.*
++.br
++ /var/log/passenger(/.*)?
++.br
++
++.br
++.B passenger_tmp_t
++
++
++.br
++.B passenger_var_lib_t
++
++ /var/lib/passenger(/.*)?
++.br
++
++.br
++.B passenger_var_run_t
++
++ /var/run/passenger(/.*)?
++.br
++
++.br
++.B puppet_var_lib_t
++
++ /var/lib/puppet(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47736,44 +55647,74 @@ index 0000000..734941b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/showmount_selinux.8 b/man/man8/showmount_selinux.8
++selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/passwd_selinux.8 b/man/man8/passwd_selinux.8
new file mode 100644
-index 0000000..b7b79e9
+index 0000000..6a3a2a2
--- /dev/null
-+++ b/man/man8/showmount_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "showmount_selinux" "8" "showmount" "dwalsh at redhat.com" "showmount SELinux Policy documentation"
++++ b/man/man8/passwd_selinux.8
+@@ -0,0 +1,201 @@
++.TH "passwd_selinux" "8" "passwd" "dwalsh at redhat.com" "passwd SELinux Policy documentation"
+.SH "NAME"
-+showmount_selinux \- Security Enhanced Linux Policy for the showmount processes
++passwd_selinux \- Security Enhanced Linux Policy for the passwd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the showmount processes via flexible mandatory access
++Security-Enhanced Linux secures the passwd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the passwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the passwd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux showmount policy is very flexible allowing users to setup their showmount processes in as secure a method as possible.
++SELinux passwd policy is very flexible allowing users to setup their passwd processes in as secure a method as possible.
+.PP
-+The following file types are defined for showmount:
++The following file types are defined for passwd:
+
+
+.EX
+.PP
-+.B showmount_exec_t
++.B passwd_exec_t
+.EE
+
-+- Set files with the showmount_exec_t type, if you want to transition an executable to the showmount_t domain.
++- Set files with the passwd_exec_t type, if you want to transition an executable to the passwd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/passwd, /usr/bin/chage
++
++.EX
++.PP
++.B passwd_file_t
++.EE
++
++- Set files with the passwd_file_t type, if you want to treat the files as passwd content.
+
++.br
++.TP 5
++Paths:
++/etc/passwd\.OLD, /etc/ptmptmp, /etc/group[-\+]?, /etc/passwd[-\+]?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47788,18 +55729,25972 @@ index 0000000..b7b79e9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux showmount policy is very flexible allowing users to setup their showmount processes in as secure a method as possible.
++SELinux passwd policy is very flexible allowing users to setup their passwd processes in as secure a method as possible.
+.PP
-+The following process types are defined for showmount:
++The following process types are defined for passwd:
++
++.EX
++.B passwd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type passwd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B passwd_file_t
++
++ /etc/group[-\+]?
++.br
++ /etc/passwd[-\+]?
++.br
++ /etc/ptmptmp
++.br
++ /etc/passwd\.OLD
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B shadow_t
++
++ /etc/shadow.*
++.br
++ /etc/gshadow.*
++.br
++ /var/db/shadow.*
++.br
++ /etc/passwd\.adjunct.*
++.br
++ /etc/\.pwd\.lock
++.br
++ /etc/group\.lock
++.br
++ /etc/passwd\.lock
++.br
++ /etc/security/opasswd
++.br
++ /etc/security/opasswd\.old
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pcscd_selinux.8 b/man/man8/pcscd_selinux.8
+new file mode 100644
+index 0000000..33f23f3
+--- /dev/null
++++ b/man/man8/pcscd_selinux.8
+@@ -0,0 +1,107 @@
++.TH "pcscd_selinux" "8" "pcscd" "dwalsh at redhat.com" "pcscd SELinux Policy documentation"
++.SH "NAME"
++pcscd_selinux \- Security Enhanced Linux Policy for the pcscd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pcscd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pcscd policy is very flexible allowing users to setup their pcscd processes in as secure a method as possible.
++.PP
++The following file types are defined for pcscd:
++
++
++.EX
++.PP
++.B pcscd_exec_t
++.EE
++
++- Set files with the pcscd_exec_t type, if you want to transition an executable to the pcscd_t domain.
++
++
++.EX
++.PP
++.B pcscd_var_run_t
++.EE
++
++- Set files with the pcscd_var_run_t type, if you want to store the pcscd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/pcscd\.pid, /var/run/pcscd\.comm, /var/run/pcscd\.events(/.*)?, /var/run/pcscd\.pub, /var/run/pcscd(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pcscd policy is very flexible allowing users to setup their pcscd processes in as secure a method as possible.
++.PP
++The following process types are defined for pcscd:
++
++.EX
++.B pcscd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pcscd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B usbfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pegasus_selinux.8 b/man/man8/pegasus_selinux.8
+new file mode 100644
+index 0000000..47cf63c
+--- /dev/null
++++ b/man/man8/pegasus_selinux.8
+@@ -0,0 +1,274 @@
++.TH "pegasus_selinux" "8" "pegasus" "dwalsh at redhat.com" "pegasus SELinux Policy documentation"
++.SH "NAME"
++pegasus_selinux \- Security Enhanced Linux Policy for the pegasus processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pegasus processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pegasus_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pegasus_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
++.PP
++The following file types are defined for pegasus:
++
++
++.EX
++.PP
++.B pegasus_cache_t
++.EE
++
++- Set files with the pegasus_cache_t type, if you want to store the files under the /var/cache directory.
++
++
++.EX
++.PP
++.B pegasus_conf_t
++.EE
++
++- Set files with the pegasus_conf_t type, if you want to treat the files as pegasus configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B pegasus_data_t
++.EE
++
++- Set files with the pegasus_data_t type, if you want to treat the files as pegasus content.
++
++.br
++.TP 5
++Paths:
++/etc/Pegasus/pegasus_current\.conf, /var/lib/Pegasus(/.*)?
++
++.EX
++.PP
++.B pegasus_exec_t
++.EE
++
++- Set files with the pegasus_exec_t type, if you want to transition an executable to the pegasus_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/init_repository, /usr/sbin/cimserver
++
++.EX
++.PP
++.B pegasus_mof_t
++.EE
++
++- Set files with the pegasus_mof_t type, if you want to treat the files as pegasus mof data.
++
++
++.EX
++.PP
++.B pegasus_tmp_t
++.EE
++
++- Set files with the pegasus_tmp_t type, if you want to store pegasus temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B pegasus_var_run_t
++.EE
++
++- Set files with the pegasus_var_run_t type, if you want to store the pegasus files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
++.PP
++The following port types are defined for pegasus:
++
++.EX
++.TP 5
++.B pegasus_http_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5988
++.EE
++
++.EX
++.TP 5
++.B pegasus_https_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5989
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible.
++.PP
++The following process types are defined for pegasus:
++
++.EX
++.B pegasus_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pegasus_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B pegasus_cache_t
++
++
++.br
++.B pegasus_data_t
++
++ /var/lib/Pegasus(/.*)?
++.br
++ /etc/Pegasus/pegasus_current\.conf
++.br
++
++.br
++.B pegasus_tmp_t
++
++
++.br
++.B pegasus_var_run_t
++
++ /var/run/tog-pegasus(/.*)?
++.br
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B virt_etc_rw_t
++
++ /etc/xen/.*/.*
++.br
++ /etc/xen/[^/]*
++.br
++ /etc/libvirt/.*/.*
++.br
++ /etc/libvirt/[^/]*
++.br
++
++.br
++.B virt_etc_t
++
++ /etc/xen/[^/]*
++.br
++ /etc/libvirt/[^/]*
++.br
++ /etc/xen
++.br
++ /etc/libvirt
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/phpfpm_selinux.8 b/man/man8/phpfpm_selinux.8
+new file mode 100644
+index 0000000..df354e1
+--- /dev/null
++++ b/man/man8/phpfpm_selinux.8
+@@ -0,0 +1,127 @@
++.TH "phpfpm_selinux" "8" "phpfpm" "dwalsh at redhat.com" "phpfpm SELinux Policy documentation"
++.SH "NAME"
++phpfpm_selinux \- Security Enhanced Linux Policy for the phpfpm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the phpfpm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the phpfpm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the phpfpm_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux phpfpm policy is very flexible allowing users to setup their phpfpm processes in as secure a method as possible.
++.PP
++The following file types are defined for phpfpm:
++
++
++.EX
++.PP
++.B phpfpm_exec_t
++.EE
++
++- Set files with the phpfpm_exec_t type, if you want to transition an executable to the phpfpm_t domain.
++
++
++.EX
++.PP
++.B phpfpm_log_t
++.EE
++
++- Set files with the phpfpm_log_t type, if you want to treat the data as phpfpm log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B phpfpm_unit_file_t
++.EE
++
++- Set files with the phpfpm_unit_file_t type, if you want to treat the files as phpfpm unit content.
++
++
++.EX
++.PP
++.B phpfpm_var_run_t
++.EE
++
++- Set files with the phpfpm_var_run_t type, if you want to store the phpfpm files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux phpfpm policy is very flexible allowing users to setup their phpfpm processes in as secure a method as possible.
++.PP
++The following process types are defined for phpfpm:
++
++.EX
++.B phpfpm_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type phpfpm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B phpfpm_log_t
++
++ /var/log/php-fpm(/.*)?
++.br
++
++.br
++.B phpfpm_var_run_t
++
++ /var/run/php-fpm(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), phpfpm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ping_selinux.8 b/man/man8/ping_selinux.8
+new file mode 100644
+index 0000000..0e745c7
+--- /dev/null
++++ b/man/man8/ping_selinux.8
+@@ -0,0 +1,168 @@
++.TH "ping_selinux" "8" "ping" "dwalsh at redhat.com" "ping SELinux Policy documentation"
++.SH "NAME"
++ping_selinux \- Security Enhanced Linux Policy for the ping processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ping processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. ping policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ping with the tightest access possible.
++
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pingd_t, ping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pingd_t, ping_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
++.PP
++The following file types are defined for ping:
++
++
++.EX
++.PP
++.B ping_exec_t
++.EE
++
++- Set files with the ping_exec_t type, if you want to transition an executable to the ping_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/ping.*, /usr/sbin/hping2, /usr/sbin/fping.*, /bin/ping.*, /usr/sbin/send_arp
++
++.EX
++.PP
++.B pingd_etc_t
++.EE
++
++- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories.
++
++
++.EX
++.PP
++.B pingd_exec_t
++.EE
++
++- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain.
++
++
++.EX
++.PP
++.B pingd_initrc_exec_t
++.EE
++
++- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain.
++
++
++.EX
++.PP
++.B pingd_modules_t
++.EE
++
++- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
++.PP
++The following port types are defined for ping:
++
++.EX
++.TP 5
++.B pingd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 9125
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible.
++.PP
++The following process types are defined for ping:
++
++.EX
++.B ping_t, pingd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ping_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ping(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), pingd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/pingd_selinux.8 b/man/man8/pingd_selinux.8
+new file mode 100644
+index 0000000..5f0e88e
+--- /dev/null
++++ b/man/man8/pingd_selinux.8
+@@ -0,0 +1,156 @@
++.TH "pingd_selinux" "8" "pingd" "dwalsh at redhat.com" "pingd SELinux Policy documentation"
++.SH "NAME"
++pingd_selinux \- Security Enhanced Linux Policy for the pingd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pingd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. pingd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pingd with the tightest access possible.
++
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pingd_t, ping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pingd_t, ping_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
++.PP
++The following file types are defined for pingd:
++
++
++.EX
++.PP
++.B pingd_etc_t
++.EE
++
++- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories.
++
++
++.EX
++.PP
++.B pingd_exec_t
++.EE
++
++- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain.
++
++
++.EX
++.PP
++.B pingd_initrc_exec_t
++.EE
++
++- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain.
++
++
++.EX
++.PP
++.B pingd_modules_t
++.EE
++
++- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
++.PP
++The following port types are defined for pingd:
++
++.EX
++.TP 5
++.B pingd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 9125
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible.
++.PP
++The following process types are defined for pingd:
++
++.EX
++.B ping_t, pingd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pingd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pingd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), ping_selinux(8), ping_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/piranha_fos_selinux.8 b/man/man8/piranha_fos_selinux.8
+new file mode 100644
+index 0000000..4fbb05a
+--- /dev/null
++++ b/man/man8/piranha_fos_selinux.8
+@@ -0,0 +1,105 @@
++.TH "piranha_fos_selinux" "8" "piranha_fos" "dwalsh at redhat.com" "piranha_fos SELinux Policy documentation"
++.SH "NAME"
++piranha_fos_selinux \- Security Enhanced Linux Policy for the piranha_fos processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the piranha_fos processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the piranha_fos_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the piranha_fos_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux piranha_fos policy is very flexible allowing users to setup their piranha_fos processes in as secure a method as possible.
++.PP
++The following file types are defined for piranha_fos:
++
++
++.EX
++.PP
++.B piranha_fos_exec_t
++.EE
++
++- Set files with the piranha_fos_exec_t type, if you want to transition an executable to the piranha_fos_t domain.
++
++
++.EX
++.PP
++.B piranha_fos_var_run_t
++.EE
++
++- Set files with the piranha_fos_var_run_t type, if you want to store the piranha fos files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux piranha_fos policy is very flexible allowing users to setup their piranha_fos processes in as secure a method as possible.
++.PP
++The following process types are defined for piranha_fos:
++
++.EX
++.B piranha_fos_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type piranha_fos_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B piranha_fos_var_run_t
++
++ /var/run/fos\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), piranha_fos(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/piranha_lvs_selinux.8 b/man/man8/piranha_lvs_selinux.8
+new file mode 100644
+index 0000000..c026032
+--- /dev/null
++++ b/man/man8/piranha_lvs_selinux.8
+@@ -0,0 +1,120 @@
++.TH "piranha_lvs_selinux" "8" "piranha_lvs" "dwalsh at redhat.com" "piranha_lvs SELinux Policy documentation"
++.SH "NAME"
++piranha_lvs_selinux \- Security Enhanced Linux Policy for the piranha_lvs processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the piranha_lvs processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. piranha_lvs policy is extremely flexible and has several booleans that allow you to manipulate the policy and run piranha_lvs with the tightest access possible.
++
++
++.PP
++If you want to allow piranha-lvs domain to connect to the network using TCP, you must turn on the piranha_lvs_can_network_connect boolean.
++
++.EX
++.B setsebool -P piranha_lvs_can_network_connect 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the piranha_lvs_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the piranha_lvs_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux piranha_lvs policy is very flexible allowing users to setup their piranha_lvs processes in as secure a method as possible.
++.PP
++The following file types are defined for piranha_lvs:
++
++
++.EX
++.PP
++.B piranha_lvs_exec_t
++.EE
++
++- Set files with the piranha_lvs_exec_t type, if you want to transition an executable to the piranha_lvs_t domain.
++
++
++.EX
++.PP
++.B piranha_lvs_var_run_t
++.EE
++
++- Set files with the piranha_lvs_var_run_t type, if you want to store the piranha lvs files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux piranha_lvs policy is very flexible allowing users to setup their piranha_lvs processes in as secure a method as possible.
++.PP
++The following process types are defined for piranha_lvs:
++
++.EX
++.B piranha_lvs_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type piranha_lvs_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B piranha_lvs_var_run_t
++
++ /var/run/lvs\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), piranha_lvs(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/piranha_pulse_selinux.8 b/man/man8/piranha_pulse_selinux.8
+new file mode 100644
+index 0000000..35a8742
+--- /dev/null
++++ b/man/man8/piranha_pulse_selinux.8
+@@ -0,0 +1,137 @@
++.TH "piranha_pulse_selinux" "8" "piranha_pulse" "dwalsh at redhat.com" "piranha_pulse SELinux Policy documentation"
++.SH "NAME"
++piranha_pulse_selinux \- Security Enhanced Linux Policy for the piranha_pulse processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the piranha_pulse processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the piranha_pulse_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the piranha_pulse_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux piranha_pulse policy is very flexible allowing users to setup their piranha_pulse processes in as secure a method as possible.
++.PP
++The following file types are defined for piranha_pulse:
++
++
++.EX
++.PP
++.B piranha_pulse_exec_t
++.EE
++
++- Set files with the piranha_pulse_exec_t type, if you want to transition an executable to the piranha_pulse_t domain.
++
++
++.EX
++.PP
++.B piranha_pulse_initrc_exec_t
++.EE
++
++- Set files with the piranha_pulse_initrc_exec_t type, if you want to transition an executable to the piranha_pulse_initrc_t domain.
++
++
++.EX
++.PP
++.B piranha_pulse_var_run_t
++.EE
++
++- Set files with the piranha_pulse_var_run_t type, if you want to store the piranha pulse files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux piranha_pulse policy is very flexible allowing users to setup their piranha_pulse processes in as secure a method as possible.
++.PP
++The following process types are defined for piranha_pulse:
++
++.EX
++.B piranha_pulse_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type piranha_pulse_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B piranha_pulse_var_run_t
++
++ /var/run/pulse\.pid
++.br
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), piranha_pulse(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/piranha_web_selinux.8 b/man/man8/piranha_web_selinux.8
+new file mode 100644
+index 0000000..eb375dd
+--- /dev/null
++++ b/man/man8/piranha_web_selinux.8
+@@ -0,0 +1,167 @@
++.TH "piranha_web_selinux" "8" "piranha_web" "dwalsh at redhat.com" "piranha_web SELinux Policy documentation"
++.SH "NAME"
++piranha_web_selinux \- Security Enhanced Linux Policy for the piranha_web processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the piranha_web processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the piranha_web_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the piranha_web_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux piranha_web policy is very flexible allowing users to setup their piranha_web processes in as secure a method as possible.
++.PP
++The following file types are defined for piranha_web:
++
++
++.EX
++.PP
++.B piranha_web_conf_t
++.EE
++
++- Set files with the piranha_web_conf_t type, if you want to treat the files as piranha web configuration data, usually stored under the /etc directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/luci/etc(/.*)?, /var/lib/luci/cert(/.*)?
++
++.EX
++.PP
++.B piranha_web_data_t
++.EE
++
++- Set files with the piranha_web_data_t type, if you want to treat the files as piranha web content.
++
++
++.EX
++.PP
++.B piranha_web_exec_t
++.EE
++
++- Set files with the piranha_web_exec_t type, if you want to transition an executable to the piranha_web_t domain.
++
++
++.EX
++.PP
++.B piranha_web_tmp_t
++.EE
++
++- Set files with the piranha_web_tmp_t type, if you want to store piranha web temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B piranha_web_tmpfs_t
++.EE
++
++- Set files with the piranha_web_tmpfs_t type, if you want to store piranha web files on a tmpfs file system.
++
++
++.EX
++.PP
++.B piranha_web_var_run_t
++.EE
++
++- Set files with the piranha_web_var_run_t type, if you want to store the piranha web files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux piranha_web policy is very flexible allowing users to setup their piranha_web processes in as secure a method as possible.
++.PP
++The following process types are defined for piranha_web:
++
++.EX
++.B piranha_web_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type piranha_web_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B piranha_etc_rw_t
++
++ /etc/piranha/lvs\.cf
++.br
++
++.br
++.B piranha_log_t
++
++ /var/log/piranha(/.*)?
++.br
++
++.br
++.B piranha_web_data_t
++
++ /var/lib/luci(/.*)?
++.br
++
++.br
++.B piranha_web_tmp_t
++
++
++.br
++.B piranha_web_tmpfs_t
++
++
++.br
++.B piranha_web_var_run_t
++
++ /var/run/piranha-httpd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), piranha_web(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pkcsslotd_selinux.8 b/man/man8/pkcsslotd_selinux.8
+new file mode 100644
+index 0000000..14b8f89
+--- /dev/null
++++ b/man/man8/pkcsslotd_selinux.8
+@@ -0,0 +1,135 @@
++.TH "pkcsslotd_selinux" "8" "pkcsslotd" "dwalsh at redhat.com" "pkcsslotd SELinux Policy documentation"
++.SH "NAME"
++pkcsslotd_selinux \- Security Enhanced Linux Policy for the pkcsslotd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pkcsslotd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pkcsslotd policy is very flexible allowing users to setup their pkcsslotd processes in as secure a method as possible.
++.PP
++The following file types are defined for pkcsslotd:
++
++
++.EX
++.PP
++.B pkcsslotd_exec_t
++.EE
++
++- Set files with the pkcsslotd_exec_t type, if you want to transition an executable to the pkcsslotd_t domain.
++
++
++.EX
++.PP
++.B pkcsslotd_tmp_t
++.EE
++
++- Set files with the pkcsslotd_tmp_t type, if you want to store pkcsslotd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B pkcsslotd_tmpfs_t
++.EE
++
++- Set files with the pkcsslotd_tmpfs_t type, if you want to store pkcsslotd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B pkcsslotd_unit_file_t
++.EE
++
++- Set files with the pkcsslotd_unit_file_t type, if you want to treat the files as pkcsslotd unit content.
++
++
++.EX
++.PP
++.B pkcsslotd_var_lib_t
++.EE
++
++- Set files with the pkcsslotd_var_lib_t type, if you want to store the pkcsslotd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B pkcsslotd_var_run_t
++.EE
++
++- Set files with the pkcsslotd_var_run_t type, if you want to store the pkcsslotd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pkcsslotd policy is very flexible allowing users to setup their pkcsslotd processes in as secure a method as possible.
++.PP
++The following process types are defined for pkcsslotd:
++
++.EX
++.B pkcsslotd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pkcsslotd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pkcsslotd_tmp_t
++
++
++.br
++.B pkcsslotd_tmpfs_t
++
++
++.br
++.B pkcsslotd_var_lib_t
++
++ /var/lib/opencryptoki(/.*)?
++.br
++
++.br
++.B pkcsslotd_var_run_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pkcsslotd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/plymouth_selinux.8 b/man/man8/plymouth_selinux.8
+new file mode 100644
+index 0000000..a87fa28
+--- /dev/null
++++ b/man/man8/plymouth_selinux.8
+@@ -0,0 +1,126 @@
++.TH "plymouth_selinux" "8" "plymouth" "dwalsh at redhat.com" "plymouth SELinux Policy documentation"
++.SH "NAME"
++plymouth_selinux \- Security Enhanced Linux Policy for the plymouth processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the plymouth processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux plymouth policy is very flexible allowing users to setup their plymouth processes in as secure a method as possible.
++.PP
++The following file types are defined for plymouth:
++
++
++.EX
++.PP
++.B plymouth_exec_t
++.EE
++
++- Set files with the plymouth_exec_t type, if you want to transition an executable to the plymouth_t domain.
++
++.br
++.TP 5
++Paths:
++/bin/plymouth, /usr/bin/plymouth
++
++.EX
++.PP
++.B plymouthd_exec_t
++.EE
++
++- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/plymouthd, /usr/sbin/plymouthd
++
++.EX
++.PP
++.B plymouthd_spool_t
++.EE
++
++- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory.
++
++
++.EX
++.PP
++.B plymouthd_var_lib_t
++.EE
++
++- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B plymouthd_var_log_t
++.EE
++
++- Set files with the plymouthd_var_log_t type, if you want to treat the data as plymouthd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B plymouthd_var_run_t
++.EE
++
++- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux plymouth policy is very flexible allowing users to setup their plymouth processes in as secure a method as possible.
++.PP
++The following process types are defined for plymouth:
++
++.EX
++.B plymouth_t, plymouthd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type plymouth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1)
++, plymouthd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/plymouthd_selinux.8 b/man/man8/plymouthd_selinux.8
+new file mode 100644
+index 0000000..f2fb21c
+--- /dev/null
++++ b/man/man8/plymouthd_selinux.8
+@@ -0,0 +1,148 @@
++.TH "plymouthd_selinux" "8" "plymouthd" "dwalsh at redhat.com" "plymouthd SELinux Policy documentation"
++.SH "NAME"
++plymouthd_selinux \- Security Enhanced Linux Policy for the plymouthd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the plymouthd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux plymouthd policy is very flexible allowing users to setup their plymouthd processes in as secure a method as possible.
++.PP
++The following file types are defined for plymouthd:
++
++
++.EX
++.PP
++.B plymouthd_exec_t
++.EE
++
++- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/plymouthd, /usr/sbin/plymouthd
++
++.EX
++.PP
++.B plymouthd_spool_t
++.EE
++
++- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory.
++
++
++.EX
++.PP
++.B plymouthd_var_lib_t
++.EE
++
++- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B plymouthd_var_log_t
++.EE
++
++- Set files with the plymouthd_var_log_t type, if you want to treat the data as plymouthd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B plymouthd_var_run_t
++.EE
++
++- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux plymouthd policy is very flexible allowing users to setup their plymouthd processes in as secure a method as possible.
++.PP
++The following process types are defined for plymouthd:
++
++.EX
++.B plymouth_t, plymouthd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type plymouthd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B fonts_cache_t
++
++ /var/cache/fontconfig(/.*)?
++.br
++
++.br
++.B plymouthd_spool_t
++
++ /var/spool/plymouth(/.*)?
++.br
++
++.br
++.B plymouthd_var_lib_t
++
++ /var/lib/plymouth(/.*)?
++.br
++
++.br
++.B plymouthd_var_log_t
++
++
++.br
++.B plymouthd_var_run_t
++
++ /var/run/plymouth(/.*)?
++.br
++
++.br
++.B xdm_spool_t
++
++ /var/spool/[mg]dm(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1)
++, plymouth_selinux(8), plymouth_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/podsleuth_selinux.8 b/man/man8/podsleuth_selinux.8
+new file mode 100644
+index 0000000..bf9279b
+--- /dev/null
++++ b/man/man8/podsleuth_selinux.8
+@@ -0,0 +1,119 @@
++.TH "podsleuth_selinux" "8" "podsleuth" "dwalsh at redhat.com" "podsleuth SELinux Policy documentation"
++.SH "NAME"
++podsleuth_selinux \- Security Enhanced Linux Policy for the podsleuth processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the podsleuth processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux podsleuth policy is very flexible allowing users to setup their podsleuth processes in as secure a method as possible.
++.PP
++The following file types are defined for podsleuth:
++
++
++.EX
++.PP
++.B podsleuth_cache_t
++.EE
++
++- Set files with the podsleuth_cache_t type, if you want to store the files under the /var/cache directory.
++
++
++.EX
++.PP
++.B podsleuth_exec_t
++.EE
++
++- Set files with the podsleuth_exec_t type, if you want to transition an executable to the podsleuth_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/podsleuth, /usr/libexec/hal-podsleuth
++
++.EX
++.PP
++.B podsleuth_tmp_t
++.EE
++
++- Set files with the podsleuth_tmp_t type, if you want to store podsleuth temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B podsleuth_tmpfs_t
++.EE
++
++- Set files with the podsleuth_tmpfs_t type, if you want to store podsleuth files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux podsleuth policy is very flexible allowing users to setup their podsleuth processes in as secure a method as possible.
++.PP
++The following process types are defined for podsleuth:
++
++.EX
++.B podsleuth_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type podsleuth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B podsleuth_cache_t
++
++ /var/cache/podsleuth(/.*)?
++.br
++
++.br
++.B podsleuth_tmp_t
++
++
++.br
++.B podsleuth_tmpfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/policykit_auth_selinux.8 b/man/man8/policykit_auth_selinux.8
+new file mode 100644
+index 0000000..f27414d
+--- /dev/null
++++ b/man/man8/policykit_auth_selinux.8
+@@ -0,0 +1,196 @@
++.TH "policykit_auth_selinux" "8" "policykit_auth" "dwalsh at redhat.com" "policykit_auth SELinux Policy documentation"
++.SH "NAME"
++policykit_auth_selinux \- Security Enhanced Linux Policy for the policykit_auth processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the policykit_auth processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the policykit_auth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the policykit_auth_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux policykit_auth policy is very flexible allowing users to setup their policykit_auth processes in as secure a method as possible.
++.PP
++The following file types are defined for policykit_auth:
++
++
++.EX
++.PP
++.B policykit_auth_exec_t
++.EE
++
++- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux policykit_auth policy is very flexible allowing users to setup their policykit_auth processes in as secure a method as possible.
++.PP
++The following process types are defined for policykit_auth:
++
++.EX
++.B policykit_auth_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type policykit_auth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B policykit_reload_t
++
++ /var/lib/misc/PolicyKit.reload
++.br
++
++.br
++.B policykit_tmp_t
++
++
++.br
++.B policykit_var_lib_t
++
++ /var/lib/polkit-1(/.*)?
++.br
++ /var/lib/PolicyKit(/.*)?
++.br
++ /var/lib/PolicyKit-public(/.*)?
++.br
++
++.br
++.B policykit_var_run_t
++
++ /var/run/PolicyKit(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), policykit_auth(8), semanage(8), restorecon(8), chcon(1)
++, policykit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/policykit_grant_selinux.8 b/man/man8/policykit_grant_selinux.8
+new file mode 100644
+index 0000000..0253be8
+--- /dev/null
++++ b/man/man8/policykit_grant_selinux.8
+@@ -0,0 +1,148 @@
++.TH "policykit_grant_selinux" "8" "policykit_grant" "dwalsh at redhat.com" "policykit_grant SELinux Policy documentation"
++.SH "NAME"
++policykit_grant_selinux \- Security Enhanced Linux Policy for the policykit_grant processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the policykit_grant processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the policykit_grant_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the policykit_grant_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux policykit_grant policy is very flexible allowing users to setup their policykit_grant processes in as secure a method as possible.
++.PP
++The following file types are defined for policykit_grant:
++
++
++.EX
++.PP
++.B policykit_grant_exec_t
++.EE
++
++- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux policykit_grant policy is very flexible allowing users to setup their policykit_grant processes in as secure a method as possible.
++.PP
++The following process types are defined for policykit_grant:
++
++.EX
++.B policykit_grant_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type policykit_grant_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B policykit_reload_t
++
++ /var/lib/misc/PolicyKit.reload
++.br
++
++.br
++.B policykit_var_lib_t
++
++ /var/lib/polkit-1(/.*)?
++.br
++ /var/lib/PolicyKit(/.*)?
++.br
++ /var/lib/PolicyKit-public(/.*)?
++.br
++
++.br
++.B policykit_var_run_t
++
++ /var/run/PolicyKit(/.*)?
++.br
++
++.br
++.B system_cronjob_var_lib_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), policykit_grant(8), semanage(8), restorecon(8), chcon(1)
++, policykit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/policykit_resolve_selinux.8 b/man/man8/policykit_resolve_selinux.8
+new file mode 100644
+index 0000000..52e392b
+--- /dev/null
++++ b/man/man8/policykit_resolve_selinux.8
+@@ -0,0 +1,96 @@
++.TH "policykit_resolve_selinux" "8" "policykit_resolve" "dwalsh at redhat.com" "policykit_resolve SELinux Policy documentation"
++.SH "NAME"
++policykit_resolve_selinux \- Security Enhanced Linux Policy for the policykit_resolve processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the policykit_resolve processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the policykit_resolve_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the policykit_resolve_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux policykit_resolve policy is very flexible allowing users to setup their policykit_resolve processes in as secure a method as possible.
++.PP
++The following file types are defined for policykit_resolve:
++
++
++.EX
++.PP
++.B policykit_resolve_exec_t
++.EE
++
++- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux policykit_resolve policy is very flexible allowing users to setup their policykit_resolve processes in as secure a method as possible.
++.PP
++The following process types are defined for policykit_resolve:
++
++.EX
++.B policykit_resolve_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type policykit_resolve_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), policykit_resolve(8), semanage(8), restorecon(8), chcon(1)
++, policykit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/policykit_selinux.8 b/man/man8/policykit_selinux.8
+new file mode 100644
+index 0000000..3e023fe
+--- /dev/null
++++ b/man/man8/policykit_selinux.8
+@@ -0,0 +1,218 @@
++.TH "policykit_selinux" "8" "policykit" "dwalsh at redhat.com" "policykit SELinux Policy documentation"
++.SH "NAME"
++policykit_selinux \- Security Enhanced Linux Policy for the policykit processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the policykit processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux policykit policy is very flexible allowing users to setup their policykit processes in as secure a method as possible.
++.PP
++The following file types are defined for policykit:
++
++
++.EX
++.PP
++.B policykit_auth_exec_t
++.EE
++
++- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
++
++.EX
++.PP
++.B policykit_exec_t
++.EE
++
++- Set files with the policykit_exec_t type, if you want to transition an executable to the policykit_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/polkit-1/polkitd, /usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/policykit/polkitd
++
++.EX
++.PP
++.B policykit_grant_exec_t
++.EE
++
++- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.*
++
++.EX
++.PP
++.B policykit_reload_t
++.EE
++
++- Set files with the policykit_reload_t type, if you want to treat the files as policykit reload data.
++
++
++.EX
++.PP
++.B policykit_resolve_exec_t
++.EE
++
++- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
++
++.EX
++.PP
++.B policykit_tmp_t
++.EE
++
++- Set files with the policykit_tmp_t type, if you want to store policykit temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B policykit_var_lib_t
++.EE
++
++- Set files with the policykit_var_lib_t type, if you want to store the policykit files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/PolicyKit-public(/.*)?, /var/lib/PolicyKit(/.*)?, /var/lib/polkit-1(/.*)?
++
++.EX
++.PP
++.B policykit_var_run_t
++.EE
++
++- Set files with the policykit_var_run_t type, if you want to store the policykit files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux policykit policy is very flexible allowing users to setup their policykit processes in as secure a method as possible.
++.PP
++The following process types are defined for policykit:
++
++.EX
++.B policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type policykit_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B policykit_reload_t
++
++ /var/lib/misc/PolicyKit.reload
++.br
++
++.br
++.B policykit_var_lib_t
++
++ /var/lib/polkit-1(/.*)?
++.br
++ /var/lib/PolicyKit(/.*)?
++.br
++ /var/lib/PolicyKit-public(/.*)?
++.br
++
++.br
++.B policykit_var_run_t
++
++ /var/run/PolicyKit(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1)
++, policykit_auth_selinux(8), policykit_grant_selinux(8), policykit_resolve_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/polipo_selinux.8 b/man/man8/polipo_selinux.8
+new file mode 100644
+index 0000000..513f255
+--- /dev/null
++++ b/man/man8/polipo_selinux.8
+@@ -0,0 +1,223 @@
++.TH "polipo_selinux" "8" "polipo" "dwalsh at redhat.com" "polipo SELinux Policy documentation"
++.SH "NAME"
++polipo_selinux \- Security Enhanced Linux Policy for the polipo processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the polipo processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. polipo policy is extremely flexible and has several booleans that allow you to manipulate the policy and run polipo with the tightest access possible.
++
++
++.PP
++If you want to allow polipo to connect to all ports > 1023, you must turn on the polipo_connect_all_unreserved boolean.
++
++.EX
++.B setsebool -P polipo_connect_all_unreserved 1
++.EE
++
++.PP
++If you want to determine whether polipo can access cifs file systems, you must turn on the polipo_use_cifs boolean.
++
++.EX
++.B setsebool -P polipo_use_cifs 1
++.EE
++
++.PP
++If you want to determine whether Polipo session daemon can send syslog messages, you must turn on the polipo_session_send_syslog_msg boolean.
++
++.EX
++.B setsebool -P polipo_session_send_syslog_msg 1
++.EE
++
++.PP
++If you want to determine whether Polipo session daemon can bind tcp sockets to all unreserved ports, you must turn on the polipo_session_bind_all_unreserved_ports boolean.
++
++.EX
++.B setsebool -P polipo_session_bind_all_unreserved_ports 1
++.EE
++
++.PP
++If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
++
++.EX
++.B setsebool -P polipo_session_users 1
++.EE
++
++.PP
++If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
++
++.EX
++.B setsebool -P polipo_use_nfs 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the polipo_t, polipo_session_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the polipo_t, polipo_session_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux polipo policy is very flexible allowing users to setup their polipo processes in as secure a method as possible.
++.PP
++The following file types are defined for polipo:
++
++
++.EX
++.PP
++.B polipo_cache_home_t
++.EE
++
++- Set files with the polipo_cache_home_t type, if you want to store polipo cache files in the users home directory.
++
++
++.EX
++.PP
++.B polipo_cache_t
++.EE
++
++- Set files with the polipo_cache_t type, if you want to store the files under the /var/cache directory.
++
++
++.EX
++.PP
++.B polipo_config_home_t
++.EE
++
++- Set files with the polipo_config_home_t type, if you want to store polipo config files in the users home directory.
++
++
++.EX
++.PP
++.B polipo_etc_t
++.EE
++
++- Set files with the polipo_etc_t type, if you want to store polipo files in the /etc directories.
++
++
++.EX
++.PP
++.B polipo_exec_t
++.EE
++
++- Set files with the polipo_exec_t type, if you want to transition an executable to the polipo_t domain.
++
++
++.EX
++.PP
++.B polipo_initrc_exec_t
++.EE
++
++- Set files with the polipo_initrc_exec_t type, if you want to transition an executable to the polipo_initrc_t domain.
++
++
++.EX
++.PP
++.B polipo_log_t
++.EE
++
++- Set files with the polipo_log_t type, if you want to treat the data as polipo log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B polipo_pid_t
++.EE
++
++- Set files with the polipo_pid_t type, if you want to store the polipo files under the /run directory.
++
++
++.EX
++.PP
++.B polipo_unit_file_t
++.EE
++
++- Set files with the polipo_unit_file_t type, if you want to treat the files as polipo unit content.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux polipo policy is very flexible allowing users to setup their polipo processes in as secure a method as possible.
++.PP
++The following process types are defined for polipo:
++
++.EX
++.B polipo_t, polipo_session_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type polipo_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B polipo_cache_t
++
++ /var/cache/polipo(/.*)?
++.br
++
++.br
++.B polipo_log_t
++
++ /var/log/polipo.*
++.br
++
++.br
++.B polipo_pid_t
++
++ /var/run/polipo(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), polipo(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/portmap_helper_selinux.8 b/man/man8/portmap_helper_selinux.8
+new file mode 100644
+index 0000000..9b712c7
+--- /dev/null
++++ b/man/man8/portmap_helper_selinux.8
+@@ -0,0 +1,116 @@
++.TH "portmap_helper_selinux" "8" "portmap_helper" "dwalsh at redhat.com" "portmap_helper SELinux Policy documentation"
++.SH "NAME"
++portmap_helper_selinux \- Security Enhanced Linux Policy for the portmap_helper processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the portmap_helper processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux portmap_helper policy is very flexible allowing users to setup their portmap_helper processes in as secure a method as possible.
++.PP
++The following file types are defined for portmap_helper:
++
++
++.EX
++.PP
++.B portmap_helper_exec_t
++.EE
++
++- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/pmap_set, /usr/sbin/pmap_dump
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux portmap_helper policy is very flexible allowing users to setup their portmap_helper processes in as secure a method as possible.
++.PP
++The following process types are defined for portmap_helper:
++
++.EX
++.B portmap_helper_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type portmap_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B portmap_var_run_t
++
++ /var/run/portmap\.upgrade-state
++.br
++
++.br
++.B var_run_t
++
++ /run/.*
++.br
++ /var/run/.*
++.br
++ /run
++.br
++ /var/run
++.br
++ /var/run
++.br
++ /var/spool/postfix/pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), portmap_helper(8), semanage(8), restorecon(8), chcon(1)
++, portmap_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/portmap_selinux.8 b/man/man8/portmap_selinux.8
+new file mode 100644
+index 0000000..fce3393
+--- /dev/null
++++ b/man/man8/portmap_selinux.8
+@@ -0,0 +1,176 @@
++.TH "portmap_selinux" "8" "portmap" "dwalsh at redhat.com" "portmap SELinux Policy documentation"
++.SH "NAME"
++portmap_selinux \- Security Enhanced Linux Policy for the portmap processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the portmap processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. portmap policy is extremely flexible and has several booleans that allow you to manipulate the policy and run portmap with the tightest access possible.
++
++
++.PP
++If you want to allow samba to act as a portmapper, you must turn on the samba_portmapper boolean.
++
++.EX
++.B setsebool -P samba_portmapper 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the portmap_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the portmap_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
++.PP
++The following file types are defined for portmap:
++
++
++.EX
++.PP
++.B portmap_exec_t
++.EE
++
++- Set files with the portmap_exec_t type, if you want to transition an executable to the portmap_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/portmap, /usr/sbin/portmap
++
++.EX
++.PP
++.B portmap_helper_exec_t
++.EE
++
++- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/pmap_set, /usr/sbin/pmap_dump
++
++.EX
++.PP
++.B portmap_tmp_t
++.EE
++
++- Set files with the portmap_tmp_t type, if you want to store portmap temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B portmap_var_run_t
++.EE
++
++- Set files with the portmap_var_run_t type, if you want to store the portmap files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
++.PP
++The following port types are defined for portmap:
++
++.EX
++.TP 5
++.B portmap_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 111
++.EE
++udp 111
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible.
++.PP
++The following process types are defined for portmap:
++
++.EX
++.B portmap_helper_t, portmap_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type portmap_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B portmap_tmp_t
++
++
++.br
++.B portmap_var_run_t
++
++ /var/run/portmap\.upgrade-state
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), portmap_helper_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/portreserve_selinux.8 b/man/man8/portreserve_selinux.8
+new file mode 100644
+index 0000000..c802797
+--- /dev/null
++++ b/man/man8/portreserve_selinux.8
+@@ -0,0 +1,111 @@
++.TH "portreserve_selinux" "8" "portreserve" "dwalsh at redhat.com" "portreserve SELinux Policy documentation"
++.SH "NAME"
++portreserve_selinux \- Security Enhanced Linux Policy for the portreserve processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the portreserve processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux portreserve policy is very flexible allowing users to setup their portreserve processes in as secure a method as possible.
++.PP
++The following file types are defined for portreserve:
++
++
++.EX
++.PP
++.B portreserve_etc_t
++.EE
++
++- Set files with the portreserve_etc_t type, if you want to store portreserve files in the /etc directories.
++
++
++.EX
++.PP
++.B portreserve_exec_t
++.EE
++
++- Set files with the portreserve_exec_t type, if you want to transition an executable to the portreserve_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/portreserve, /sbin/portreserve
++
++.EX
++.PP
++.B portreserve_initrc_exec_t
++.EE
++
++- Set files with the portreserve_initrc_exec_t type, if you want to transition an executable to the portreserve_initrc_t domain.
++
++
++.EX
++.PP
++.B portreserve_var_run_t
++.EE
++
++- Set files with the portreserve_var_run_t type, if you want to store the portreserve files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux portreserve policy is very flexible allowing users to setup their portreserve processes in as secure a method as possible.
++.PP
++The following process types are defined for portreserve:
++
++.EX
++.B portreserve_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type portreserve_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B portreserve_var_run_t
++
++ /var/run/portreserve(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_bounce_selinux.8 b/man/man8/postfix_bounce_selinux.8
+new file mode 100644
+index 0000000..5e484b7
+--- /dev/null
++++ b/man/man8/postfix_bounce_selinux.8
+@@ -0,0 +1,135 @@
++.TH "postfix_bounce_selinux" "8" "postfix_bounce" "dwalsh at redhat.com" "postfix_bounce SELinux Policy documentation"
++.SH "NAME"
++postfix_bounce_selinux \- Security Enhanced Linux Policy for the postfix_bounce processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_bounce processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_bounce_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_bounce_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_bounce policy is very flexible allowing users to setup their postfix_bounce processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_bounce:
++
++
++.EX
++.PP
++.B postfix_bounce_exec_t
++.EE
++
++- Set files with the postfix_bounce_exec_t type, if you want to transition an executable to the postfix_bounce_t domain.
++
++
++.EX
++.PP
++.B postfix_bounce_tmp_t
++.EE
++
++- Set files with the postfix_bounce_tmp_t type, if you want to store postfix bounce temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_bounce policy is very flexible allowing users to setup their postfix_bounce processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_bounce:
++
++.EX
++.B postfix_bounce_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_bounce_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_bounce_tmp_t
++
++
++.br
++.B postfix_spool_bounce_t
++
++ /var/spool/postfix/bounce(/.*)?
++.br
++
++.br
++.B postfix_spool_maildrop_t
++
++ /var/spool/postfix/defer(/.*)?
++.br
++ /var/spool/postfix/deferred(/.*)?
++.br
++ /var/spool/postfix/maildrop(/.*)?
++.br
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_bounce(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_cleanup_selinux.8 b/man/man8/postfix_cleanup_selinux.8
+new file mode 100644
+index 0000000..5e3e9ba
+--- /dev/null
++++ b/man/man8/postfix_cleanup_selinux.8
+@@ -0,0 +1,119 @@
++.TH "postfix_cleanup_selinux" "8" "postfix_cleanup" "dwalsh at redhat.com" "postfix_cleanup SELinux Policy documentation"
++.SH "NAME"
++postfix_cleanup_selinux \- Security Enhanced Linux Policy for the postfix_cleanup processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_cleanup processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_cleanup_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_cleanup_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_cleanup policy is very flexible allowing users to setup their postfix_cleanup processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_cleanup:
++
++
++.EX
++.PP
++.B postfix_cleanup_exec_t
++.EE
++
++- Set files with the postfix_cleanup_exec_t type, if you want to transition an executable to the postfix_cleanup_t domain.
++
++
++.EX
++.PP
++.B postfix_cleanup_tmp_t
++.EE
++
++- Set files with the postfix_cleanup_tmp_t type, if you want to store postfix cleanup temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_cleanup policy is very flexible allowing users to setup their postfix_cleanup processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_cleanup:
++
++.EX
++.B postfix_cleanup_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_cleanup_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_cleanup_tmp_t
++
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_cleanup(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_local_selinux.8 b/man/man8/postfix_local_selinux.8
+new file mode 100644
+index 0000000..794dd13
+--- /dev/null
++++ b/man/man8/postfix_local_selinux.8
+@@ -0,0 +1,174 @@
++.TH "postfix_local_selinux" "8" "postfix_local" "dwalsh at redhat.com" "postfix_local SELinux Policy documentation"
++.SH "NAME"
++postfix_local_selinux \- Security Enhanced Linux Policy for the postfix_local processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_local processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. postfix_local policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postfix_local with the tightest access possible.
++
++
++.PP
++If you want to allow postfix_local domain full write access to mail_spool directories, you must turn on the postfix_local_write_mail_spool boolean.
++
++.EX
++.B setsebool -P postfix_local_write_mail_spool 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_local_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_local_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_local policy is very flexible allowing users to setup their postfix_local processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_local:
++
++
++.EX
++.PP
++.B postfix_local_exec_t
++.EE
++
++- Set files with the postfix_local_exec_t type, if you want to transition an executable to the postfix_local_t domain.
++
++
++.EX
++.PP
++.B postfix_local_tmp_t
++.EE
++
++- Set files with the postfix_local_tmp_t type, if you want to store postfix local temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_local policy is very flexible allowing users to setup their postfix_local processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_local:
++
++.EX
++.B postfix_local_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_local_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B postfix_local_tmp_t
++
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_local(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/postfix_map_selinux.8 b/man/man8/postfix_map_selinux.8
+new file mode 100644
+index 0000000..a82d394
+--- /dev/null
++++ b/man/man8/postfix_map_selinux.8
+@@ -0,0 +1,119 @@
++.TH "postfix_map_selinux" "8" "postfix_map" "dwalsh at redhat.com" "postfix_map SELinux Policy documentation"
++.SH "NAME"
++postfix_map_selinux \- Security Enhanced Linux Policy for the postfix_map processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_map processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_map_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_map_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_map policy is very flexible allowing users to setup their postfix_map processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_map:
++
++
++.EX
++.PP
++.B postfix_map_exec_t
++.EE
++
++- Set files with the postfix_map_exec_t type, if you want to transition an executable to the postfix_map_t domain.
++
++
++.EX
++.PP
++.B postfix_map_tmp_t
++.EE
++
++- Set files with the postfix_map_tmp_t type, if you want to store postfix map temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_map policy is very flexible allowing users to setup their postfix_map processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_map:
++
++.EX
++.B postfix_map_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_map_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B postfix_etc_t
++
++ /etc/postfix.*
++.br
++
++.br
++.B postfix_map_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_map(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_master_selinux.8 b/man/man8/postfix_master_selinux.8
+new file mode 100644
+index 0000000..6cea98a
+--- /dev/null
++++ b/man/man8/postfix_master_selinux.8
+@@ -0,0 +1,169 @@
++.TH "postfix_master_selinux" "8" "postfix_master" "dwalsh at redhat.com" "postfix_master SELinux Policy documentation"
++.SH "NAME"
++postfix_master_selinux \- Security Enhanced Linux Policy for the postfix_master processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_master processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_master_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_master_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_master policy is very flexible allowing users to setup their postfix_master processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_master:
++
++
++.EX
++.PP
++.B postfix_master_exec_t
++.EE
++
++- Set files with the postfix_master_exec_t type, if you want to transition an executable to the postfix_master_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/postcat, /usr/sbin/postfix, /usr/libexec/postfix/master, /usr/sbin/postkick, /usr/sbin/postsuper, /usr/sbin/postalias, /usr/sbin/postlock, /usr/sbin/postlog
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_master policy is very flexible allowing users to setup their postfix_master processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_master:
++
++.EX
++.B postfix_master_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_master_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B etc_aliases_t
++
++ /etc/postfix/aliases.*
++.br
++ /etc/aliases
++.br
++ /etc/aliases\.db
++.br
++ /etc/mail/aliases
++.br
++ /etc/mail/aliases\.db
++.br
++
++.br
++.B mailman_data_t
++
++ /etc/mailman.*
++.br
++ /var/lib/mailman.*
++.br
++ /var/spool/mailman.*
++.br
++
++.br
++.B postfix_data_t
++
++ /var/lib/postfix.*
++.br
++
++.br
++.B postfix_etc_t
++
++ /etc/postfix.*
++.br
++
++.br
++.B postfix_prng_t
++
++ /etc/postfix/prng_exch
++.br
++
++.br
++.B postfix_spool_flush_t
++
++ /var/spool/postfix/flush(/.*)?
++.br
++
++.br
++.B postfix_spool_maildrop_t
++
++ /var/spool/postfix/defer(/.*)?
++.br
++ /var/spool/postfix/deferred(/.*)?
++.br
++ /var/spool/postfix/maildrop(/.*)?
++.br
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_master(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_pickup_selinux.8 b/man/man8/postfix_pickup_selinux.8
+new file mode 100644
+index 0000000..31e1137
+--- /dev/null
++++ b/man/man8/postfix_pickup_selinux.8
+@@ -0,0 +1,113 @@
++.TH "postfix_pickup_selinux" "8" "postfix_pickup" "dwalsh at redhat.com" "postfix_pickup SELinux Policy documentation"
++.SH "NAME"
++postfix_pickup_selinux \- Security Enhanced Linux Policy for the postfix_pickup processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_pickup processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_pickup_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_pickup_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_pickup policy is very flexible allowing users to setup their postfix_pickup processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_pickup:
++
++
++.EX
++.PP
++.B postfix_pickup_exec_t
++.EE
++
++- Set files with the postfix_pickup_exec_t type, if you want to transition an executable to the postfix_pickup_t domain.
++
++
++.EX
++.PP
++.B postfix_pickup_tmp_t
++.EE
++
++- Set files with the postfix_pickup_tmp_t type, if you want to store postfix pickup temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_pickup policy is very flexible allowing users to setup their postfix_pickup processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_pickup:
++
++.EX
++.B postfix_pickup_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_pickup_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_pickup_tmp_t
++
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_pickup(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_pipe_selinux.8 b/man/man8/postfix_pipe_selinux.8
+new file mode 100644
+index 0000000..cf06af1
+--- /dev/null
++++ b/man/man8/postfix_pipe_selinux.8
+@@ -0,0 +1,129 @@
++.TH "postfix_pipe_selinux" "8" "postfix_pipe" "dwalsh at redhat.com" "postfix_pipe SELinux Policy documentation"
++.SH "NAME"
++postfix_pipe_selinux \- Security Enhanced Linux Policy for the postfix_pipe processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_pipe processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_pipe_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_pipe_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_pipe policy is very flexible allowing users to setup their postfix_pipe processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_pipe:
++
++
++.EX
++.PP
++.B postfix_pipe_exec_t
++.EE
++
++- Set files with the postfix_pipe_exec_t type, if you want to transition an executable to the postfix_pipe_t domain.
++
++
++.EX
++.PP
++.B postfix_pipe_tmp_t
++.EE
++
++- Set files with the postfix_pipe_tmp_t type, if you want to store postfix pipe temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_pipe policy is very flexible allowing users to setup their postfix_pipe processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_pipe:
++
++.EX
++.B postfix_pipe_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_pipe_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B postfix_pipe_tmp_t
++
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_pipe(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_postdrop_selinux.8 b/man/man8/postfix_postdrop_selinux.8
+new file mode 100644
+index 0000000..64944db
+--- /dev/null
++++ b/man/man8/postfix_postdrop_selinux.8
+@@ -0,0 +1,123 @@
++.TH "postfix_postdrop_selinux" "8" "postfix_postdrop" "dwalsh at redhat.com" "postfix_postdrop SELinux Policy documentation"
++.SH "NAME"
++postfix_postdrop_selinux \- Security Enhanced Linux Policy for the postfix_postdrop processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_postdrop processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_postdrop_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_postdrop_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_postdrop policy is very flexible allowing users to setup their postfix_postdrop processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_postdrop:
++
++
++.EX
++.PP
++.B postfix_postdrop_exec_t
++.EE
++
++- Set files with the postfix_postdrop_exec_t type, if you want to transition an executable to the postfix_postdrop_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_postdrop policy is very flexible allowing users to setup their postfix_postdrop processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_postdrop:
++
++.EX
++.B postfix_postdrop_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_postdrop_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B arpwatch_tmp_t
++
++
++.br
++.B postfix_spool_maildrop_t
++
++ /var/spool/postfix/defer(/.*)?
++.br
++ /var/spool/postfix/deferred(/.*)?
++.br
++ /var/spool/postfix/maildrop(/.*)?
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.br
++.B uucpd_spool_t
++
++ /var/spool/uucp(/.*)?
++.br
++ /var/spool/uucppublic(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_postdrop(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_postqueue_selinux.8 b/man/man8/postfix_postqueue_selinux.8
+new file mode 100644
+index 0000000..55a7518
+--- /dev/null
++++ b/man/man8/postfix_postqueue_selinux.8
+@@ -0,0 +1,105 @@
++.TH "postfix_postqueue_selinux" "8" "postfix_postqueue" "dwalsh at redhat.com" "postfix_postqueue SELinux Policy documentation"
++.SH "NAME"
++postfix_postqueue_selinux \- Security Enhanced Linux Policy for the postfix_postqueue processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_postqueue processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_postqueue_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_postqueue_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_postqueue policy is very flexible allowing users to setup their postfix_postqueue processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_postqueue:
++
++
++.EX
++.PP
++.B postfix_postqueue_exec_t
++.EE
++
++- Set files with the postfix_postqueue_exec_t type, if you want to transition an executable to the postfix_postqueue_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_postqueue policy is very flexible allowing users to setup their postfix_postqueue processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_postqueue:
++
++.EX
++.B postfix_postqueue_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_postqueue_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B arpwatch_tmp_t
++
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_postqueue(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_qmgr_selinux.8 b/man/man8/postfix_qmgr_selinux.8
+new file mode 100644
+index 0000000..1fb9d00
+--- /dev/null
++++ b/man/man8/postfix_qmgr_selinux.8
+@@ -0,0 +1,129 @@
++.TH "postfix_qmgr_selinux" "8" "postfix_qmgr" "dwalsh at redhat.com" "postfix_qmgr SELinux Policy documentation"
++.SH "NAME"
++postfix_qmgr_selinux \- Security Enhanced Linux Policy for the postfix_qmgr processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_qmgr processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_qmgr_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_qmgr_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_qmgr policy is very flexible allowing users to setup their postfix_qmgr processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_qmgr:
++
++
++.EX
++.PP
++.B postfix_qmgr_exec_t
++.EE
++
++- Set files with the postfix_qmgr_exec_t type, if you want to transition an executable to the postfix_qmgr_t domain.
++
++
++.EX
++.PP
++.B postfix_qmgr_tmp_t
++.EE
++
++- Set files with the postfix_qmgr_tmp_t type, if you want to store postfix qmgr temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_qmgr policy is very flexible allowing users to setup their postfix_qmgr processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_qmgr:
++
++.EX
++.B postfix_qmgr_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_qmgr_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_qmgr_tmp_t
++
++
++.br
++.B postfix_spool_maildrop_t
++
++ /var/spool/postfix/defer(/.*)?
++.br
++ /var/spool/postfix/deferred(/.*)?
++.br
++ /var/spool/postfix/maildrop(/.*)?
++.br
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_qmgr(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_showq_selinux.8 b/man/man8/postfix_showq_selinux.8
+new file mode 100644
+index 0000000..e879b70
+--- /dev/null
++++ b/man/man8/postfix_showq_selinux.8
+@@ -0,0 +1,101 @@
++.TH "postfix_showq_selinux" "8" "postfix_showq" "dwalsh at redhat.com" "postfix_showq SELinux Policy documentation"
++.SH "NAME"
++postfix_showq_selinux \- Security Enhanced Linux Policy for the postfix_showq processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_showq processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_showq_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_showq_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_showq policy is very flexible allowing users to setup their postfix_showq processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_showq:
++
++
++.EX
++.PP
++.B postfix_showq_exec_t
++.EE
++
++- Set files with the postfix_showq_exec_t type, if you want to transition an executable to the postfix_showq_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_showq policy is very flexible allowing users to setup their postfix_showq processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_showq:
++
++.EX
++.B postfix_showq_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_showq_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_showq(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postfix_smtp_selinux.8 b/man/man8/postfix_smtp_selinux.8
+new file mode 100644
+index 0000000..e36e0d8
+--- /dev/null
++++ b/man/man8/postfix_smtp_selinux.8
+@@ -0,0 +1,156 @@
++.TH "postfix_smtp_selinux" "8" "postfix_smtp" "dwalsh at redhat.com" "postfix_smtp SELinux Policy documentation"
++.SH "NAME"
++postfix_smtp_selinux \- Security Enhanced Linux Policy for the postfix_smtp processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_smtp processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_smtpd_t, postfix_smtp_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_smtpd_t, postfix_smtp_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_smtp policy is very flexible allowing users to setup their postfix_smtp processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_smtp:
++
++
++.EX
++.PP
++.B postfix_smtp_exec_t
++.EE
++
++- Set files with the postfix_smtp_exec_t type, if you want to transition an executable to the postfix_smtp_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/libexec/postfix/lmtp, /usr/libexec/postfix/smtp, /usr/libexec/postfix/scache
++
++.EX
++.PP
++.B postfix_smtp_tmp_t
++.EE
++
++- Set files with the postfix_smtp_tmp_t type, if you want to store postfix smtp temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B postfix_smtpd_exec_t
++.EE
++
++- Set files with the postfix_smtpd_exec_t type, if you want to transition an executable to the postfix_smtpd_t domain.
++
++
++.EX
++.PP
++.B postfix_smtpd_tmp_t
++.EE
++
++- Set files with the postfix_smtpd_tmp_t type, if you want to store postfix smtpd temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_smtp policy is very flexible allowing users to setup their postfix_smtp processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_smtp:
++
++.EX
++.B postfix_smtpd_t, postfix_smtp_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_smtp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_prng_t
++
++ /etc/postfix/prng_exch
++.br
++
++.br
++.B postfix_smtp_tmp_t
++
++
++.br
++.B postfix_spool_maildrop_t
++
++ /var/spool/postfix/defer(/.*)?
++.br
++ /var/spool/postfix/deferred(/.*)?
++.br
++ /var/spool/postfix/maildrop(/.*)?
++.br
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_smtp(8), semanage(8), restorecon(8), chcon(1)
++, postfix_smtpd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/postfix_smtpd_selinux.8 b/man/man8/postfix_smtpd_selinux.8
+new file mode 100644
+index 0000000..a90a9a1
+--- /dev/null
++++ b/man/man8/postfix_smtpd_selinux.8
+@@ -0,0 +1,126 @@
++.TH "postfix_smtpd_selinux" "8" "postfix_smtpd" "dwalsh at redhat.com" "postfix_smtpd SELinux Policy documentation"
++.SH "NAME"
++postfix_smtpd_selinux \- Security Enhanced Linux Policy for the postfix_smtpd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_smtpd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_smtpd_t, postfix_smtp_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_smtpd_t, postfix_smtp_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_smtpd policy is very flexible allowing users to setup their postfix_smtpd processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_smtpd:
++
++
++.EX
++.PP
++.B postfix_smtpd_exec_t
++.EE
++
++- Set files with the postfix_smtpd_exec_t type, if you want to transition an executable to the postfix_smtpd_t domain.
++
++
++.EX
++.PP
++.B postfix_smtpd_tmp_t
++.EE
++
++- Set files with the postfix_smtpd_tmp_t type, if you want to store postfix smtpd temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_smtpd policy is very flexible allowing users to setup their postfix_smtpd processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_smtpd:
++
++.EX
++.B postfix_smtpd_t, postfix_smtp_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_smtpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B postfix_prng_t
++
++ /etc/postfix/prng_exch
++.br
++
++.br
++.B postfix_smtpd_tmp_t
++
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_smtpd(8), semanage(8), restorecon(8), chcon(1)
++, postfix_smtp_selinux(8), postfix_smtp_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/postfix_virtual_selinux.8 b/man/man8/postfix_virtual_selinux.8
+new file mode 100644
+index 0000000..8d86391
+--- /dev/null
++++ b/man/man8/postfix_virtual_selinux.8
+@@ -0,0 +1,147 @@
++.TH "postfix_virtual_selinux" "8" "postfix_virtual" "dwalsh at redhat.com" "postfix_virtual SELinux Policy documentation"
++.SH "NAME"
++postfix_virtual_selinux \- Security Enhanced Linux Policy for the postfix_virtual processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postfix_virtual processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postfix_virtual_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postfix_virtual_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postfix_virtual policy is very flexible allowing users to setup their postfix_virtual processes in as secure a method as possible.
++.PP
++The following file types are defined for postfix_virtual:
++
++
++.EX
++.PP
++.B postfix_virtual_exec_t
++.EE
++
++- Set files with the postfix_virtual_exec_t type, if you want to transition an executable to the postfix_virtual_t domain.
++
++
++.EX
++.PP
++.B postfix_virtual_tmp_t
++.EE
++
++- Set files with the postfix_virtual_tmp_t type, if you want to store postfix virtual temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postfix_virtual policy is very flexible allowing users to setup their postfix_virtual processes in as secure a method as possible.
++.PP
++The following process types are defined for postfix_virtual:
++
++.EX
++.B postfix_virtual_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postfix_virtual_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B postfix_spool_t
++
++ /var/spool/postfix.*
++.br
++
++.br
++.B postfix_var_run_t
++
++ /var/spool/postfix/pid/.*
++.br
++
++.br
++.B postfix_virtual_tmp_t
++
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postfix_virtual(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/postgresql_selinux.8 b/man/man8/postgresql_selinux.8
+new file mode 100644
+index 0000000..555d167
+--- /dev/null
++++ b/man/man8/postgresql_selinux.8
+@@ -0,0 +1,320 @@
++.TH "postgresql_selinux" "8" "postgresql" "dwalsh at redhat.com" "postgresql SELinux Policy documentation"
++.SH "NAME"
++postgresql_selinux \- Security Enhanced Linux Policy for the postgresql processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postgresql processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. postgresql policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postgresql with the tightest access possible.
++
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P user_postgresql_connect 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the postgresql_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the postgresql_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++.PP
++The following file types are defined for postgresql:
++
++
++.EX
++.PP
++.B postgresql_db_t
++.EE
++
++- Set files with the postgresql_db_t type, if you want to treat the files as postgresql database content.
++
++.br
++.TP 5
++Paths:
++/usr/share/jonas/pgsql(/.*)?, /var/lib/postgres(ql)?(/.*)?, /var/lib/sepgsql(/.*)?, /usr/lib/pgsql/test/regress(/.*)?, /var/lib/pgsql(/.*)?
++
++.EX
++.PP
++.B postgresql_etc_t
++.EE
++
++- Set files with the postgresql_etc_t type, if you want to store postgresql files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/sysconfig/pgsql(/.*)?, /etc/postgresql(/.*)?
++
++.EX
++.PP
++.B postgresql_exec_t
++.EE
++
++- Set files with the postgresql_exec_t type, if you want to transition an executable to the postgresql_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/(se)?postgres, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress, /usr/bin/initdb(\.sepgsql)?
++
++.EX
++.PP
++.B postgresql_initrc_exec_t
++.EE
++
++- Set files with the postgresql_initrc_exec_t type, if you want to transition an executable to the postgresql_initrc_t domain.
++
++
++.EX
++.PP
++.B postgresql_lock_t
++.EE
++
++- Set files with the postgresql_lock_t type, if you want to treat the files as postgresql lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B postgresql_log_t
++.EE
++
++- Set files with the postgresql_log_t type, if you want to treat the data as postgresql log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/pgsql/logfile(/.*)?, /var/log/postgresql(/.*)?, /var/log/postgres\.log.*, /var/lib/sepgsql/pgstartup\.log, /var/log/rhdb/rhdb(/.*)?, /var/lib/pgsql/.*\.log, /var/log/sepostgresql\.log.*
++
++.EX
++.PP
++.B postgresql_tmp_t
++.EE
++
++- Set files with the postgresql_tmp_t type, if you want to store postgresql temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B postgresql_var_run_t
++.EE
++
++- Set files with the postgresql_var_run_t type, if you want to store the postgresql files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++.PP
++The following port types are defined for postgresql:
++
++.EX
++.TP 5
++.B postgresql_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5432
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible.
++.PP
++The following process types are defined for postgresql:
++
++.EX
++.B postgresql_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postgresql_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B hugetlbfs_t
++
++ /dev/hugepages
++.br
++ /lib/udev/devices/hugepages
++.br
++ /usr/lib/udev/devices/hugepages
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B postgresql_db_t
++
++ /var/lib/pgsql(/.*)?
++.br
++ /var/lib/sepgsql(/.*)?
++.br
++ /var/lib/postgres(ql)?(/.*)?
++.br
++ /usr/share/jonas/pgsql(/.*)?
++.br
++ /usr/lib/pgsql/test/regress(/.*)?
++.br
++
++.br
++.B postgresql_lock_t
++
++
++.br
++.B postgresql_log_t
++
++ /var/lib/pgsql/.*\.log
++.br
++ /var/log/rhdb/rhdb(/.*)?
++.br
++ /var/log/postgresql(/.*)?
++.br
++ /var/log/postgres\.log.*
++.br
++ /var/lib/pgsql/logfile(/.*)?
++.br
++ /var/log/sepostgresql\.log.*
++.br
++ /var/lib/sepgsql/pgstartup\.log
++.br
++
++.br
++.B postgresql_tmp_t
++
++
++.br
++.B postgresql_var_run_t
++
++ /var/run/postgresql(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postgresql(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/postgrey_selinux.8 b/man/man8/postgrey_selinux.8
+new file mode 100644
+index 0000000..140fc9e
+--- /dev/null
++++ b/man/man8/postgrey_selinux.8
+@@ -0,0 +1,171 @@
++.TH "postgrey_selinux" "8" "postgrey" "dwalsh at redhat.com" "postgrey SELinux Policy documentation"
++.SH "NAME"
++postgrey_selinux \- Security Enhanced Linux Policy for the postgrey processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the postgrey processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
++.PP
++The following file types are defined for postgrey:
++
++
++.EX
++.PP
++.B postgrey_etc_t
++.EE
++
++- Set files with the postgrey_etc_t type, if you want to store postgrey files in the /etc directories.
++
++
++.EX
++.PP
++.B postgrey_exec_t
++.EE
++
++- Set files with the postgrey_exec_t type, if you want to transition an executable to the postgrey_t domain.
++
++
++.EX
++.PP
++.B postgrey_initrc_exec_t
++.EE
++
++- Set files with the postgrey_initrc_exec_t type, if you want to transition an executable to the postgrey_initrc_t domain.
++
++
++.EX
++.PP
++.B postgrey_spool_t
++.EE
++
++- Set files with the postgrey_spool_t type, if you want to store the postgrey files under the /var/spool directory.
++
++
++.EX
++.PP
++.B postgrey_var_lib_t
++.EE
++
++- Set files with the postgrey_var_lib_t type, if you want to store the postgrey files under the /var/lib directory.
++
++
++.EX
++.PP
++.B postgrey_var_run_t
++.EE
++
++- Set files with the postgrey_var_run_t type, if you want to store the postgrey files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/postgrey\.pid, /var/run/postgrey(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
++.PP
++The following port types are defined for postgrey:
++
++.EX
++.TP 5
++.B postgrey_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 60000
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible.
++.PP
++The following process types are defined for postgrey:
++
++.EX
++.B postgrey_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type postgrey_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B postfix_spool_type
++
++
++.br
++.B postgrey_spool_t
++
++ /var/spool/postfix/postgrey(/.*)?
++.br
++
++.br
++.B postgrey_var_lib_t
++
++ /var/lib/postgrey(/.*)?
++.br
++
++.br
++.B postgrey_var_run_t
++
++ /var/run/postgrey(/.*)?
++.br
++ /var/run/postgrey\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pppd_selinux.8 b/man/man8/pppd_selinux.8
+new file mode 100644
+index 0000000..12f2408
+--- /dev/null
++++ b/man/man8/pppd_selinux.8
+@@ -0,0 +1,359 @@
++.TH "pppd_selinux" "8" "pppd" "dwalsh at redhat.com" "pppd SELinux Policy documentation"
++.SH "NAME"
++pppd_selinux \- Security Enhanced Linux Policy for the pppd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pppd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. pppd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pppd with the tightest access possible.
++
++
++.PP
++If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
++
++.EX
++.B setsebool -P pppd_for_user 1
++.EE
++
++.PP
++If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
++
++.EX
++.B setsebool -P pppd_can_insmod 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pppd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pppd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pppd policy is very flexible allowing users to setup their pppd processes in as secure a method as possible.
++.PP
++The following file types are defined for pppd:
++
++
++.EX
++.PP
++.B pppd_etc_rw_t
++.EE
++
++- Set files with the pppd_etc_rw_t type, if you want to treat the files as pppd etc read/write content.
++
++.br
++.TP 5
++Paths:
++/etc/ppp(/.*)?, /etc/ppp/resolv\.conf, /etc/ppp/peers(/.*)?
++
++.EX
++.PP
++.B pppd_etc_t
++.EE
++
++- Set files with the pppd_etc_t type, if you want to store pppd files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/ppp, /root/.ppprc
++
++.EX
++.PP
++.B pppd_exec_t
++.EE
++
++- Set files with the pppd_exec_t type, if you want to transition an executable to the pppd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/pppd, /usr/sbin/ipppd, /usr/sbin/pppoe-server, /usr/sbin/ppp-watch, /sbin/pppoe-server, /sbin/ppp-watch
++
++.EX
++.PP
++.B pppd_initrc_exec_t
++.EE
++
++- Set files with the pppd_initrc_exec_t type, if you want to transition an executable to the pppd_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/ppp, /etc/ppp/(auth|ip(v6|x)?)-(up|down)
++
++.EX
++.PP
++.B pppd_lock_t
++.EE
++
++- Set files with the pppd_lock_t type, if you want to treat the files as pppd lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B pppd_log_t
++.EE
++
++- Set files with the pppd_log_t type, if you want to treat the data as pppd log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/ppp(/.*)?, /var/log/ppp-connect-errors.*
++
++.EX
++.PP
++.B pppd_secret_t
++.EE
++
++- Set files with the pppd_secret_t type, if you want to treat the files as pppd se secret data.
++
++
++.EX
++.PP
++.B pppd_tmp_t
++.EE
++
++- Set files with the pppd_tmp_t type, if you want to store pppd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B pppd_unit_file_t
++.EE
++
++- Set files with the pppd_unit_file_t type, if you want to treat the files as pppd unit content.
++
++
++.EX
++.PP
++.B pppd_var_run_t
++.EE
++
++- Set files with the pppd_var_run_t type, if you want to store the pppd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/pppd[0-9]*\.tdb, /var/run/ppp(/.*)?, /var/run/(i)?ppp.*pid[^/]*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pppd policy is very flexible allowing users to setup their pppd processes in as secure a method as possible.
++.PP
++The following process types are defined for pppd:
++
++.EX
++.B pppd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pppd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B pppd_etc_rw_t
++
++ /etc/ppp(/.*)?
++.br
++ /etc/ppp/peers(/.*)?
++.br
++ /etc/ppp/resolv\.conf
++.br
++
++.br
++.B pppd_lock_t
++
++ /var/lock/ppp(/.*)?
++.br
++
++.br
++.B pppd_log_t
++
++ /var/log/ppp(/.*)?
++.br
++ /var/log/ppp-connect-errors.*
++.br
++
++.br
++.B pppd_tmp_t
++
++
++.br
++.B pppd_var_run_t
++
++ /var/run/(i)?ppp.*pid[^/]*
++.br
++ /var/run/ppp(/.*)?
++.br
++ /var/run/pppd[0-9]*\.tdb
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pppd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/pptp_selinux.8 b/man/man8/pptp_selinux.8
+new file mode 100644
+index 0000000..d3ad9b1
+--- /dev/null
++++ b/man/man8/pptp_selinux.8
+@@ -0,0 +1,145 @@
++.TH "pptp_selinux" "8" "pptp" "dwalsh at redhat.com" "pptp SELinux Policy documentation"
++.SH "NAME"
++pptp_selinux \- Security Enhanced Linux Policy for the pptp processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pptp processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pptp_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pptp_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
++.PP
++The following file types are defined for pptp:
++
++
++.EX
++.PP
++.B pptp_exec_t
++.EE
++
++- Set files with the pptp_exec_t type, if you want to transition an executable to the pptp_t domain.
++
++
++.EX
++.PP
++.B pptp_log_t
++.EE
++
++- Set files with the pptp_log_t type, if you want to treat the data as pptp log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B pptp_var_run_t
++.EE
++
++- Set files with the pptp_var_run_t type, if you want to store the pptp files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
++.PP
++The following port types are defined for pptp:
++
++.EX
++.TP 5
++.B pptp_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 1723
++.EE
++udp 1723
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible.
++.PP
++The following process types are defined for pptp:
++
++.EX
++.B pptp_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pptp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pptp_log_t
++
++
++.br
++.B pptp_var_run_t
++
++ /var/run/pptp(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/prelink_cron_system_selinux.8 b/man/man8/prelink_cron_system_selinux.8
+new file mode 100644
+index 0000000..272243a
+--- /dev/null
++++ b/man/man8/prelink_cron_system_selinux.8
+@@ -0,0 +1,116 @@
++.TH "prelink_cron_system_selinux" "8" "prelink_cron_system" "dwalsh at redhat.com" "prelink_cron_system SELinux Policy documentation"
++.SH "NAME"
++prelink_cron_system_selinux \- Security Enhanced Linux Policy for the prelink_cron_system processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelink_cron_system processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelink_cron_system_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the prelink_cron_system_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelink_cron_system policy is very flexible allowing users to setup their prelink_cron_system processes in as secure a method as possible.
++.PP
++The following file types are defined for prelink_cron_system:
++
++
++.EX
++.PP
++.B prelink_cron_system_exec_t
++.EE
++
++- Set files with the prelink_cron_system_exec_t type, if you want to transition an executable to the prelink_cron_system_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelink_cron_system policy is very flexible allowing users to setup their prelink_cron_system processes in as secure a method as possible.
++.PP
++The following process types are defined for prelink_cron_system:
++
++.EX
++.B prelink_cron_system_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelink_cron_system_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B prelink_log_t
++
++ /var/log/prelink(/.*)?
++.br
++ /var/log/prelink\.log.*
++.br
++
++.br
++.B prelink_var_lib_t
++
++ /var/lib/prelink(/.*)?
++.br
++ /var/lib/misc/prelink.*
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelink_cron_system(8), semanage(8), restorecon(8), chcon(1)
++, prelink_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/prelink_selinux.8 b/man/man8/prelink_selinux.8
+new file mode 100644
+index 0000000..60be53f
+--- /dev/null
++++ b/man/man8/prelink_selinux.8
+@@ -0,0 +1,748 @@
++.TH "prelink_selinux" "8" "prelink" "dwalsh at redhat.com" "prelink SELinux Policy documentation"
++.SH "NAME"
++prelink_selinux \- Security Enhanced Linux Policy for the prelink processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelink processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelink_cron_system_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the prelink_cron_system_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelink policy is very flexible allowing users to setup their prelink processes in as secure a method as possible.
++.PP
++The following file types are defined for prelink:
++
++
++.EX
++.PP
++.B prelink_cache_t
++.EE
++
++- Set files with the prelink_cache_t type, if you want to store the files under the /var/cache directory.
++
++
++.EX
++.PP
++.B prelink_cron_system_exec_t
++.EE
++
++- Set files with the prelink_cron_system_exec_t type, if you want to transition an executable to the prelink_cron_system_t domain.
++
++
++.EX
++.PP
++.B prelink_exec_t
++.EE
++
++- Set files with the prelink_exec_t type, if you want to transition an executable to the prelink_t domain.
++
++
++.EX
++.PP
++.B prelink_log_t
++.EE
++
++- Set files with the prelink_log_t type, if you want to treat the data as prelink log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/prelink(/.*)?, /var/log/prelink\.log.*
++
++.EX
++.PP
++.B prelink_tmp_t
++.EE
++
++- Set files with the prelink_tmp_t type, if you want to store prelink temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B prelink_tmpfs_t
++.EE
++
++- Set files with the prelink_tmpfs_t type, if you want to store prelink files on a tmpfs file system.
++
++
++.EX
++.PP
++.B prelink_var_lib_t
++.EE
++
++- Set files with the prelink_var_lib_t type, if you want to store the prelink files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/prelink(/.*)?, /var/lib/misc/prelink.*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelink policy is very flexible allowing users to setup their prelink processes in as secure a method as possible.
++.PP
++The following process types are defined for prelink:
++
++.EX
++.B prelink_cron_system_t, prelink_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelink_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B exec_type
++
++
++.br
++.B ld_so_t
++
++ /usr/(.*/)?lib(/.*)?/ld-[^/]*\.so(\.[^/]*)*
++.br
++ /lib/ld-[^/]*\.so(\.[^/]*)*
++.br
++ /usr/lib/ld-[^/]*\.so(\.[^/]*)*
++.br
++ /var/ftp/lib/ld[^/]*\.so(\.[^/]*)*
++.br
++ /emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)*
++.br
++ /emul/ia32-linux/usr(/.*)?/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)*
++.br
++ /var/spool/postfix/lib/ld.*\.so.*
++.br
++
++.br
++.B lib_t
++
++ /lib/.*
++.br
++ /opt/.*\.so(\.[^/]*)*
++.br
++ /usr/.*\.so(\.[^/]*)*
++.br
++ /opt/(.*/)?lib(/.*)?
++.br
++ /usr/(.*/)?lib(/.*)?
++.br
++ /opt/(.*/)?jre/.+\.jar
++.br
++ /opt/(.*/)?java/.+\.jar
++.br
++ /usr/(.*/)?java/.+\.jar
++.br
++ /usr/(.*/)?java/.+\.jsa
++.br
++ /usr/lib/.*
++.br
++ /usr/lib/.*/program(/.*)?\.so
++.br
++ /var/ftp/lib(/.*)?
++.br
++ /opt/Acrobat[5-9]/Reader/intellinux/plugins/.*\.api
++.br
++ /opt/ibm/java.*/jre/.+\.jar
++.br
++ /usr/lib/pgsql/.*\.so.*
++.br
++ /usr/lib/xfce4/.*\.so.*
++.br
++ /opt/Adobe/Reader.?/Reader/intellinux/SPPlugins/.*\.ap[il]
++.br
++ /emul/ia32-linux/lib(/.*)?
++.br
++ /emul/ia32-linux/usr(/.*)?/lib(/.*)?
++.br
++ /emul/ia32-linux/usr(/.*)?/java/.*\.jar
++.br
++ /emul/ia32-linux/usr(/.*)?/java/.*\.jsa
++.br
++ /emul/ia32-linux/usr(/.*)?/java/.+\.so(\.[^/]*)*
++.br
++ /var/spool/postfix/lib(/.*)?
++.br
++ /var/spool/postfix/usr(/.*)?
++.br
++ /var/mailman/pythonlib(/.*)?/.+\.so(\..*)?
++.br
++ /var/spool/postfix/lib64(/.*)?
++.br
++ /usr/lib/nspluginwrapper/np.*\.so
++.br
++ /usr/lib/pgsql/test/regress/.*\.so.*
++.br
++ /usr/share/hplip/prnt/plugins(/.*)?
++.br
++ /var/lib/spamassassin/compiled/.*\.so.*
++.br
++ /lib
++.br
++ /lib64
++.br
++ /usr/lib
++.br
++ /etc/ppp/plugins/rp-pppoe\.so
++.br
++ /usr/share/rhn/rhn_applet/eggtrayiconmodule\.so
++.br
++
++.br
++.B mozilla_plugin_rw_t
++
++ /usr/lib/mozilla/plugins-wrapped(/.*)?
++.br
++
++.br
++.B prelink_cache_t
++
++ /etc/prelink\.cache
++.br
++
++.br
++.B prelink_object
++
++
++.br
++.B prelink_tmp_t
++
++
++.br
++.B prelink_tmpfs_t
++
++
++.br
++.B prelink_var_lib_t
++
++ /var/lib/prelink(/.*)?
++.br
++ /var/lib/misc/prelink.*
++.br
++
++.br
++.B rpm_tmp_t
++
++
++.br
++.B textrel_shlib_t
++
++ /usr/(.*/)?nprhapengine\.so.*
++.br
++ /usr/(.*/)?nvidia/.+\.so(\..*)?
++.br
++ /usr/(.*/)?java/.+\.so(\.[^/]*)*
++.br
++ /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*
++.br
++ /usr/(.*/)?jre.*/.*\.so(\.[^/]*)*
++.br
++ /opt/(.*/)?oracle/(.*/)?libnnz.*\.so
++.br
++ /opt/(.*/)?/RealPlayer/.+\.so(\.[^/]*)*
++.br
++ /usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)*
++.br
++ /usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)*
++.br
++ /usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)?
++.br
++ /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl
++.br
++ /usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)*
++.br
++ /opt/cx.*/lib/wine/.+\.so
++.br
++ /usr/lib.*/libmpg123\.so(\.[^/]*)*
++.br
++ /usr/lib(/.*)?/nvidia/.+\.so(\..*)?
++.br
++ /usr/lib(/.*)?/libnvidia.+\.so(\.[^/]*)*
++.br
++ /usr/lib(/.*)?/nvidia_drv.*\.so(\.[^/]*)*
++.br
++ /usr/lib/.*/nprhapengine\.so.*
++.br
++ /usr/lib/.*/libflashplayer\.so.*
++.br
++ /usr/lib/(sse2/)?libfame-.*\.so.*
++.br
++ /usr/lib/.*/program/libsoffice\.so
++.br
++ /usr/lib/.*/program/libsts645li\.so
++.br
++ /usr/lib/.*/program/libwrp645li\.so
++.br
++ /usr/lib/.*/program/libswd680li\.so
++.br
++ /usr/lib/.*/program/libsvx680li\.so
++.br
++ /usr/lib/.*/program/libicudata\.so.*
++.br
++ /usr/lib/(.*/)?jre.*/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/.*/program/librecentfile\.so
++.br
++ /usr/lib/.*/program/libcomphelp4gcc3\.so
++.br
++ /usr/lib/.*/program/libvclplug_gen645li\.so
++.br
++ /usr/lib/(virtualbox(-ose)?/)?(components/)?VBox.*\.so
++.br
++ /opt/Adobe.*/libcurl\.so
++.br
++ /opt/Adobe(/.*?)/nppdf\.so
++.br
++ /usr/Adobe/.*\.api
++.br
++ /opt/matlab.*\.so(\.[^/]*)*
++.br
++ /usr/matlab.*\.so(\.[^/]*)*
++.br
++ /usr/Adobe/(.*/)?intellinux/nppdf\.so
++.br
++ /usr/Adobe/(.*/)?intellinux/sidecars/*
++.br
++ /usr/Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)*
++.br
++ /usr/matlab.*/bin/glnx86/libmwlapack\.so
++.br
++ /usr/matlab.*/sys/os/glnx86/libtermcap\.so
++.br
++ /usr/matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so
++.br
++ /opt/google/.*\.so.*
++.br
++ /opt/altera9.1/quartus/linux/libccl_err\.so
++.br
++ /usr/lib/nsr/(.*/)?.*\.so
++.br
++ /opt/ibm/java.*/jre/.+\.so(\.[^/]*)*
++.br
++ /opt/ibm/java.*/jre/bin/.+\.so(\.[^/]*)*
++.br
++ /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)*
++.br
++ /usr/lib/wine/.+\.so
++.br
++ /usr/lib/sse2/.*\.so.*
++.br
++ /usr/lib/i686/.*\.so.*
++.br
++ /usr/lib/libav.*\.so(\.[^/]*)*
++.br
++ /usr/acroread/(.*/)?intellinux/nppdf\.so
++.br
++ /usr/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)*
++.br
++ /usr/lib/libADM.*\.so.*
++.br
++ /opt/lampp/lib/.*\.so.*
++.br
++ /usr/lib/libGTL.*\.so.*
++.br
++ /usr/lib/win32/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/fglrx/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/nvidia.*\.so(\.[^/]*)*
++.br
++ /opt/VirtualBox(/.*)?/VBox.*\.so
++.br
++ /usr/lib/python.*/site-packages/pymedia/muxer\.so
++.br
++ /usr/lib/libmyth[^/]+\.so.*
++.br
++ /usr/lib/midori/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/cedega/.+\.so(\.[^/]*)*
++.br
++ /usr/lib/libADM5.*\.so(\.[^/]*)*
++.br
++ /usr/lib/vmware/(.*/)?VmPerl\.so
++.br
++ /usr/lib/oracle/.*/lib/libnnz10\.so
++.br
++ /usr/lib/oracle/.*/lib/libnnz.*\.so
++.br
++ /usr/lib/oracle/.*/lib/libclntsh\.so(\.[^/]*)*
++.br
++ /usr/lib/python2.4/site-packages/M2Crypto/__m2crypto\.so
++.br
++ /usr/lib/libjs\.so.*
++.br
++ /usr/lib/libGL\.so(\.[^/]*)*
++.br
++ /usr/libmpg123\.so(\.[^/]*)*
++.br
++ /usr/lib/libnnz11.so(\.[^/]*)*
++.br
++ /opt/local/matlab.*\.so(\.[^/]*)*
++.br
++ /opt/lgtonmc/bin/.*\.so(\.[0-9])?
++.br
++ /usr/lib/allegro/(.*/)?alleg-vga\.so
++.br
++ /usr/lib/jvm/java(.*/)bin(/.*)?/.*\.so
++.br
++ /usr/lib/firefox-[^/]*/plugins/nppdf.so
++.br
++ /opt/Adobe/Reader.?/Reader/intellinux/plug_ins/.*\.api
++.br
++ /usr/lib/firefox-[^/]*/extensions(/.*)?/libqfaservices.so
++.br
++ /usr/lib/acroread/.+\.api
++.br
++ /usr/google-earth/.*\.so.*
++.br
++ /opt/google-earth/.*\.so.*
++.br
++ /usr/lib/acroread/(.*/)?nppdf\.so
++.br
++ /usr/lib/acroread/(.*/)?sidecars/*
++.br
++ /usr/lib/acroread/(.*/)?ADMPlugin\.apl
++.br
++ /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)*
++.br
++ /usr/lib/libFLAC\.so.*
++.br
++ /usr/lib/libgpac\.so.*
++.br
++ /opt/google/picasa/.*\.dll
++.br
++ /opt/google/picasa/.*\.yti
++.br
++ /opt/google/chrome/.*\.so.*
++.br
++ /usr/lib/libzvbi\.so(\.[^/]*)*
++.br
++ /usr/lib/libx264\.so(\.[^/]*)*
++.br
++ /usr/lib/ati-fglrx/.+\.so(\..*)?
++.br
++ /usr/lib/gstreamer-.*/[^/]*\.so.*
++.br
++ /usr/lib/ICAClient/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/vmware/lib(/.*)?/HConfig\.so
++.br
++ /usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)*
++.br
++ /usr/lib/vmware/lib(/.*)?/libgdk-x11-.*\.so.*
++.br
++ /usr/lib/vmware/lib(/.*)?/libvmware-gksu.*\.so.*
++.br
++ /usr/lib/libmpeg2\.so.*
++.br
++ /usr/lib/valgrind/vg.*\.so
++.br
++ /usr/lib/virtualbox/.*\.so
++.br
++ /usr/lib/libglide3-v[0-9]*\.so.*
++.br
++ /usr/lib/libglide3\.so.*
++.br
++ /usr/lib/libHermes\.so.*
++.br
++ /usr/lib/libdvdcss\.so.*
++.br
++ /usr/lib/libGLcore\.so.*
++.br
++ /usr/lib/googleearth/.*\.so.*
++.br
++ /usr/NX/lib/libjpeg\.so.*
++.br
++ /usr/lib/nx/libjpeg\.so.*
++.br
++ /usr/lib/libswscale\.so.*
++.br
++ /usr/lib/libmp3lame\.so.*
++.br
++ /usr/lib/nmm/liba52\.so.*
++.br
++ /usr/lib/xine/plugins/.+\.so
++.br
++ /usr/lib/google-earth/.*\.so.*
++.br
++ /usr/lib/helix/codecs/[^/]*\.so
++.br
++ /usr/lib/xorg/libGL\.so(\.[^/]*)*
++.br
++ /usr/X11R6/lib/libGL\.so.*
++.br
++ /usr/NX/lib/libXcomp\.so.*
++.br
++ /usr/lib/nx/libXcomp\.so.*
++.br
++ /usr/lib/libxvidcore\.so.*
++.br
++ /usr/lib/libpostproc\.so.*
++.br
++ /opt/lampp/lib/libct\.so.*
++.br
++ /opt/google/talkplugin/.*\.so.*
++.br
++ /usr/lib/helix/plugins/[^/]*\.so
++.br
++ /usr/lib/libatiadlxx\.so(\.[^/]*)*
++.br
++ /opt/VBoxGuestAdditions.*/lib/VBox.*\.so
++.br
++ /usr/lib/mythtv/filters/.*\.so.*
++.br
++ /usr/lib/libtfmessbsp\.so(\.[^/]*)*
++.br
++ /usr/lib/sse2/libx264\.so(\.[^/]*)*
++.br
++ /usr/lib/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.*
++.br
++ /usr/lib/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)*
++.br
++ /usr/lib/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)*
++.br
++ /usr/lib/libsipphoneapi\.so.*
++.br
++ /usr/lib/libfglrx_gamma\.so.*
++.br
++ /usr/lib/chromium-browser/.*\.so
++.br
++ /usr/lib/catalyst/libGL\.so(\.[^/]*)*
++.br
++ /usr/lib/yafaray/libDarkSky.so
++.br
++ /opt/real/RealPlayer/codecs(/.*)?
++.br
++ /usr/lib/libcncpmslld328\.so(\.[^/]*)*
++.br
++ /opt/real/RealPlayer/plugins(/.*)?
++.br
++ /usr/lib/libkmplayercommon\.so.*
++.br
++ /usr/lib/libjavascriptcoregtk[^/]*\.so.*
++.br
++ /usr/games/darwinia/lib/libSDL.*\.so.*
++.br
++ /usr/lib/altivec/libavcodec\.so(\.[^/]*)*
++.br
++ /usr/lib/xorg/modules/glesx\.so(\.[^/]*)*
++.br
++ /usr/X11R6/lib/libXvMCNVIDIA\.so.*
++.br
++ /usr/lib/sane/libsane-epkowa\.so.*
++.br
++ /opt/AutoScan/usr/lib/libvte\.so.*
++.br
++ /usr/X11R6/lib/libfglrx_gamma\.so.*
++.br
++ /usr/lib/nero/plug-ins/libMP3\.so(\.[^/]*)*
++.br
++ /usr/lib/vdpau/libvdpau_nvidia\.so.*
++.br
++ /usr/lib/ADM_plugins/videoFilter/.*\.so(\.[^/]*)*
++.br
++ /opt/Unify/SQLBase/libgptsblmsui11\.so.*
++.br
++ /usr/share/squeezeboxserver/CPAN/arch/.+\.so
++.br
++ /opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)*
++.br
++ /usr/lib/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)*
++.br
++ /opt/Komodo-Edit-5/lib/python/lib/python2.6/lib-dynload/.*\.so(\.[^/]*)*
++.br
++ /usr/lib/xorg/modules/drivers/fglrx_drv\.so(\.[^/]*)*
++.br
++ /usr/lib/xorg/modules/extensions/libglx\.so(\.[^/]*)*
++.br
++ /usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)*
++.br
++ /usr/bin/bsnes
++.br
++ /usr/lib/VBoxVMM\.so
++.br
++ /usr/lib/valgrind/hp2ps
++.br
++ /usr/lib/libmlib_jai\.so
++.br
++ /usr/lib/valgrind/stage2
++.br
++ /lib/security/pam_poldi\.so
++.br
++ /usr/lib/libg\+\+\.so\.2\.7\.2\.8
++.br
++ /usr/lib/ladspa/gsm_1215\.so
++.br
++ /usr/lib/ladspa/sc1_1425\.so
++.br
++ /usr/lib/ladspa/sc2_1426\.so
++.br
++ /usr/lib/ladspa/sc3_1427\.so
++.br
++ /usr/lib/ladspa/sc4_1882\.so
++.br
++ /usr/lib/ladspa/se4_1883\.so
++.br
++ /usr/lib/libdivxdecore\.so\.0
++.br
++ /usr/lib/libdivxencore\.so\.0
++.br
++ /usr/lib/libstdc\+\+\.so\.2\.7\.2\.8
++.br
++ /usr/lib/ladspa/gverb_1216\.so
++.br
++ /usr/lib/security/pam_poldi\.so
++.br
++ /usr/lib/ladspa/fm_osc_1415\.so
++.br
++ /usr/zend/lib/apache2/libphp5\.so
++.br
++ /usr/lib/mozilla/plugins/nppdf\.so
++.br
++ /usr/lib/ladspa/notch_iir_1894\.so
++.br
++ /usr/lib/xchat/plugins/systray\.so
++.br
++ /usr/lib/ocaml/stublibs/dllnums\.so
++.br
++ /usr/lib/vlc/codec/libdmo_plugin\.so
++.br
++ /usr/lib/ladspa/butterworth_1902\.so
++.br
++ /usr/lib/ladspa/lowpass_iir_1891\.so
++.br
++ /usr/lib/ladspa/pitch_scale_1193\.so
++.br
++ /usr/lib/ladspa/pitch_scale_1194\.so
++.br
++ /usr/lib/ladspa/analogue_osc_1416\.so
++.br
++ /usr/lib/ladspa/bandpass_iir_1892\.so
++.br
++ /usr/lib/ladspa/highpass_iir_1890\.so
++.br
++ /usr/Zend/lib/ZendExtensionManager\.so
++.br
++ /opt/cisco-vpnclient/lib/libvpnapi\.so
++.br
++ /usr/lib/firefox/plugins/libractrl\.so
++.br
++ /usr/lib/ladspa/hermes_filter_1200\.so
++.br
++ /usr/lib/ladspa/bandpass_a_iir_1893\.so
++.br
++ /usr/lib/octagaplayer/libapplication\.so
++.br
++ /usr/lib/mozilla/plugins/libvlcplugin\.so
++.br
++ /usr/lib/vlc/codec/librealvideo_plugin\.so
++.br
++ /usr/lib/vlc/codec/librealaudio_plugin\.so
++.br
++ /usr/lib/xorg/modules/drivers/nvidia_drv\.o
++.br
++ /opt/novell/groupwise/client/lib/libgwapijni\.so\.1
++.br
++ /usr/lib/vlc/video_chroma/libi420_rgb_mmx_plugin\.so
++.br
++ /home/[^/]*/.*/plugins/nppdf\.so.*
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B usr_t
++
++ /usr/.*
++.br
++ /opt/.*
++.br
++ /emul/.*
++.br
++ /export(/.*)?
++.br
++ /usr/doc(/.*)?/lib(/.*)?
++.br
++ /usr/inclu.e(/.*)?
++.br
++ /usr/share/doc(/.*)?/README.*
++.br
++ /usr
++.br
++ /opt
++.br
++ /emul
++.br
++
++.br
++.B var_t
++
++ /nsr(/.*)?
++.br
++ /var/.*
++.br
++ /srv/.*
++.br
++ /var
++.br
++ /srv
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1)
++, prelink_cron_system_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/prelude_audisp_selinux.8 b/man/man8/prelude_audisp_selinux.8
+new file mode 100644
+index 0000000..e0d6999
+--- /dev/null
++++ b/man/man8/prelude_audisp_selinux.8
+@@ -0,0 +1,98 @@
++.TH "prelude_audisp_selinux" "8" "prelude_audisp" "dwalsh at redhat.com" "prelude_audisp SELinux Policy documentation"
++.SH "NAME"
++prelude_audisp_selinux \- Security Enhanced Linux Policy for the prelude_audisp processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelude_audisp processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelude_audisp policy is very flexible allowing users to setup their prelude_audisp processes in as secure a method as possible.
++.PP
++The following file types are defined for prelude_audisp:
++
++
++.EX
++.PP
++.B prelude_audisp_exec_t
++.EE
++
++- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/audisp-prelude, /usr/sbin/audisp-prelude
++
++.EX
++.PP
++.B prelude_audisp_var_run_t
++.EE
++
++- Set files with the prelude_audisp_var_run_t type, if you want to store the prelude audisp files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelude_audisp policy is very flexible allowing users to setup their prelude_audisp processes in as secure a method as possible.
++.PP
++The following process types are defined for prelude_audisp:
++
++.EX
++.B prelude_audisp_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelude_audisp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelude_audisp(8), semanage(8), restorecon(8), chcon(1)
++, prelude_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/prelude_correlator_selinux.8 b/man/man8/prelude_correlator_selinux.8
+new file mode 100644
+index 0000000..c1ee731
+--- /dev/null
++++ b/man/man8/prelude_correlator_selinux.8
+@@ -0,0 +1,94 @@
++.TH "prelude_correlator_selinux" "8" "prelude_correlator" "dwalsh at redhat.com" "prelude_correlator SELinux Policy documentation"
++.SH "NAME"
++prelude_correlator_selinux \- Security Enhanced Linux Policy for the prelude_correlator processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelude_correlator processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelude_correlator policy is very flexible allowing users to setup their prelude_correlator processes in as secure a method as possible.
++.PP
++The following file types are defined for prelude_correlator:
++
++
++.EX
++.PP
++.B prelude_correlator_config_t
++.EE
++
++- Set files with the prelude_correlator_config_t type, if you want to treat the files as prelude correlator configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B prelude_correlator_exec_t
++.EE
++
++- Set files with the prelude_correlator_exec_t type, if you want to transition an executable to the prelude_correlator_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelude_correlator policy is very flexible allowing users to setup their prelude_correlator processes in as secure a method as possible.
++.PP
++The following process types are defined for prelude_correlator:
++
++.EX
++.B prelude_correlator_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelude_correlator_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelude_correlator(8), semanage(8), restorecon(8), chcon(1)
++, prelude_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/prelude_lml_selinux.8 b/man/man8/prelude_lml_selinux.8
+new file mode 100644
+index 0000000..0fc4389
+--- /dev/null
++++ b/man/man8/prelude_lml_selinux.8
+@@ -0,0 +1,136 @@
++.TH "prelude_lml_selinux" "8" "prelude_lml" "dwalsh at redhat.com" "prelude_lml SELinux Policy documentation"
++.SH "NAME"
++prelude_lml_selinux \- Security Enhanced Linux Policy for the prelude_lml processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelude_lml processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelude_lml_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the prelude_lml_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelude_lml policy is very flexible allowing users to setup their prelude_lml processes in as secure a method as possible.
++.PP
++The following file types are defined for prelude_lml:
++
++
++.EX
++.PP
++.B prelude_lml_exec_t
++.EE
++
++- Set files with the prelude_lml_exec_t type, if you want to transition an executable to the prelude_lml_t domain.
++
++
++.EX
++.PP
++.B prelude_lml_tmp_t
++.EE
++
++- Set files with the prelude_lml_tmp_t type, if you want to store prelude lml temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B prelude_lml_var_run_t
++.EE
++
++- Set files with the prelude_lml_var_run_t type, if you want to store the prelude lml files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelude_lml policy is very flexible allowing users to setup their prelude_lml processes in as secure a method as possible.
++.PP
++The following process types are defined for prelude_lml:
++
++.EX
++.B prelude_lml_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelude_lml_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B prelude_lml_tmp_t
++
++
++.br
++.B prelude_lml_var_run_t
++
++ /var/run/prelude-lml.pid
++.br
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.br
++.B prelude_var_lib_t
++
++ /var/lib/prelude-lml(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelude_lml(8), semanage(8), restorecon(8), chcon(1)
++, prelude_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/prelude_selinux.8 b/man/man8/prelude_selinux.8
+new file mode 100644
+index 0000000..f563c49
+--- /dev/null
++++ b/man/man8/prelude_selinux.8
+@@ -0,0 +1,258 @@
++.TH "prelude_selinux" "8" "prelude" "dwalsh at redhat.com" "prelude SELinux Policy documentation"
++.SH "NAME"
++prelude_selinux \- Security Enhanced Linux Policy for the prelude processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the prelude processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the prelude_lml_t, prelude_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the prelude_lml_t, prelude_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
++.PP
++The following file types are defined for prelude:
++
++
++.EX
++.PP
++.B prelude_audisp_exec_t
++.EE
++
++- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/audisp-prelude, /usr/sbin/audisp-prelude
++
++.EX
++.PP
++.B prelude_audisp_var_run_t
++.EE
++
++- Set files with the prelude_audisp_var_run_t type, if you want to store the prelude audisp files under the /run directory.
++
++
++.EX
++.PP
++.B prelude_correlator_config_t
++.EE
++
++- Set files with the prelude_correlator_config_t type, if you want to treat the files as prelude correlator configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B prelude_correlator_exec_t
++.EE
++
++- Set files with the prelude_correlator_exec_t type, if you want to transition an executable to the prelude_correlator_t domain.
++
++
++.EX
++.PP
++.B prelude_exec_t
++.EE
++
++- Set files with the prelude_exec_t type, if you want to transition an executable to the prelude_t domain.
++
++
++.EX
++.PP
++.B prelude_initrc_exec_t
++.EE
++
++- Set files with the prelude_initrc_exec_t type, if you want to transition an executable to the prelude_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-lml
++
++.EX
++.PP
++.B prelude_lml_exec_t
++.EE
++
++- Set files with the prelude_lml_exec_t type, if you want to transition an executable to the prelude_lml_t domain.
++
++
++.EX
++.PP
++.B prelude_lml_tmp_t
++.EE
++
++- Set files with the prelude_lml_tmp_t type, if you want to store prelude lml temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B prelude_lml_var_run_t
++.EE
++
++- Set files with the prelude_lml_var_run_t type, if you want to store the prelude lml files under the /run directory.
++
++
++.EX
++.PP
++.B prelude_log_t
++.EE
++
++- Set files with the prelude_log_t type, if you want to treat the data as prelude log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B prelude_spool_t
++.EE
++
++- Set files with the prelude_spool_t type, if you want to store the prelude files under the /var/spool directory.
++
++.br
++.TP 5
++Paths:
++/var/spool/prelude(/.*)?, /var/spool/prelude-manager(/.*)?
++
++.EX
++.PP
++.B prelude_var_lib_t
++.EE
++
++- Set files with the prelude_var_lib_t type, if you want to store the prelude files under the /var/lib directory.
++
++
++.EX
++.PP
++.B prelude_var_run_t
++.EE
++
++- Set files with the prelude_var_run_t type, if you want to store the prelude files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
++.PP
++The following port types are defined for prelude:
++
++.EX
++.TP 5
++.B prelude_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 4690
++.EE
++udp 4690
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible.
++.PP
++The following process types are defined for prelude:
++
++.EX
++.B prelude_lml_t, prelude_t, prelude_audisp_t, prelude_correlator_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type prelude_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B prelude_log_t
++
++ /var/log/prelude.*
++.br
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.br
++.B prelude_var_lib_t
++
++ /var/lib/prelude-lml(/.*)?
++.br
++
++.br
++.B prelude_var_run_t
++
++ /var/run/prelude-manager(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1)
++, prelude_audisp_selinux(8), prelude_correlator_selinux(8), prelude_lml_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/privoxy_selinux.8 b/man/man8/privoxy_selinux.8
+new file mode 100644
+index 0000000..ea2f1ae
+--- /dev/null
++++ b/man/man8/privoxy_selinux.8
+@@ -0,0 +1,154 @@
++.TH "privoxy_selinux" "8" "privoxy" "dwalsh at redhat.com" "privoxy SELinux Policy documentation"
++.SH "NAME"
++privoxy_selinux \- Security Enhanced Linux Policy for the privoxy processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the privoxy processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. privoxy policy is extremely flexible and has several booleans that allow you to manipulate the policy and run privoxy with the tightest access possible.
++
++
++.PP
++If you want to allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the privoxy_connect_any boolean.
++
++.EX
++.B setsebool -P privoxy_connect_any 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the privoxy_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the privoxy_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux privoxy policy is very flexible allowing users to setup their privoxy processes in as secure a method as possible.
++.PP
++The following file types are defined for privoxy:
++
++
++.EX
++.PP
++.B privoxy_etc_rw_t
++.EE
++
++- Set files with the privoxy_etc_rw_t type, if you want to treat the files as privoxy etc read/write content.
++
++
++.EX
++.PP
++.B privoxy_exec_t
++.EE
++
++- Set files with the privoxy_exec_t type, if you want to transition an executable to the privoxy_t domain.
++
++
++.EX
++.PP
++.B privoxy_initrc_exec_t
++.EE
++
++- Set files with the privoxy_initrc_exec_t type, if you want to transition an executable to the privoxy_initrc_t domain.
++
++
++.EX
++.PP
++.B privoxy_log_t
++.EE
++
++- Set files with the privoxy_log_t type, if you want to treat the data as privoxy log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B privoxy_var_run_t
++.EE
++
++- Set files with the privoxy_var_run_t type, if you want to store the privoxy files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux privoxy policy is very flexible allowing users to setup their privoxy processes in as secure a method as possible.
++.PP
++The following process types are defined for privoxy:
++
++.EX
++.B privoxy_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type privoxy_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B privoxy_etc_rw_t
++
++ /etc/privoxy/[^/]*\.action
++.br
++
++.br
++.B privoxy_log_t
++
++ /var/log/privoxy(/.*)?
++.br
++
++.br
++.B privoxy_var_run_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), privoxy(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/procmail_selinux.8 b/man/man8/procmail_selinux.8
+new file mode 100644
+index 0000000..192912a
+--- /dev/null
++++ b/man/man8/procmail_selinux.8
+@@ -0,0 +1,159 @@
++.TH "procmail_selinux" "8" "procmail" "dwalsh at redhat.com" "procmail SELinux Policy documentation"
++.SH "NAME"
++procmail_selinux \- Security Enhanced Linux Policy for the procmail processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the procmail processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the procmail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the procmail_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux procmail policy is very flexible allowing users to setup their procmail processes in as secure a method as possible.
++.PP
++The following file types are defined for procmail:
++
++
++.EX
++.PP
++.B procmail_exec_t
++.EE
++
++- Set files with the procmail_exec_t type, if you want to transition an executable to the procmail_t domain.
++
++
++.EX
++.PP
++.B procmail_home_t
++.EE
++
++- Set files with the procmail_home_t type, if you want to store procmail files in the users home directory.
++
++
++.EX
++.PP
++.B procmail_log_t
++.EE
++
++- Set files with the procmail_log_t type, if you want to treat the data as procmail log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/procmail\.log.*, /var/log/procmail(/.*)?
++
++.EX
++.PP
++.B procmail_tmp_t
++.EE
++
++- Set files with the procmail_tmp_t type, if you want to store procmail temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux procmail policy is very flexible allowing users to setup their procmail processes in as secure a method as possible.
++.PP
++The following process types are defined for procmail:
++
++.EX
++.B procmail_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type procmail_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B data_home_t
++
++ /root/\.local/share(/.*)?
++.br
++ /home/[^/]*/\.local/share(/.*)?
++.br
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B procmail_tmp_t
++
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/psad_selinux.8 b/man/man8/psad_selinux.8
+new file mode 100644
+index 0000000..0a13a35
+--- /dev/null
++++ b/man/man8/psad_selinux.8
+@@ -0,0 +1,155 @@
++.TH "psad_selinux" "8" "psad" "dwalsh at redhat.com" "psad SELinux Policy documentation"
++.SH "NAME"
++psad_selinux \- Security Enhanced Linux Policy for the psad processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the psad processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the psad_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the psad_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux psad policy is very flexible allowing users to setup their psad processes in as secure a method as possible.
++.PP
++The following file types are defined for psad:
++
++
++.EX
++.PP
++.B psad_etc_t
++.EE
++
++- Set files with the psad_etc_t type, if you want to store psad files in the /etc directories.
++
++
++.EX
++.PP
++.B psad_exec_t
++.EE
++
++- Set files with the psad_exec_t type, if you want to transition an executable to the psad_t domain.
++
++
++.EX
++.PP
++.B psad_initrc_exec_t
++.EE
++
++- Set files with the psad_initrc_exec_t type, if you want to transition an executable to the psad_initrc_t domain.
++
++
++.EX
++.PP
++.B psad_tmp_t
++.EE
++
++- Set files with the psad_tmp_t type, if you want to store psad temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B psad_var_lib_t
++.EE
++
++- Set files with the psad_var_lib_t type, if you want to store the psad files under the /var/lib directory.
++
++
++.EX
++.PP
++.B psad_var_log_t
++.EE
++
++- Set files with the psad_var_log_t type, if you want to treat the data as psad var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B psad_var_run_t
++.EE
++
++- Set files with the psad_var_run_t type, if you want to store the psad files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux psad policy is very flexible allowing users to setup their psad processes in as secure a method as possible.
++.PP
++The following process types are defined for psad:
++
++.EX
++.B psad_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type psad_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B psad_tmp_t
++
++
++.br
++.B psad_var_log_t
++
++ /var/log/psad(/.*)?
++.br
++
++.br
++.B psad_var_run_t
++
++ /var/run/psad(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), psad(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ptal_selinux.8 b/man/man8/ptal_selinux.8
+new file mode 100644
+index 0000000..4abc155
+--- /dev/null
++++ b/man/man8/ptal_selinux.8
+@@ -0,0 +1,135 @@
++.TH "ptal_selinux" "8" "ptal" "dwalsh at redhat.com" "ptal SELinux Policy documentation"
++.SH "NAME"
++ptal_selinux \- Security Enhanced Linux Policy for the ptal processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ptal processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
++.PP
++The following file types are defined for ptal:
++
++
++.EX
++.PP
++.B ptal_etc_t
++.EE
++
++- Set files with the ptal_etc_t type, if you want to store ptal files in the /etc directories.
++
++
++.EX
++.PP
++.B ptal_exec_t
++.EE
++
++- Set files with the ptal_exec_t type, if you want to transition an executable to the ptal_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/ptal-photod, /usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd
++
++.EX
++.PP
++.B ptal_var_run_t
++.EE
++
++- Set files with the ptal_var_run_t type, if you want to store the ptal files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/ptal-mlcd(/.*)?, /var/run/ptal-printd(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
++.PP
++The following port types are defined for ptal:
++
++.EX
++.TP 5
++.B ptal_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 5703
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible.
++.PP
++The following process types are defined for ptal:
++
++.EX
++.B ptal_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ptal_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ptal_var_run_t
++
++ /var/run/ptal-mlcd(/.*)?
++.br
++ /var/run/ptal-printd(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ptchown_selinux.8 b/man/man8/ptchown_selinux.8
+new file mode 100644
+index 0000000..920c71b
+--- /dev/null
++++ b/man/man8/ptchown_selinux.8
+@@ -0,0 +1,81 @@
++.TH "ptchown_selinux" "8" "ptchown" "dwalsh at redhat.com" "ptchown SELinux Policy documentation"
++.SH "NAME"
++ptchown_selinux \- Security Enhanced Linux Policy for the ptchown processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ptchown processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ptchown policy is very flexible allowing users to setup their ptchown processes in as secure a method as possible.
++.PP
++The following file types are defined for ptchown:
++
++
++.EX
++.PP
++.B ptchown_exec_t
++.EE
++
++- Set files with the ptchown_exec_t type, if you want to transition an executable to the ptchown_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ptchown policy is very flexible allowing users to setup their ptchown processes in as secure a method as possible.
++.PP
++The following process types are defined for ptchown:
++
++.EX
++.B ptchown_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ptchown_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/publicfile_selinux.8 b/man/man8/publicfile_selinux.8
+new file mode 100644
+index 0000000..e8035f6
+--- /dev/null
++++ b/man/man8/publicfile_selinux.8
+@@ -0,0 +1,89 @@
++.TH "publicfile_selinux" "8" "publicfile" "dwalsh at redhat.com" "publicfile SELinux Policy documentation"
++.SH "NAME"
++publicfile_selinux \- Security Enhanced Linux Policy for the publicfile processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the publicfile processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux publicfile policy is very flexible allowing users to setup their publicfile processes in as secure a method as possible.
++.PP
++The following file types are defined for publicfile:
++
++
++.EX
++.PP
++.B publicfile_content_t
++.EE
++
++- Set files with the publicfile_content_t type, if you want to treat the files as publicfile content.
++
++
++.EX
++.PP
++.B publicfile_exec_t
++.EE
++
++- Set files with the publicfile_exec_t type, if you want to transition an executable to the publicfile_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/httpd, /usr/bin/ftpd
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux publicfile policy is very flexible allowing users to setup their publicfile processes in as secure a method as possible.
++.PP
++The following process types are defined for publicfile:
++
++.EX
++.B publicfile_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type publicfile_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pulseaudio_selinux.8 b/man/man8/pulseaudio_selinux.8
+new file mode 100644
+index 0000000..107a0f7
+--- /dev/null
++++ b/man/man8/pulseaudio_selinux.8
+@@ -0,0 +1,247 @@
++.TH "pulseaudio_selinux" "8" "pulseaudio" "dwalsh at redhat.com" "pulseaudio SELinux Policy documentation"
++.SH "NAME"
++pulseaudio_selinux \- Security Enhanced Linux Policy for the pulseaudio processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pulseaudio processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pulseaudio_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pulseaudio_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
++.PP
++The following file types are defined for pulseaudio:
++
++
++.EX
++.PP
++.B pulseaudio_exec_t
++.EE
++
++- Set files with the pulseaudio_exec_t type, if you want to transition an executable to the pulseaudio_t domain.
++
++
++.EX
++.PP
++.B pulseaudio_home_t
++.EE
++
++- Set files with the pulseaudio_home_t type, if you want to store pulseaudio files in the users home directory.
++
++.br
++.TP 5
++Paths:
++/root/\.pulse-cookie, /root/\.pulse(/.*)?, /root/\.esd_auth
++
++.EX
++.PP
++.B pulseaudio_tmpfs_t
++.EE
++
++- Set files with the pulseaudio_tmpfs_t type, if you want to store pulseaudio files on a tmpfs file system.
++
++
++.EX
++.PP
++.B pulseaudio_var_lib_t
++.EE
++
++- Set files with the pulseaudio_var_lib_t type, if you want to store the pulseaudio files under the /var/lib directory.
++
++
++.EX
++.PP
++.B pulseaudio_var_run_t
++.EE
++
++- Set files with the pulseaudio_var_run_t type, if you want to store the pulseaudio files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
++.PP
++The following port types are defined for pulseaudio:
++
++.EX
++.TP 5
++.B pulseaudio_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 4713
++.EE
++udp 4713
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible.
++.PP
++The following process types are defined for pulseaudio:
++
++.EX
++.B pulseaudio_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pulseaudio_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B gstreamer_home_t
++
++ /var/run/user/[^/]*/\.orc(/.*)?
++.br
++ /root/\.gstreamer-.*
++.br
++ /home/[^/]*/\.orc(/.*)?
++.br
++ /home/[^/]*/\.gstreamer-.*
++.br
++ /home/[^/]*/\.grl-bookmarks
++.br
++ /home/[^/]*/\.grl-bookmarks
++.br
++ /home/[^/]*/\.grl-metadata-store
++.br
++
++.br
++.B pulseaudio_home_t
++
++ /root/\.pulse(/.*)?
++.br
++ /root/\.esd_auth
++.br
++ /root/\.pulse-cookie
++.br
++ /home/[^/]*/\.pulse(/.*)?
++.br
++ /home/[^/]*/\.esd_auth
++.br
++ /home/[^/]*/\.pulse-cookie
++.br
++
++.br
++.B pulseaudio_var_lib_t
++
++ /var/lib/pulse(/.*)?
++.br
++
++.br
++.B pulseaudio_var_run_t
++
++ /var/run/pulse(/.*)?
++.br
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
++
++.br
++.B virt_tmpfs_type
++
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/puppet_selinux.8 b/man/man8/puppet_selinux.8
+new file mode 100644
+index 0000000..9d5cb4b
+--- /dev/null
++++ b/man/man8/puppet_selinux.8
+@@ -0,0 +1,335 @@
++.TH "puppet_selinux" "8" "puppet" "dwalsh at redhat.com" "puppet SELinux Policy documentation"
++.SH "NAME"
++puppet_selinux \- Security Enhanced Linux Policy for the puppet processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the puppet processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. puppet policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppet with the tightest access possible.
++
++
++.PP
++If you want to allow Puppet client to manage all file types, you must turn on the puppet_manage_all_files boolean.
++
++.EX
++.B setsebool -P puppet_manage_all_files 1
++.EE
++
++.PP
++If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++
++.EX
++.B setsebool -P puppetmaster_use_db 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the puppetmaster_t, puppet_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the puppetmaster_t, puppet_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
++.PP
++The following file types are defined for puppet:
++
++
++.EX
++.PP
++.B puppet_etc_t
++.EE
++
++- Set files with the puppet_etc_t type, if you want to store puppet files in the /etc directories.
++
++
++.EX
++.PP
++.B puppet_exec_t
++.EE
++
++- Set files with the puppet_exec_t type, if you want to transition an executable to the puppet_t domain.
++
++
++.EX
++.PP
++.B puppet_initrc_exec_t
++.EE
++
++- Set files with the puppet_initrc_exec_t type, if you want to transition an executable to the puppet_initrc_t domain.
++
++
++.EX
++.PP
++.B puppet_log_t
++.EE
++
++- Set files with the puppet_log_t type, if you want to treat the data as puppet log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B puppet_tmp_t
++.EE
++
++- Set files with the puppet_tmp_t type, if you want to store puppet temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B puppet_var_lib_t
++.EE
++
++- Set files with the puppet_var_lib_t type, if you want to store the puppet files under the /var/lib directory.
++
++
++.EX
++.PP
++.B puppet_var_run_t
++.EE
++
++- Set files with the puppet_var_run_t type, if you want to store the puppet files under the /run directory.
++
++
++.EX
++.PP
++.B puppetca_exec_t
++.EE
++
++- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain.
++
++
++.EX
++.PP
++.B puppetmaster_exec_t
++.EE
++
++- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain.
++
++
++.EX
++.PP
++.B puppetmaster_initrc_exec_t
++.EE
++
++- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain.
++
++
++.EX
++.PP
++.B puppetmaster_tmp_t
++.EE
++
++- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
++.PP
++The following port types are defined for puppet:
++
++.EX
++.TP 5
++.B puppet_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 8140
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible.
++.PP
++The following process types are defined for puppet:
++
++.EX
++.B puppet_t, puppetmaster_t, puppetca_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type puppet_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boolean_type
++
++
++.br
++.B configfile
++
++
++.br
++.B etc_t
++
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B krb5_keytab_t
++
++ /etc/krb5\.keytab
++.br
++ /etc/krb5kdc/kadm5\.keytab
++.br
++ /var/kerberos/krb5kdc/kadm5\.keytab
++.br
++
++.br
++.B puppet_tmp_t
++
++
++.br
++.B puppet_var_lib_t
++
++ /var/lib/puppet(/.*)?
++.br
++
++.br
++.B puppet_var_run_t
++
++ /var/run/puppet(/.*)?
++.br
++
++.br
++.B rpm_log_t
++
++ /var/log/yum\.log.*
++.br
++
++.br
++.B rpm_var_lib_t
++
++ /var/lib/rpm(/.*)?
++.br
++ /var/lib/yum(/.*)?
++.br
++ /var/lib/PackageKit(/.*)?
++.br
++ /var/lib/alternatives(/.*)?
++.br
++
++.br
++.B var_t
++
++ /nsr(/.*)?
++.br
++ /var/.*
++.br
++ /srv/.*
++.br
++ /var
++.br
++ /srv
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), puppet(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), puppetca_selinux(8), puppetmaster_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/puppetca_selinux.8 b/man/man8/puppetca_selinux.8
+new file mode 100644
+index 0000000..7f68ef8
+--- /dev/null
++++ b/man/man8/puppetca_selinux.8
+@@ -0,0 +1,90 @@
++.TH "puppetca_selinux" "8" "puppetca" "dwalsh at redhat.com" "puppetca SELinux Policy documentation"
++.SH "NAME"
++puppetca_selinux \- Security Enhanced Linux Policy for the puppetca processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the puppetca processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux puppetca policy is very flexible allowing users to setup their puppetca processes in as secure a method as possible.
++.PP
++The following file types are defined for puppetca:
++
++
++.EX
++.PP
++.B puppetca_exec_t
++.EE
++
++- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux puppetca policy is very flexible allowing users to setup their puppetca processes in as secure a method as possible.
++.PP
++The following process types are defined for puppetca:
++
++.EX
++.B puppetca_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type puppetca_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B puppet_var_lib_t
++
++ /var/lib/puppet(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1)
++, puppet_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/puppetmaster_selinux.8 b/man/man8/puppetmaster_selinux.8
+new file mode 100644
+index 0000000..c8b9148
+--- /dev/null
++++ b/man/man8/puppetmaster_selinux.8
+@@ -0,0 +1,150 @@
++.TH "puppetmaster_selinux" "8" "puppetmaster" "dwalsh at redhat.com" "puppetmaster SELinux Policy documentation"
++.SH "NAME"
++puppetmaster_selinux \- Security Enhanced Linux Policy for the puppetmaster processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the puppetmaster processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. puppetmaster policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppetmaster with the tightest access possible.
++
++
++.PP
++If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++
++.EX
++.B setsebool -P puppetmaster_use_db 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the puppetmaster_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the puppetmaster_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux puppetmaster policy is very flexible allowing users to setup their puppetmaster processes in as secure a method as possible.
++.PP
++The following file types are defined for puppetmaster:
++
++
++.EX
++.PP
++.B puppetmaster_exec_t
++.EE
++
++- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain.
++
++
++.EX
++.PP
++.B puppetmaster_initrc_exec_t
++.EE
++
++- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain.
++
++
++.EX
++.PP
++.B puppetmaster_tmp_t
++.EE
++
++- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux puppetmaster policy is very flexible allowing users to setup their puppetmaster processes in as secure a method as possible.
++.PP
++The following process types are defined for puppetmaster:
++
++.EX
++.B puppetmaster_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type puppetmaster_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B puppet_log_t
++
++ /var/log/puppet(/.*)?
++.br
++
++.br
++.B puppet_var_lib_t
++
++ /var/lib/puppet(/.*)?
++.br
++
++.br
++.B puppet_var_run_t
++
++ /var/run/puppet(/.*)?
++.br
++
++.br
++.B puppetmaster_tmp_t
++
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), puppetmaster(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), puppet_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/pwauth_selinux.8 b/man/man8/pwauth_selinux.8
+new file mode 100644
+index 0000000..8203ab6
+--- /dev/null
++++ b/man/man8/pwauth_selinux.8
+@@ -0,0 +1,105 @@
++.TH "pwauth_selinux" "8" "pwauth" "dwalsh at redhat.com" "pwauth SELinux Policy documentation"
++.SH "NAME"
++pwauth_selinux \- Security Enhanced Linux Policy for the pwauth processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pwauth processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pwauth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pwauth_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pwauth policy is very flexible allowing users to setup their pwauth processes in as secure a method as possible.
++.PP
++The following file types are defined for pwauth:
++
++
++.EX
++.PP
++.B pwauth_exec_t
++.EE
++
++- Set files with the pwauth_exec_t type, if you want to transition an executable to the pwauth_t domain.
++
++
++.EX
++.PP
++.B pwauth_var_run_t
++.EE
++
++- Set files with the pwauth_var_run_t type, if you want to store the pwauth files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pwauth policy is very flexible allowing users to setup their pwauth processes in as secure a method as possible.
++.PP
++The following process types are defined for pwauth:
++
++.EX
++.B pwauth_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pwauth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pwauth_var_run_t
++
++ /var/run/pwauth.lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pwauth(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/pyicqt_selinux.8 b/man/man8/pyicqt_selinux.8
+new file mode 100644
+index 0000000..bb7f404
+--- /dev/null
++++ b/man/man8/pyicqt_selinux.8
+@@ -0,0 +1,133 @@
++.TH "pyicqt_selinux" "8" "pyicqt" "dwalsh at redhat.com" "pyicqt SELinux Policy documentation"
++.SH "NAME"
++pyicqt_selinux \- Security Enhanced Linux Policy for the pyicqt processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the pyicqt processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the pyicqt_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the pyicqt_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux pyicqt policy is very flexible allowing users to setup their pyicqt processes in as secure a method as possible.
++.PP
++The following file types are defined for pyicqt:
++
++
++.EX
++.PP
++.B pyicqt_exec_t
++.EE
++
++- Set files with the pyicqt_exec_t type, if you want to transition an executable to the pyicqt_t domain.
++
++
++.EX
++.PP
++.B pyicqt_log_t
++.EE
++
++- Set files with the pyicqt_log_t type, if you want to treat the data as pyicqt log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B pyicqt_var_run_t
++.EE
++
++- Set files with the pyicqt_var_run_t type, if you want to store the pyicqt files under the /run directory.
++
++
++.EX
++.PP
++.B pyicqt_var_spool_t
++.EE
++
++- Set files with the pyicqt_var_spool_t type, if you want to store the pyicqt var files under the /var/spool directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux pyicqt policy is very flexible allowing users to setup their pyicqt processes in as secure a method as possible.
++.PP
++The following process types are defined for pyicqt:
++
++.EX
++.B pyicqt_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type pyicqt_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B pyicqt_log_t
++
++ /var/log/pyicq-t\.log.*
++.br
++
++.br
++.B pyicqt_var_run_t
++
++ /var/run/pyicq-t(/.*)?
++.br
++
++.br
++.B pyicqt_var_spool_t
++
++ /var/spool/pyicq-t(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qdiskd_selinux.8 b/man/man8/qdiskd_selinux.8
+new file mode 100644
+index 0000000..05ed9d6
+--- /dev/null
++++ b/man/man8/qdiskd_selinux.8
+@@ -0,0 +1,151 @@
++.TH "qdiskd_selinux" "8" "qdiskd" "dwalsh at redhat.com" "qdiskd SELinux Policy documentation"
++.SH "NAME"
++qdiskd_selinux \- Security Enhanced Linux Policy for the qdiskd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qdiskd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the qdiskd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the qdiskd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qdiskd policy is very flexible allowing users to setup their qdiskd processes in as secure a method as possible.
++.PP
++The following file types are defined for qdiskd:
++
++
++.EX
++.PP
++.B qdiskd_exec_t
++.EE
++
++- Set files with the qdiskd_exec_t type, if you want to transition an executable to the qdiskd_t domain.
++
++
++.EX
++.PP
++.B qdiskd_tmpfs_t
++.EE
++
++- Set files with the qdiskd_tmpfs_t type, if you want to store qdiskd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B qdiskd_var_lib_t
++.EE
++
++- Set files with the qdiskd_var_lib_t type, if you want to store the qdiskd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B qdiskd_var_log_t
++.EE
++
++- Set files with the qdiskd_var_log_t type, if you want to treat the data as qdiskd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B qdiskd_var_run_t
++.EE
++
++- Set files with the qdiskd_var_run_t type, if you want to store the qdiskd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qdiskd policy is very flexible allowing users to setup their qdiskd processes in as secure a method as possible.
++.PP
++The following process types are defined for qdiskd:
++
++.EX
++.B qdiskd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qdiskd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_var_lib_t
++
++ /var/lib/cluster(/.*)?
++.br
++
++.br
++.B qdiskd_tmpfs_t
++
++
++.br
++.B qdiskd_var_lib_t
++
++ /var/lib/qdiskd(/.*)?
++.br
++
++.br
++.B qdiskd_var_log_t
++
++ /var/log/cluster/qdiskd\.log.*
++.br
++
++.br
++.B qdiskd_var_run_t
++
++ /var/run/qdiskd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qemu_dm_selinux.8 b/man/man8/qemu_dm_selinux.8
+new file mode 100644
+index 0000000..865dcdd
+--- /dev/null
++++ b/man/man8/qemu_dm_selinux.8
+@@ -0,0 +1,81 @@
++.TH "qemu_dm_selinux" "8" "qemu_dm" "dwalsh at redhat.com" "qemu_dm SELinux Policy documentation"
++.SH "NAME"
++qemu_dm_selinux \- Security Enhanced Linux Policy for the qemu_dm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qemu_dm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qemu_dm policy is very flexible allowing users to setup their qemu_dm processes in as secure a method as possible.
++.PP
++The following file types are defined for qemu_dm:
++
++
++.EX
++.PP
++.B qemu_dm_exec_t
++.EE
++
++- Set files with the qemu_dm_exec_t type, if you want to transition an executable to the qemu_dm_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qemu_dm policy is very flexible allowing users to setup their qemu_dm processes in as secure a method as possible.
++.PP
++The following process types are defined for qemu_dm:
++
++.EX
++.B qemu_dm_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qemu_dm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B xenfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qemu_dm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_clean_selinux.8 b/man/man8/qmail_clean_selinux.8
+new file mode 100644
+index 0000000..65cf30c
+--- /dev/null
++++ b/man/man8/qmail_clean_selinux.8
+@@ -0,0 +1,77 @@
++.TH "qmail_clean_selinux" "8" "qmail_clean" "dwalsh at redhat.com" "qmail_clean SELinux Policy documentation"
++.SH "NAME"
++qmail_clean_selinux \- Security Enhanced Linux Policy for the qmail_clean processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_clean processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_clean policy is very flexible allowing users to setup their qmail_clean processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_clean:
++
++
++.EX
++.PP
++.B qmail_clean_exec_t
++.EE
++
++- Set files with the qmail_clean_exec_t type, if you want to transition an executable to the qmail_clean_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_clean policy is very flexible allowing users to setup their qmail_clean processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_clean:
++
++.EX
++.B qmail_clean_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_clean_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_clean(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_inject_selinux.8 b/man/man8/qmail_inject_selinux.8
+new file mode 100644
+index 0000000..f44d42a
+--- /dev/null
++++ b/man/man8/qmail_inject_selinux.8
+@@ -0,0 +1,81 @@
++.TH "qmail_inject_selinux" "8" "qmail_inject" "dwalsh at redhat.com" "qmail_inject SELinux Policy documentation"
++.SH "NAME"
++qmail_inject_selinux \- Security Enhanced Linux Policy for the qmail_inject processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_inject processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_inject policy is very flexible allowing users to setup their qmail_inject processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_inject:
++
++
++.EX
++.PP
++.B qmail_inject_exec_t
++.EE
++
++- Set files with the qmail_inject_exec_t type, if you want to transition an executable to the qmail_inject_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_inject policy is very flexible allowing users to setup their qmail_inject processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_inject:
++
++.EX
++.B qmail_inject_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_inject_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B arpwatch_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_inject(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_local_selinux.8 b/man/man8/qmail_local_selinux.8
+new file mode 100644
+index 0000000..b5e3a22
+--- /dev/null
++++ b/man/man8/qmail_local_selinux.8
+@@ -0,0 +1,129 @@
++.TH "qmail_local_selinux" "8" "qmail_local" "dwalsh at redhat.com" "qmail_local SELinux Policy documentation"
++.SH "NAME"
++qmail_local_selinux \- Security Enhanced Linux Policy for the qmail_local processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_local processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the qmail_local_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the qmail_local_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_local policy is very flexible allowing users to setup their qmail_local processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_local:
++
++
++.EX
++.PP
++.B qmail_local_exec_t
++.EE
++
++- Set files with the qmail_local_exec_t type, if you want to transition an executable to the qmail_local_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_local policy is very flexible allowing users to setup their qmail_local processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_local:
++
++.EX
++.B qmail_local_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_local_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B qmail_alias_home_t
++
++ /var/qmail/alias(/.*)?
++.br
++ /var/qmail/alias
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_local(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_lspawn_selinux.8 b/man/man8/qmail_lspawn_selinux.8
+new file mode 100644
+index 0000000..38201ca
+--- /dev/null
++++ b/man/man8/qmail_lspawn_selinux.8
+@@ -0,0 +1,97 @@
++.TH "qmail_lspawn_selinux" "8" "qmail_lspawn" "dwalsh at redhat.com" "qmail_lspawn SELinux Policy documentation"
++.SH "NAME"
++qmail_lspawn_selinux \- Security Enhanced Linux Policy for the qmail_lspawn processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_lspawn processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_lspawn policy is very flexible allowing users to setup their qmail_lspawn processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_lspawn:
++
++
++.EX
++.PP
++.B qmail_lspawn_exec_t
++.EE
++
++- Set files with the qmail_lspawn_exec_t type, if you want to transition an executable to the qmail_lspawn_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_lspawn policy is very flexible allowing users to setup their qmail_lspawn processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_lspawn:
++
++.EX
++.B qmail_lspawn_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_lspawn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_lspawn(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_queue_selinux.8 b/man/man8/qmail_queue_selinux.8
+new file mode 100644
+index 0000000..8505d8d
+--- /dev/null
++++ b/man/man8/qmail_queue_selinux.8
+@@ -0,0 +1,87 @@
++.TH "qmail_queue_selinux" "8" "qmail_queue" "dwalsh at redhat.com" "qmail_queue SELinux Policy documentation"
++.SH "NAME"
++qmail_queue_selinux \- Security Enhanced Linux Policy for the qmail_queue processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_queue processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_queue policy is very flexible allowing users to setup their qmail_queue processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_queue:
++
++
++.EX
++.PP
++.B qmail_queue_exec_t
++.EE
++
++- Set files with the qmail_queue_exec_t type, if you want to transition an executable to the qmail_queue_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_queue policy is very flexible allowing users to setup their qmail_queue processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_queue:
++
++.EX
++.B qmail_queue_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_queue_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B arpwatch_tmp_t
++
++
++.br
++.B qmail_spool_t
++
++ /var/qmail/queue(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_queue(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_remote_selinux.8 b/man/man8/qmail_remote_selinux.8
+new file mode 100644
+index 0000000..a2e0add
+--- /dev/null
++++ b/man/man8/qmail_remote_selinux.8
+@@ -0,0 +1,83 @@
++.TH "qmail_remote_selinux" "8" "qmail_remote" "dwalsh at redhat.com" "qmail_remote SELinux Policy documentation"
++.SH "NAME"
++qmail_remote_selinux \- Security Enhanced Linux Policy for the qmail_remote processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_remote processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_remote policy is very flexible allowing users to setup their qmail_remote processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_remote:
++
++
++.EX
++.PP
++.B qmail_remote_exec_t
++.EE
++
++- Set files with the qmail_remote_exec_t type, if you want to transition an executable to the qmail_remote_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_remote policy is very flexible allowing users to setup their qmail_remote processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_remote:
++
++.EX
++.B qmail_remote_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_remote_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B qmail_spool_t
++
++ /var/qmail/queue(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_remote(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_rspawn_selinux.8 b/man/man8/qmail_rspawn_selinux.8
+new file mode 100644
+index 0000000..6eebbf4
+--- /dev/null
++++ b/man/man8/qmail_rspawn_selinux.8
+@@ -0,0 +1,83 @@
++.TH "qmail_rspawn_selinux" "8" "qmail_rspawn" "dwalsh at redhat.com" "qmail_rspawn SELinux Policy documentation"
++.SH "NAME"
++qmail_rspawn_selinux \- Security Enhanced Linux Policy for the qmail_rspawn processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_rspawn processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_rspawn policy is very flexible allowing users to setup their qmail_rspawn processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_rspawn:
++
++
++.EX
++.PP
++.B qmail_rspawn_exec_t
++.EE
++
++- Set files with the qmail_rspawn_exec_t type, if you want to transition an executable to the qmail_rspawn_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_rspawn policy is very flexible allowing users to setup their qmail_rspawn processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_rspawn:
++
++.EX
++.B qmail_rspawn_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_rspawn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B qmail_spool_t
++
++ /var/qmail/queue(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_rspawn(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_send_selinux.8 b/man/man8/qmail_send_selinux.8
+new file mode 100644
+index 0000000..04619a2
+--- /dev/null
++++ b/man/man8/qmail_send_selinux.8
+@@ -0,0 +1,83 @@
++.TH "qmail_send_selinux" "8" "qmail_send" "dwalsh at redhat.com" "qmail_send SELinux Policy documentation"
++.SH "NAME"
++qmail_send_selinux \- Security Enhanced Linux Policy for the qmail_send processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_send processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_send policy is very flexible allowing users to setup their qmail_send processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_send:
++
++
++.EX
++.PP
++.B qmail_send_exec_t
++.EE
++
++- Set files with the qmail_send_exec_t type, if you want to transition an executable to the qmail_send_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_send policy is very flexible allowing users to setup their qmail_send processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_send:
++
++.EX
++.B qmail_send_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_send_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B qmail_spool_t
++
++ /var/qmail/queue(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_send(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_smtpd_selinux.8 b/man/man8/qmail_smtpd_selinux.8
+new file mode 100644
+index 0000000..b8a059b
+--- /dev/null
++++ b/man/man8/qmail_smtpd_selinux.8
+@@ -0,0 +1,77 @@
++.TH "qmail_smtpd_selinux" "8" "qmail_smtpd" "dwalsh at redhat.com" "qmail_smtpd SELinux Policy documentation"
++.SH "NAME"
++qmail_smtpd_selinux \- Security Enhanced Linux Policy for the qmail_smtpd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_smtpd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_smtpd policy is very flexible allowing users to setup their qmail_smtpd processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_smtpd:
++
++
++.EX
++.PP
++.B qmail_smtpd_exec_t
++.EE
++
++- Set files with the qmail_smtpd_exec_t type, if you want to transition an executable to the qmail_smtpd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_smtpd policy is very flexible allowing users to setup their qmail_smtpd processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_smtpd:
++
++.EX
++.B qmail_smtpd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_smtpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_smtpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_splogger_selinux.8 b/man/man8/qmail_splogger_selinux.8
+new file mode 100644
+index 0000000..f09a7fe
+--- /dev/null
++++ b/man/man8/qmail_splogger_selinux.8
+@@ -0,0 +1,77 @@
++.TH "qmail_splogger_selinux" "8" "qmail_splogger" "dwalsh at redhat.com" "qmail_splogger SELinux Policy documentation"
++.SH "NAME"
++qmail_splogger_selinux \- Security Enhanced Linux Policy for the qmail_splogger processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_splogger processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_splogger policy is very flexible allowing users to setup their qmail_splogger processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_splogger:
++
++
++.EX
++.PP
++.B qmail_splogger_exec_t
++.EE
++
++- Set files with the qmail_splogger_exec_t type, if you want to transition an executable to the qmail_splogger_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_splogger policy is very flexible allowing users to setup their qmail_splogger processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_splogger:
++
++.EX
++.B qmail_splogger_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_splogger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_splogger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_start_selinux.8 b/man/man8/qmail_start_selinux.8
+new file mode 100644
+index 0000000..c1062e6
+--- /dev/null
++++ b/man/man8/qmail_start_selinux.8
+@@ -0,0 +1,77 @@
++.TH "qmail_start_selinux" "8" "qmail_start" "dwalsh at redhat.com" "qmail_start SELinux Policy documentation"
++.SH "NAME"
++qmail_start_selinux \- Security Enhanced Linux Policy for the qmail_start processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_start processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_start policy is very flexible allowing users to setup their qmail_start processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_start:
++
++
++.EX
++.PP
++.B qmail_start_exec_t
++.EE
++
++- Set files with the qmail_start_exec_t type, if you want to transition an executable to the qmail_start_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_start policy is very flexible allowing users to setup their qmail_start processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_start:
++
++.EX
++.B qmail_start_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_start_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_start(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qmail_tcp_env_selinux.8 b/man/man8/qmail_tcp_env_selinux.8
+new file mode 100644
+index 0000000..b8c348b
+--- /dev/null
++++ b/man/man8/qmail_tcp_env_selinux.8
+@@ -0,0 +1,77 @@
++.TH "qmail_tcp_env_selinux" "8" "qmail_tcp_env" "dwalsh at redhat.com" "qmail_tcp_env SELinux Policy documentation"
++.SH "NAME"
++qmail_tcp_env_selinux \- Security Enhanced Linux Policy for the qmail_tcp_env processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qmail_tcp_env processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qmail_tcp_env policy is very flexible allowing users to setup their qmail_tcp_env processes in as secure a method as possible.
++.PP
++The following file types are defined for qmail_tcp_env:
++
++
++.EX
++.PP
++.B qmail_tcp_env_exec_t
++.EE
++
++- Set files with the qmail_tcp_env_exec_t type, if you want to transition an executable to the qmail_tcp_env_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qmail_tcp_env policy is very flexible allowing users to setup their qmail_tcp_env processes in as secure a method as possible.
++.PP
++The following process types are defined for qmail_tcp_env:
++
++.EX
++.B qmail_tcp_env_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qmail_tcp_env_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qmail_tcp_env(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/qpidd_selinux.8 b/man/man8/qpidd_selinux.8
+new file mode 100644
+index 0000000..1c40256
+--- /dev/null
++++ b/man/man8/qpidd_selinux.8
+@@ -0,0 +1,147 @@
++.TH "qpidd_selinux" "8" "qpidd" "dwalsh at redhat.com" "qpidd SELinux Policy documentation"
++.SH "NAME"
++qpidd_selinux \- Security Enhanced Linux Policy for the qpidd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the qpidd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux qpidd policy is very flexible allowing users to setup their qpidd processes in as secure a method as possible.
++.PP
++The following file types are defined for qpidd:
++
++
++.EX
++.PP
++.B qpidd_exec_t
++.EE
++
++- Set files with the qpidd_exec_t type, if you want to transition an executable to the qpidd_t domain.
++
++
++.EX
++.PP
++.B qpidd_initrc_exec_t
++.EE
++
++- Set files with the qpidd_initrc_exec_t type, if you want to transition an executable to the qpidd_initrc_t domain.
++
++
++.EX
++.PP
++.B qpidd_tmpfs_t
++.EE
++
++- Set files with the qpidd_tmpfs_t type, if you want to store qpidd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B qpidd_var_lib_t
++.EE
++
++- Set files with the qpidd_var_lib_t type, if you want to store the qpidd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B qpidd_var_run_t
++.EE
++
++- Set files with the qpidd_var_run_t type, if you want to store the qpidd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/qpidd(/.*)?, /var/run/qpidd\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux qpidd policy is very flexible allowing users to setup their qpidd processes in as secure a method as possible.
++.PP
++The following process types are defined for qpidd:
++
++.EX
++.B qpidd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type qpidd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B matahari_var_lib_t
++
++ /var/lib/matahari(/.*)?
++.br
++
++.br
++.B matahari_var_run_t
++
++ /var/run/matahari(/.*)?
++.br
++ /var/run/matahari\.pid
++.br
++ /var/run/matahari-broker\.pid
++.br
++
++.br
++.B qpidd_tmpfs_t
++
++
++.br
++.B qpidd_var_lib_t
++
++ /var/lib/qpidd(/.*)?
++.br
++
++.br
++.B qpidd_var_run_t
++
++ /var/run/qpidd(/.*)?
++.br
++ /var/run/qpidd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/quantum_selinux.8 b/man/man8/quantum_selinux.8
+new file mode 100644
+index 0000000..715e232
+--- /dev/null
++++ b/man/man8/quantum_selinux.8
+@@ -0,0 +1,169 @@
++.TH "quantum_selinux" "8" "quantum" "dwalsh at redhat.com" "quantum SELinux Policy documentation"
++.SH "NAME"
++quantum_selinux \- Security Enhanced Linux Policy for the quantum processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the quantum processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the quantum_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the quantum_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++.PP
++The following file types are defined for quantum:
++
++
++.EX
++.PP
++.B quantum_exec_t
++.EE
++
++- Set files with the quantum_exec_t type, if you want to transition an executable to the quantum_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/quantum-openvswitch-agent, /usr/bin/quantum-server, /usr/bin/quantum-ryu-agent, /usr/bin/quantum-linuxbridge-agent
++
++.EX
++.PP
++.B quantum_log_t
++.EE
++
++- Set files with the quantum_log_t type, if you want to treat the data as quantum log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B quantum_tmp_t
++.EE
++
++- Set files with the quantum_tmp_t type, if you want to store quantum temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B quantum_unit_file_t
++.EE
++
++- Set files with the quantum_unit_file_t type, if you want to treat the files as quantum unit content.
++
++
++.EX
++.PP
++.B quantum_var_lib_t
++.EE
++
++- Set files with the quantum_var_lib_t type, if you want to store the quantum files under the /var/lib directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++.PP
++The following port types are defined for quantum:
++
++.EX
++.TP 5
++.B quantum_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 9696
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux quantum policy is very flexible allowing users to setup their quantum processes in as secure a method as possible.
++.PP
++The following process types are defined for quantum:
++
++.EX
++.B quantum_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type quantum_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B quantum_log_t
++
++ /var/log/quantum(/.*)?
++.br
++
++.br
++.B quantum_tmp_t
++
++
++.br
++.B quantum_var_lib_t
++
++ /var/lib/quantum(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), quantum(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/quota_nld_selinux.8 b/man/man8/quota_nld_selinux.8
+new file mode 100644
+index 0000000..016d8c6
+--- /dev/null
++++ b/man/man8/quota_nld_selinux.8
+@@ -0,0 +1,106 @@
++.TH "quota_nld_selinux" "8" "quota_nld" "dwalsh at redhat.com" "quota_nld SELinux Policy documentation"
++.SH "NAME"
++quota_nld_selinux \- Security Enhanced Linux Policy for the quota_nld processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the quota_nld processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the quota_nld_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the quota_nld_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux quota_nld policy is very flexible allowing users to setup their quota_nld processes in as secure a method as possible.
++.PP
++The following file types are defined for quota_nld:
++
++
++.EX
++.PP
++.B quota_nld_exec_t
++.EE
++
++- Set files with the quota_nld_exec_t type, if you want to transition an executable to the quota_nld_t domain.
++
++
++.EX
++.PP
++.B quota_nld_var_run_t
++.EE
++
++- Set files with the quota_nld_var_run_t type, if you want to store the quota nld files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux quota_nld policy is very flexible allowing users to setup their quota_nld processes in as secure a method as possible.
++.PP
++The following process types are defined for quota_nld:
++
++.EX
++.B quota_nld_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type quota_nld_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B quota_nld_var_run_t
++
++ /var/run/quota_nld\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), quota_nld(8), semanage(8), restorecon(8), chcon(1)
++, quota_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/quota_selinux.8 b/man/man8/quota_selinux.8
+new file mode 100644
+index 0000000..37ee71e
+--- /dev/null
++++ b/man/man8/quota_selinux.8
+@@ -0,0 +1,152 @@
++.TH "quota_selinux" "8" "quota" "dwalsh at redhat.com" "quota SELinux Policy documentation"
++.SH "NAME"
++quota_selinux \- Security Enhanced Linux Policy for the quota processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the quota processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the quota_nld_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the quota_nld_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux quota policy is very flexible allowing users to setup their quota processes in as secure a method as possible.
++.PP
++The following file types are defined for quota:
++
++
++.EX
++.PP
++.B quota_db_t
++.EE
++
++- Set files with the quota_db_t type, if you want to treat the files as quota database content.
++
++.br
++.TP 5
++Paths:
++/boot/a?quota\.(user|group), /etc/a?quota\.(user|group), /var/lib/stickshift/a?quota\.(user|group), /a?quota\.(user|group), /var/a?quota\.(user|group), /var/spool/(.*/)?a?quota\.(user|group)
++
++.EX
++.PP
++.B quota_exec_t
++.EE
++
++- Set files with the quota_exec_t type, if you want to transition an executable to the quota_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/convertquota, /usr/sbin/quota(check|on), /sbin/quota(check|on)
++
++.EX
++.PP
++.B quota_flag_t
++.EE
++
++- Set files with the quota_flag_t type, if you want to treat the files as quota flag data.
++
++
++.EX
++.PP
++.B quota_nld_exec_t
++.EE
++
++- Set files with the quota_nld_exec_t type, if you want to transition an executable to the quota_nld_t domain.
++
++
++.EX
++.PP
++.B quota_nld_var_run_t
++.EE
++
++- Set files with the quota_nld_var_run_t type, if you want to store the quota nld files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux quota policy is very flexible allowing users to setup their quota processes in as secure a method as possible.
++.PP
++The following process types are defined for quota:
++
++.EX
++.B quota_t, quota_nld_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type quota_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B quota_db_t
++
++ /a?quota\.(user|group)
++.br
++ /etc/a?quota\.(user|group)
++.br
++ /var/a?quota\.(user|group)
++.br
++ /boot/a?quota\.(user|group)
++.br
++ /var/spool/(.*/)?a?quota\.(user|group)
++.br
++ /var/lib/stickshift/a?quota\.(user|group)
++.br
++ /home/[^/]*/a?quota\.(user|group)
++.br
++ /home/a?quota\.(user|group)
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), quota(8), semanage(8), restorecon(8), chcon(1)
++, quota_nld_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rabbitmq_beam_selinux.8 b/man/man8/rabbitmq_beam_selinux.8
+new file mode 100644
+index 0000000..bc275f5
+--- /dev/null
++++ b/man/man8/rabbitmq_beam_selinux.8
+@@ -0,0 +1,89 @@
++.TH "rabbitmq_beam_selinux" "8" "rabbitmq_beam" "dwalsh at redhat.com" "rabbitmq_beam SELinux Policy documentation"
++.SH "NAME"
++rabbitmq_beam_selinux \- Security Enhanced Linux Policy for the rabbitmq_beam processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rabbitmq_beam processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rabbitmq_beam policy is very flexible allowing users to setup their rabbitmq_beam processes in as secure a method as possible.
++.PP
++The following file types are defined for rabbitmq_beam:
++
++
++.EX
++.PP
++.B rabbitmq_beam_exec_t
++.EE
++
++- Set files with the rabbitmq_beam_exec_t type, if you want to transition an executable to the rabbitmq_beam_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rabbitmq_beam policy is very flexible allowing users to setup their rabbitmq_beam processes in as secure a method as possible.
++.PP
++The following process types are defined for rabbitmq_beam:
++
++.EX
++.B rabbitmq_beam_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rabbitmq_beam_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rabbitmq_var_lib_t
++
++ /var/lib/rabbitmq(/.*)?
++.br
++
++.br
++.B rabbitmq_var_log_t
++
++ /var/log/rabbitmq(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rabbitmq_beam(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rabbitmq_epmd_selinux.8 b/man/man8/rabbitmq_epmd_selinux.8
+new file mode 100644
+index 0000000..074cd3b
+--- /dev/null
++++ b/man/man8/rabbitmq_epmd_selinux.8
+@@ -0,0 +1,83 @@
++.TH "rabbitmq_epmd_selinux" "8" "rabbitmq_epmd" "dwalsh at redhat.com" "rabbitmq_epmd SELinux Policy documentation"
++.SH "NAME"
++rabbitmq_epmd_selinux \- Security Enhanced Linux Policy for the rabbitmq_epmd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rabbitmq_epmd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rabbitmq_epmd policy is very flexible allowing users to setup their rabbitmq_epmd processes in as secure a method as possible.
++.PP
++The following file types are defined for rabbitmq_epmd:
++
++
++.EX
++.PP
++.B rabbitmq_epmd_exec_t
++.EE
++
++- Set files with the rabbitmq_epmd_exec_t type, if you want to transition an executable to the rabbitmq_epmd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rabbitmq_epmd policy is very flexible allowing users to setup their rabbitmq_epmd processes in as secure a method as possible.
++.PP
++The following process types are defined for rabbitmq_epmd:
++
++.EX
++.B rabbitmq_epmd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rabbitmq_epmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rabbitmq_var_log_t
++
++ /var/log/rabbitmq(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rabbitmq_epmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/racoon_selinux.8 b/man/man8/racoon_selinux.8
+new file mode 100644
+index 0000000..1dbeb60
+--- /dev/null
++++ b/man/man8/racoon_selinux.8
+@@ -0,0 +1,188 @@
++.TH "racoon_selinux" "8" "racoon" "dwalsh at redhat.com" "racoon SELinux Policy documentation"
++.SH "NAME"
++racoon_selinux \- Security Enhanced Linux Policy for the racoon processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the racoon processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. racoon policy is extremely flexible and has several booleans that allow you to manipulate the policy and run racoon with the tightest access possible.
++
++
++.PP
++If you want to allow racoon to read shadow, you must turn on the racoon_read_shadow boolean.
++
++.EX
++.B setsebool -P racoon_read_shadow 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the racoon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the racoon_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux racoon policy is very flexible allowing users to setup their racoon processes in as secure a method as possible.
++.PP
++The following file types are defined for racoon:
++
++
++.EX
++.PP
++.B racoon_exec_t
++.EE
++
++- Set files with the racoon_exec_t type, if you want to transition an executable to the racoon_t domain.
++
++
++.EX
++.PP
++.B racoon_tmp_t
++.EE
++
++- Set files with the racoon_tmp_t type, if you want to store racoon temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux racoon policy is very flexible allowing users to setup their racoon processes in as secure a method as possible.
++.PP
++The following process types are defined for racoon:
++
++.EX
++.B racoon_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type racoon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B ipsec_var_run_t
++
++ /var/racoon(/.*)?
++.br
++ /var/run/pluto(/.*)?
++.br
++ /var/run/racoon\.pid
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B racoon_tmp_t
++
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), racoon(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/radiusd_selinux.8 b/man/man8/radiusd_selinux.8
+new file mode 100644
+index 0000000..dea44ff
+--- /dev/null
++++ b/man/man8/radiusd_selinux.8
+@@ -0,0 +1,256 @@
++.TH "radiusd_selinux" "8" "radiusd" "dwalsh at redhat.com" "radiusd SELinux Policy documentation"
++.SH "NAME"
++radiusd_selinux \- Security Enhanced Linux Policy for the radiusd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the radiusd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. radiusd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run radiusd with the tightest access possible.
++
++
++.PP
++If you want to allow users to login using a radius server, you must turn on the authlogin_radius boolean.
++
++.EX
++.B setsebool -P authlogin_radius 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the radiusd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the radiusd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
++.PP
++The following file types are defined for radiusd:
++
++
++.EX
++.PP
++.B radiusd_etc_rw_t
++.EE
++
++- Set files with the radiusd_etc_rw_t type, if you want to treat the files as radiusd etc read/write content.
++
++
++.EX
++.PP
++.B radiusd_etc_t
++.EE
++
++- Set files with the radiusd_etc_t type, if you want to store radiusd files in the /etc directories.
++
++
++.EX
++.PP
++.B radiusd_exec_t
++.EE
++
++- Set files with the radiusd_exec_t type, if you want to transition an executable to the radiusd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/freeradius, /etc/cron\.(daily|monthly)/radiusd, /usr/sbin/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius
++
++.EX
++.PP
++.B radiusd_initrc_exec_t
++.EE
++
++- Set files with the radiusd_initrc_exec_t type, if you want to transition an executable to the radiusd_initrc_t domain.
++
++
++.EX
++.PP
++.B radiusd_log_t
++.EE
++
++- Set files with the radiusd_log_t type, if you want to treat the data as radiusd log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/radacct(/.*)?, /var/log/radiusd-freeradius(/.*)?, /var/log/radius\.log.*, /var/log/radutmp, /var/log/radwtmp.*, /var/log/radius(/.*)?, /var/log/freeradius(/.*)?
++
++.EX
++.PP
++.B radiusd_var_lib_t
++.EE
++
++- Set files with the radiusd_var_lib_t type, if you want to store the radiusd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B radiusd_var_run_t
++.EE
++
++- Set files with the radiusd_var_run_t type, if you want to store the radiusd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/radiusd\.pid, /var/run/radiusd(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
++.PP
++The following port types are defined for radiusd:
++
++.EX
++.TP 5
++.B radius_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 1645,1812
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible.
++.PP
++The following process types are defined for radiusd:
++
++.EX
++.B radiusd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type radiusd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B radiusd_etc_rw_t
++
++ /etc/raddb/db\.daily
++.br
++
++.br
++.B radiusd_log_t
++
++ /var/log/radius(/.*)?
++.br
++ /var/log/radwtmp.*
++.br
++ /var/log/radacct(/.*)?
++.br
++ /var/log/radius\.log.*
++.br
++ /var/log/freeradius(/.*)?
++.br
++ /var/log/radiusd-freeradius(/.*)?
++.br
++ /var/log/radutmp
++.br
++
++.br
++.B radiusd_var_lib_t
++
++ /var/lib/radiousd(/.*)?
++.br
++
++.br
++.B radiusd_var_run_t
++
++ /var/run/radiusd(/.*)?
++.br
++ /var/run/radiusd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), radiusd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/radvd_selinux.8 b/man/man8/radvd_selinux.8
+new file mode 100644
+index 0000000..9e7f1cb
+--- /dev/null
++++ b/man/man8/radvd_selinux.8
+@@ -0,0 +1,127 @@
++.TH "radvd_selinux" "8" "radvd" "dwalsh at redhat.com" "radvd SELinux Policy documentation"
++.SH "NAME"
++radvd_selinux \- Security Enhanced Linux Policy for the radvd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the radvd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the radvd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the radvd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux radvd policy is very flexible allowing users to setup their radvd processes in as secure a method as possible.
++.PP
++The following file types are defined for radvd:
++
++
++.EX
++.PP
++.B radvd_etc_t
++.EE
++
++- Set files with the radvd_etc_t type, if you want to store radvd files in the /etc directories.
++
++
++.EX
++.PP
++.B radvd_exec_t
++.EE
++
++- Set files with the radvd_exec_t type, if you want to transition an executable to the radvd_t domain.
++
++
++.EX
++.PP
++.B radvd_initrc_exec_t
++.EE
++
++- Set files with the radvd_initrc_exec_t type, if you want to transition an executable to the radvd_initrc_t domain.
++
++
++.EX
++.PP
++.B radvd_var_run_t
++.EE
++
++- Set files with the radvd_var_run_t type, if you want to store the radvd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/radvd(/.*)?, /var/run/radvd\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux radvd policy is very flexible allowing users to setup their radvd processes in as secure a method as possible.
++.PP
++The following process types are defined for radvd:
++
++.EX
++.B radvd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type radvd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B radvd_var_run_t
++
++ /var/run/radvd(/.*)?
++.br
++ /var/run/radvd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rdisc_selinux.8 b/man/man8/rdisc_selinux.8
+new file mode 100644
+index 0000000..30a2642
+--- /dev/null
++++ b/man/man8/rdisc_selinux.8
+@@ -0,0 +1,81 @@
++.TH "rdisc_selinux" "8" "rdisc" "dwalsh at redhat.com" "rdisc SELinux Policy documentation"
++.SH "NAME"
++rdisc_selinux \- Security Enhanced Linux Policy for the rdisc processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rdisc processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rdisc policy is very flexible allowing users to setup their rdisc processes in as secure a method as possible.
++.PP
++The following file types are defined for rdisc:
++
++
++.EX
++.PP
++.B rdisc_exec_t
++.EE
++
++- Set files with the rdisc_exec_t type, if you want to transition an executable to the rdisc_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/rdisc, /usr/sbin/rdisc
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rdisc policy is very flexible allowing users to setup their rdisc processes in as secure a method as possible.
++.PP
++The following process types are defined for rdisc:
++
++.EX
++.B rdisc_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rdisc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/readahead_selinux.8 b/man/man8/readahead_selinux.8
+new file mode 100644
+index 0000000..68f76cf
+--- /dev/null
++++ b/man/man8/readahead_selinux.8
+@@ -0,0 +1,169 @@
++.TH "readahead_selinux" "8" "readahead" "dwalsh at redhat.com" "readahead SELinux Policy documentation"
++.SH "NAME"
++readahead_selinux \- Security Enhanced Linux Policy for the readahead processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the readahead processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux readahead policy is very flexible allowing users to setup their readahead processes in as secure a method as possible.
++.PP
++The following file types are defined for readahead:
++
++
++.EX
++.PP
++.B readahead_exec_t
++.EE
++
++- Set files with the readahead_exec_t type, if you want to transition an executable to the readahead_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*, /usr/sbin/readahead.*
++
++.EX
++.PP
++.B readahead_var_lib_t
++.EE
++
++- Set files with the readahead_var_lib_t type, if you want to store the readahead files under the /var/lib directory.
++
++
++.EX
++.PP
++.B readahead_var_run_t
++.EE
++
++- Set files with the readahead_var_run_t type, if you want to store the readahead files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/systemd/readahead(/.*)?, /dev/\.systemd/readahead(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux readahead policy is very flexible allowing users to setup their readahead processes in as secure a method as possible.
++.PP
++The following process types are defined for readahead:
++
++.EX
++.B readahead_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type readahead_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B readahead_var_lib_t
++
++ /var/lib/readahead(/.*)?
++.br
++
++.br
++.B readahead_var_run_t
++
++ /dev/\.systemd/readahead(/.*)?
++.br
++ /var/run/systemd/readahead(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/realmd_selinux.8 b/man/man8/realmd_selinux.8
+new file mode 100644
+index 0000000..4207aff
+--- /dev/null
++++ b/man/man8/realmd_selinux.8
+@@ -0,0 +1,83 @@
++.TH "realmd_selinux" "8" "realmd" "dwalsh at redhat.com" "realmd SELinux Policy documentation"
++.SH "NAME"
++realmd_selinux \- Security Enhanced Linux Policy for the realmd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the realmd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux realmd policy is very flexible allowing users to setup their realmd processes in as secure a method as possible.
++.PP
++The following file types are defined for realmd:
++
++
++.EX
++.PP
++.B realmd_exec_t
++.EE
++
++- Set files with the realmd_exec_t type, if you want to transition an executable to the realmd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux realmd policy is very flexible allowing users to setup their realmd processes in as secure a method as possible.
++.PP
++The following process types are defined for realmd:
++
++.EX
++.B realmd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type realmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sssd_conf_t
++
++ /etc/sssd(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), realmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/regex_milter_selinux.8 b/man/man8/regex_milter_selinux.8
+new file mode 100644
+index 0000000..7788cdc
+--- /dev/null
++++ b/man/man8/regex_milter_selinux.8
+@@ -0,0 +1,105 @@
++.TH "regex_milter_selinux" "8" "regex_milter" "dwalsh at redhat.com" "regex_milter SELinux Policy documentation"
++.SH "NAME"
++regex_milter_selinux \- Security Enhanced Linux Policy for the regex_milter processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the regex_milter processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the regex_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the regex_milter_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux regex_milter policy is very flexible allowing users to setup their regex_milter processes in as secure a method as possible.
++.PP
++The following file types are defined for regex_milter:
++
++
++.EX
++.PP
++.B regex_milter_data_t
++.EE
++
++- Set files with the regex_milter_data_t type, if you want to treat the files as regex milter content.
++
++
++.EX
++.PP
++.B regex_milter_exec_t
++.EE
++
++- Set files with the regex_milter_exec_t type, if you want to transition an executable to the regex_milter_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux regex_milter policy is very flexible allowing users to setup their regex_milter processes in as secure a method as possible.
++.PP
++The following process types are defined for regex_milter:
++
++.EX
++.B regex_milter_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type regex_milter_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B regex_milter_data_t
++
++ /var/spool/milter-regex(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), regex_milter(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/restorecond_selinux.8 b/man/man8/restorecond_selinux.8
+new file mode 100644
+index 0000000..f5b8812
+--- /dev/null
++++ b/man/man8/restorecond_selinux.8
+@@ -0,0 +1,111 @@
++.TH "restorecond_selinux" "8" "restorecond" "dwalsh at redhat.com" "restorecond SELinux Policy documentation"
++.SH "NAME"
++restorecond_selinux \- Security Enhanced Linux Policy for the restorecond processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the restorecond processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the restorecond_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the restorecond_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux restorecond policy is very flexible allowing users to setup their restorecond processes in as secure a method as possible.
++.PP
++The following file types are defined for restorecond:
++
++
++.EX
++.PP
++.B restorecond_exec_t
++.EE
++
++- Set files with the restorecond_exec_t type, if you want to transition an executable to the restorecond_t domain.
++
++
++.EX
++.PP
++.B restorecond_var_run_t
++.EE
++
++- Set files with the restorecond_var_run_t type, if you want to store the restorecond files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux restorecond policy is very flexible allowing users to setup their restorecond processes in as secure a method as possible.
++.PP
++The following process types are defined for restorecond:
++
++.EX
++.B restorecond_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type restorecond_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B restorecond_var_run_t
++
++ /var/run/restorecond\.pid
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rgmanager_selinux.8 b/man/man8/rgmanager_selinux.8
+new file mode 100644
+index 0000000..0e85cc9
+--- /dev/null
++++ b/man/man8/rgmanager_selinux.8
+@@ -0,0 +1,276 @@
++.TH "rgmanager_selinux" "8" "rgmanager" "dwalsh at redhat.com" "rgmanager SELinux Policy documentation"
++.SH "NAME"
++rgmanager_selinux \- Security Enhanced Linux Policy for the rgmanager processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rgmanager processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. rgmanager policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rgmanager with the tightest access possible.
++
++
++.PP
++If you want to allow rgmanager domain to connect to the network using TCP, you must turn on the rgmanager_can_network_connect boolean.
++
++.EX
++.B setsebool -P rgmanager_can_network_connect 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rgmanager_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rgmanager_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rgmanager policy is very flexible allowing users to setup their rgmanager processes in as secure a method as possible.
++.PP
++The following file types are defined for rgmanager:
++
++
++.EX
++.PP
++.B rgmanager_exec_t
++.EE
++
++- Set files with the rgmanager_exec_t type, if you want to transition an executable to the rgmanager_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/cpglockd, /usr/sbin/rgmanager, /usr/lib(64)?/heartbeat/heartbeat
++
++.EX
++.PP
++.B rgmanager_initrc_exec_t
++.EE
++
++- Set files with the rgmanager_initrc_exec_t type, if you want to transition an executable to the rgmanager_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/rgmanager, /etc/rc\.d/init\.d/cpglockd, /etc/rc\.d/init\.d/heartbeat
++
++.EX
++.PP
++.B rgmanager_tmp_t
++.EE
++
++- Set files with the rgmanager_tmp_t type, if you want to store rgmanager temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rgmanager_tmpfs_t
++.EE
++
++- Set files with the rgmanager_tmpfs_t type, if you want to store rgmanager files on a tmpfs file system.
++
++
++.EX
++.PP
++.B rgmanager_var_lib_t
++.EE
++
++- Set files with the rgmanager_var_lib_t type, if you want to store the rgmanager files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/heartbeat(/.*)?, /usr/lib(64)?/heartbeat(/.*)?
++
++.EX
++.PP
++.B rgmanager_var_log_t
++.EE
++
++- Set files with the rgmanager_var_log_t type, if you want to treat the data as rgmanager var log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/cluster/cpglockd\.log.*, /var/log/cluster/rgmanager\.log.*
++
++.EX
++.PP
++.B rgmanager_var_run_t
++.EE
++
++- Set files with the rgmanager_var_run_t type, if you want to store the rgmanager files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/rgmanager\.pid, /var/run/cpglockd\.pid, /var/run/heartbeat(/.*)?, /var/run/cluster/rgmanager\.sk
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rgmanager policy is very flexible allowing users to setup their rgmanager processes in as secure a method as possible.
++.PP
++The following process types are defined for rgmanager:
++
++.EX
++.B rgmanager_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rgmanager_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_conf_t
++
++ /etc/cluster(/.*)?
++.br
++
++.br
++.B file_t
++
++
++.br
++.B mnt_t
++
++ /mnt(/[^/]*)
++.br
++ /mnt(/[^/]*)?
++.br
++ /rhev(/[^/]*)?
++.br
++ /media(/[^/]*)
++.br
++ /media(/[^/]*)?
++.br
++ /media/\.hal-.*
++.br
++ /var/run/media(/[^/]*)?
++.br
++ /net
++.br
++ /afs
++.br
++ /rhev
++.br
++ /misc
++.br
++
++.br
++.B rgmanager_tmp_t
++
++
++.br
++.B rgmanager_tmpfs_t
++
++
++.br
++.B rgmanager_var_lib_t
++
++ /usr/lib(64)?/heartbeat(/.*)?
++.br
++ /var/lib/heartbeat(/.*)?
++.br
++
++.br
++.B rgmanager_var_log_t
++
++ /var/log/cluster/cpglockd\.log.*
++.br
++ /var/log/cluster/rgmanager\.log.*
++.br
++
++.br
++.B rgmanager_var_run_t
++
++ /var/run/heartbeat(/.*)?
++.br
++ /var/run/cpglockd\.pid
++.br
++ /var/run/rgmanager\.pid
++.br
++ /var/run/cluster/rgmanager\.sk
++.br
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B var_lib_nfs_t
++
++ /var/lib/nfs(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rgmanager(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/rhev_agentd_selinux.8 b/man/man8/rhev_agentd_selinux.8
+new file mode 100644
+index 0000000..3939275
+--- /dev/null
++++ b/man/man8/rhev_agentd_selinux.8
+@@ -0,0 +1,143 @@
++.TH "rhev_agentd_selinux" "8" "rhev_agentd" "dwalsh at redhat.com" "rhev_agentd SELinux Policy documentation"
++.SH "NAME"
++rhev_agentd_selinux \- Security Enhanced Linux Policy for the rhev_agentd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rhev_agentd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rhev_agentd_t, rhev_agentd_consolehelper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rhev_agentd_t, rhev_agentd_consolehelper_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rhev_agentd policy is very flexible allowing users to setup their rhev_agentd processes in as secure a method as possible.
++.PP
++The following file types are defined for rhev_agentd:
++
++
++.EX
++.PP
++.B rhev_agentd_exec_t
++.EE
++
++- Set files with the rhev_agentd_exec_t type, if you want to transition an executable to the rhev_agentd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/share/rhev-agent/rhev-agentd\.py, /usr/share/ovirt-guest-agent
++
++.EX
++.PP
++.B rhev_agentd_log_t
++.EE
++
++- Set files with the rhev_agentd_log_t type, if you want to treat the data as rhev agentd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B rhev_agentd_tmp_t
++.EE
++
++- Set files with the rhev_agentd_tmp_t type, if you want to store rhev agentd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rhev_agentd_unit_file_t
++.EE
++
++- Set files with the rhev_agentd_unit_file_t type, if you want to treat the files as rhev agentd unit content.
++
++
++.EX
++.PP
++.B rhev_agentd_var_run_t
++.EE
++
++- Set files with the rhev_agentd_var_run_t type, if you want to store the rhev agentd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rhev_agentd policy is very flexible allowing users to setup their rhev_agentd processes in as secure a method as possible.
++.PP
++The following process types are defined for rhev_agentd:
++
++.EX
++.B rhev_agentd_t, rhev_agentd_consolehelper_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rhev_agentd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rhev_agentd_log_t
++
++ /var/log/rhev-agent(/.*)?
++.br
++
++.br
++.B rhev_agentd_tmp_t
++
++
++.br
++.B rhev_agentd_var_run_t
++
++ /var/run/rhev-agentd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rhev_agentd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rhgb_selinux.8 b/man/man8/rhgb_selinux.8
+new file mode 100644
+index 0000000..58118b7
+--- /dev/null
++++ b/man/man8/rhgb_selinux.8
+@@ -0,0 +1,93 @@
++.TH "rhgb_selinux" "8" "rhgb" "dwalsh at redhat.com" "rhgb SELinux Policy documentation"
++.SH "NAME"
++rhgb_selinux \- Security Enhanced Linux Policy for the rhgb processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rhgb processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rhgb policy is very flexible allowing users to setup their rhgb processes in as secure a method as possible.
++.PP
++The following file types are defined for rhgb:
++
++
++.EX
++.PP
++.B rhgb_exec_t
++.EE
++
++- Set files with the rhgb_exec_t type, if you want to transition an executable to the rhgb_t domain.
++
++
++.EX
++.PP
++.B rhgb_tmpfs_t
++.EE
++
++- Set files with the rhgb_tmpfs_t type, if you want to store rhgb files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rhgb policy is very flexible allowing users to setup their rhgb processes in as secure a method as possible.
++.PP
++The following process types are defined for rhgb:
++
++.EX
++.B rhgb_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rhgb_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ramfs_t
++
++
++.br
++.B rhgb_tmpfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rhsmcertd_selinux.8 b/man/man8/rhsmcertd_selinux.8
+new file mode 100644
+index 0000000..5294b7d
+--- /dev/null
++++ b/man/man8/rhsmcertd_selinux.8
+@@ -0,0 +1,151 @@
++.TH "rhsmcertd_selinux" "8" "rhsmcertd" "dwalsh at redhat.com" "rhsmcertd SELinux Policy documentation"
++.SH "NAME"
++rhsmcertd_selinux \- Security Enhanced Linux Policy for the rhsmcertd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rhsmcertd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rhsmcertd policy is very flexible allowing users to setup their rhsmcertd processes in as secure a method as possible.
++.PP
++The following file types are defined for rhsmcertd:
++
++
++.EX
++.PP
++.B rhsmcertd_exec_t
++.EE
++
++- Set files with the rhsmcertd_exec_t type, if you want to transition an executable to the rhsmcertd_t domain.
++
++
++.EX
++.PP
++.B rhsmcertd_initrc_exec_t
++.EE
++
++- Set files with the rhsmcertd_initrc_exec_t type, if you want to transition an executable to the rhsmcertd_initrc_t domain.
++
++
++.EX
++.PP
++.B rhsmcertd_lock_t
++.EE
++
++- Set files with the rhsmcertd_lock_t type, if you want to treat the files as rhsmcertd lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B rhsmcertd_log_t
++.EE
++
++- Set files with the rhsmcertd_log_t type, if you want to treat the data as rhsmcertd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B rhsmcertd_var_lib_t
++.EE
++
++- Set files with the rhsmcertd_var_lib_t type, if you want to store the rhsmcertd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B rhsmcertd_var_run_t
++.EE
++
++- Set files with the rhsmcertd_var_run_t type, if you want to store the rhsmcertd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rhsmcertd policy is very flexible allowing users to setup their rhsmcertd processes in as secure a method as possible.
++.PP
++The following process types are defined for rhsmcertd:
++
++.EX
++.B rhsmcertd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rhsmcertd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rhsmcertd_lock_t
++
++ /var/lock/subsys/rhsmcertd
++.br
++
++.br
++.B rhsmcertd_log_t
++
++ /var/log/rhsm(/.*)?
++.br
++
++.br
++.B rhsmcertd_var_lib_t
++
++ /var/lib/rhsm(/.*)?
++.br
++
++.br
++.B rhsmcertd_var_run_t
++
++ /var/run/rhsm(/.*)?
++.br
++
++.br
++.B var_lock_t
++
++ /var/lock(/.*)?
++.br
++ /run/lock(/.*)?
++.br
++ /var/lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ricci_modcluster_selinux.8 b/man/man8/ricci_modcluster_selinux.8
+new file mode 100644
+index 0000000..ba25c3c
+--- /dev/null
++++ b/man/man8/ricci_modcluster_selinux.8
+@@ -0,0 +1,178 @@
++.TH "ricci_modcluster_selinux" "8" "ricci_modcluster" "dwalsh at redhat.com" "ricci_modcluster SELinux Policy documentation"
++.SH "NAME"
++ricci_modcluster_selinux \- Security Enhanced Linux Policy for the ricci_modcluster processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modcluster processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modcluster_t, ricci_modclusterd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ricci_modcluster_t, ricci_modclusterd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modcluster policy is very flexible allowing users to setup their ricci_modcluster processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modcluster:
++
++
++.EX
++.PP
++.B ricci_modcluster_exec_t
++.EE
++
++- Set files with the ricci_modcluster_exec_t type, if you want to transition an executable to the ricci_modcluster_t domain.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_lib_t
++.EE
++
++- Set files with the ricci_modcluster_var_lib_t type, if you want to store the ricci modcluster files under the /var/lib directory.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_log_t
++.EE
++
++- Set files with the ricci_modcluster_var_log_t type, if you want to treat the data as ricci modcluster var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_run_t
++.EE
++
++- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/modclusterd\.pid, /var/run/clumond\.sock
++
++.EX
++.PP
++.B ricci_modclusterd_exec_t
++.EE
++
++- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain.
++
++
++.EX
++.PP
++.B ricci_modclusterd_tmpfs_t
++.EE
++
++- Set files with the ricci_modclusterd_tmpfs_t type, if you want to store ricci modclusterd files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ricci_modcluster policy is very flexible allowing users to setup their ricci_modcluster processes in as secure a method as possible.
++.PP
++The following port types are defined for ricci_modcluster:
++
++.EX
++.TP 5
++.B ricci_modcluster_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 16851
++.EE
++udp 16851
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modcluster policy is very flexible allowing users to setup their ricci_modcluster processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modcluster:
++
++.EX
++.B ricci_modclusterd_t, ricci_modcluster_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modcluster_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cluster_conf_t
++
++ /etc/cluster(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modcluster(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8), ricci_modclusterd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_modclusterd_selinux.8 b/man/man8/ricci_modclusterd_selinux.8
+new file mode 100644
+index 0000000..f9c2091
+--- /dev/null
++++ b/man/man8/ricci_modclusterd_selinux.8
+@@ -0,0 +1,146 @@
++.TH "ricci_modclusterd_selinux" "8" "ricci_modclusterd" "dwalsh at redhat.com" "ricci_modclusterd SELinux Policy documentation"
++.SH "NAME"
++ricci_modclusterd_selinux \- Security Enhanced Linux Policy for the ricci_modclusterd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modclusterd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modcluster_t, ricci_modclusterd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ricci_modcluster_t, ricci_modclusterd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modclusterd policy is very flexible allowing users to setup their ricci_modclusterd processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modclusterd:
++
++
++.EX
++.PP
++.B ricci_modclusterd_exec_t
++.EE
++
++- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain.
++
++
++.EX
++.PP
++.B ricci_modclusterd_tmpfs_t
++.EE
++
++- Set files with the ricci_modclusterd_tmpfs_t type, if you want to store ricci modclusterd files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ricci_modclusterd policy is very flexible allowing users to setup their ricci_modclusterd processes in as secure a method as possible.
++.PP
++The following port types are defined for ricci_modclusterd:
++
++.EX
++.TP 5
++.B ricci_modcluster_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 16851
++.EE
++udp 16851
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modclusterd policy is very flexible allowing users to setup their ricci_modclusterd processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modclusterd:
++
++.EX
++.B ricci_modclusterd_t, ricci_modcluster_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modclusterd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ricci_modcluster_var_log_t
++
++ /var/log/clumond\.log.*
++.br
++
++.br
++.B ricci_modcluster_var_run_t
++
++ /var/run/clumond\.sock
++.br
++ /var/run/modclusterd\.pid
++.br
++
++.br
++.B ricci_modclusterd_tmpfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modclusterd(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modcluster_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_modlog_selinux.8 b/man/man8/ricci_modlog_selinux.8
+new file mode 100644
+index 0000000..4491fd0
+--- /dev/null
++++ b/man/man8/ricci_modlog_selinux.8
+@@ -0,0 +1,78 @@
++.TH "ricci_modlog_selinux" "8" "ricci_modlog" "dwalsh at redhat.com" "ricci_modlog SELinux Policy documentation"
++.SH "NAME"
++ricci_modlog_selinux \- Security Enhanced Linux Policy for the ricci_modlog processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modlog processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modlog policy is very flexible allowing users to setup their ricci_modlog processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modlog:
++
++
++.EX
++.PP
++.B ricci_modlog_exec_t
++.EE
++
++- Set files with the ricci_modlog_exec_t type, if you want to transition an executable to the ricci_modlog_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modlog policy is very flexible allowing users to setup their ricci_modlog processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modlog:
++
++.EX
++.B ricci_modlog_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modlog_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modlog(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_modrpm_selinux.8 b/man/man8/ricci_modrpm_selinux.8
+new file mode 100644
+index 0000000..bea6294
+--- /dev/null
++++ b/man/man8/ricci_modrpm_selinux.8
+@@ -0,0 +1,78 @@
++.TH "ricci_modrpm_selinux" "8" "ricci_modrpm" "dwalsh at redhat.com" "ricci_modrpm SELinux Policy documentation"
++.SH "NAME"
++ricci_modrpm_selinux \- Security Enhanced Linux Policy for the ricci_modrpm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modrpm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modrpm policy is very flexible allowing users to setup their ricci_modrpm processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modrpm:
++
++
++.EX
++.PP
++.B ricci_modrpm_exec_t
++.EE
++
++- Set files with the ricci_modrpm_exec_t type, if you want to transition an executable to the ricci_modrpm_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modrpm policy is very flexible allowing users to setup their ricci_modrpm processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modrpm:
++
++.EX
++.B ricci_modrpm_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modrpm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modrpm(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_modservice_selinux.8 b/man/man8/ricci_modservice_selinux.8
+new file mode 100644
+index 0000000..22e0986
+--- /dev/null
++++ b/man/man8/ricci_modservice_selinux.8
+@@ -0,0 +1,78 @@
++.TH "ricci_modservice_selinux" "8" "ricci_modservice" "dwalsh at redhat.com" "ricci_modservice SELinux Policy documentation"
++.SH "NAME"
++ricci_modservice_selinux \- Security Enhanced Linux Policy for the ricci_modservice processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modservice processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modservice policy is very flexible allowing users to setup their ricci_modservice processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modservice:
++
++
++.EX
++.PP
++.B ricci_modservice_exec_t
++.EE
++
++- Set files with the ricci_modservice_exec_t type, if you want to transition an executable to the ricci_modservice_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modservice policy is very flexible allowing users to setup their ricci_modservice processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modservice:
++
++.EX
++.B ricci_modservice_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modservice_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modservice(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_modstorage_selinux.8 b/man/man8/ricci_modstorage_selinux.8
+new file mode 100644
+index 0000000..3ab7e18
+--- /dev/null
++++ b/man/man8/ricci_modstorage_selinux.8
+@@ -0,0 +1,140 @@
++.TH "ricci_modstorage_selinux" "8" "ricci_modstorage" "dwalsh at redhat.com" "ricci_modstorage SELinux Policy documentation"
++.SH "NAME"
++ricci_modstorage_selinux \- Security Enhanced Linux Policy for the ricci_modstorage processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci_modstorage processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modstorage_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ricci_modstorage_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci_modstorage policy is very flexible allowing users to setup their ricci_modstorage processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci_modstorage:
++
++
++.EX
++.PP
++.B ricci_modstorage_exec_t
++.EE
++
++- Set files with the ricci_modstorage_exec_t type, if you want to transition an executable to the ricci_modstorage_t domain.
++
++
++.EX
++.PP
++.B ricci_modstorage_lock_t
++.EE
++
++- Set files with the ricci_modstorage_lock_t type, if you want to treat the files as ricci modstorage lock data, stored under the /var/lock directory
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci_modstorage policy is very flexible allowing users to setup their ricci_modstorage processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci_modstorage:
++
++.EX
++.B ricci_modstorage_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_modstorage_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B default_t
++
++ /.*
++.br
++
++.br
++.B etc_t
++
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
++
++.br
++.B lvm_etc_t
++
++ /etc/lvm(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci_modstorage(8), semanage(8), restorecon(8), chcon(1)
++, ricci_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ricci_selinux.8 b/man/man8/ricci_selinux.8
+new file mode 100644
+index 0000000..c50b549
+--- /dev/null
++++ b/man/man8/ricci_selinux.8
+@@ -0,0 +1,385 @@
++.TH "ricci_selinux" "8" "ricci" "dwalsh at redhat.com" "ricci SELinux Policy documentation"
++.SH "NAME"
++ricci_selinux \- Security Enhanced Linux Policy for the ricci processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ricci processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
++.PP
++The following file types are defined for ricci:
++
++
++.EX
++.PP
++.B ricci_exec_t
++.EE
++
++- Set files with the ricci_exec_t type, if you want to transition an executable to the ricci_t domain.
++
++
++.EX
++.PP
++.B ricci_initrc_exec_t
++.EE
++
++- Set files with the ricci_initrc_exec_t type, if you want to transition an executable to the ricci_initrc_t domain.
++
++
++.EX
++.PP
++.B ricci_modcluster_exec_t
++.EE
++
++- Set files with the ricci_modcluster_exec_t type, if you want to transition an executable to the ricci_modcluster_t domain.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_lib_t
++.EE
++
++- Set files with the ricci_modcluster_var_lib_t type, if you want to store the ricci modcluster files under the /var/lib directory.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_log_t
++.EE
++
++- Set files with the ricci_modcluster_var_log_t type, if you want to treat the data as ricci modcluster var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B ricci_modcluster_var_run_t
++.EE
++
++- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/modclusterd\.pid, /var/run/clumond\.sock
++
++.EX
++.PP
++.B ricci_modclusterd_exec_t
++.EE
++
++- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain.
++
++
++.EX
++.PP
++.B ricci_modclusterd_tmpfs_t
++.EE
++
++- Set files with the ricci_modclusterd_tmpfs_t type, if you want to store ricci modclusterd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B ricci_modlog_exec_t
++.EE
++
++- Set files with the ricci_modlog_exec_t type, if you want to transition an executable to the ricci_modlog_t domain.
++
++
++.EX
++.PP
++.B ricci_modrpm_exec_t
++.EE
++
++- Set files with the ricci_modrpm_exec_t type, if you want to transition an executable to the ricci_modrpm_t domain.
++
++
++.EX
++.PP
++.B ricci_modservice_exec_t
++.EE
++
++- Set files with the ricci_modservice_exec_t type, if you want to transition an executable to the ricci_modservice_t domain.
++
++
++.EX
++.PP
++.B ricci_modstorage_exec_t
++.EE
++
++- Set files with the ricci_modstorage_exec_t type, if you want to transition an executable to the ricci_modstorage_t domain.
++
++
++.EX
++.PP
++.B ricci_modstorage_lock_t
++.EE
++
++- Set files with the ricci_modstorage_lock_t type, if you want to treat the files as ricci modstorage lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B ricci_tmp_t
++.EE
++
++- Set files with the ricci_tmp_t type, if you want to store ricci temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B ricci_var_lib_t
++.EE
++
++- Set files with the ricci_var_lib_t type, if you want to store the ricci files under the /var/lib directory.
++
++
++.EX
++.PP
++.B ricci_var_log_t
++.EE
++
++- Set files with the ricci_var_log_t type, if you want to treat the data as ricci var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B ricci_var_run_t
++.EE
++
++- Set files with the ricci_var_run_t type, if you want to store the ricci files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
++.PP
++The following port types are defined for ricci:
++
++.EX
++.TP 5
++.B ricci_modcluster_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 16851
++.EE
++udp 16851
++.EE
++
++.EX
++.TP 5
++.B ricci_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 11111
++.EE
++udp 11111
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
++.PP
++The following process types are defined for ricci:
++
++.EX
++.B ricci_t, ricci_modservice_t, ricci_modstorage_t, ricci_modclusterd_t, ricci_modlog_t, ricci_modrpm_t, ricci_modcluster_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ricci_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B ricci_tmp_t
++
++
++.br
++.B ricci_var_lib_t
++
++ /var/lib/ricci(/.*)?
++.br
++
++.br
++.B ricci_var_log_t
++
++
++.br
++.B ricci_var_run_t
++
++ /var/run/ricci\.pid
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1)
++, ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rlogind_selinux.8 b/man/man8/rlogind_selinux.8
+new file mode 100644
+index 0000000..36ad2fc
+--- /dev/null
++++ b/man/man8/rlogind_selinux.8
+@@ -0,0 +1,307 @@
++.TH "rlogind_selinux" "8" "rlogind" "dwalsh at redhat.com" "rlogind SELinux Policy documentation"
++.SH "NAME"
++rlogind_selinux \- Security Enhanced Linux Policy for the rlogind processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rlogind processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rlogind_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rlogind_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++.PP
++The following file types are defined for rlogind:
++
++
++.EX
++.PP
++.B rlogind_exec_t
++.EE
++
++- Set files with the rlogind_exec_t type, if you want to transition an executable to the rlogind_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/telnetlogin, /usr/kerberos/sbin/klogind, /usr/sbin/in\.rlogind
++
++.EX
++.PP
++.B rlogind_home_t
++.EE
++
++- Set files with the rlogind_home_t type, if you want to store rlogind files in the users home directory.
++
++.br
++.TP 5
++Paths:
++/root/\.rlogin, /root/\.rhosts
++
++.EX
++.PP
++.B rlogind_keytab_t
++.EE
++
++- Set files with the rlogind_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B rlogind_tmp_t
++.EE
++
++- Set files with the rlogind_tmp_t type, if you want to store rlogind temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rlogind_var_run_t
++.EE
++
++- Set files with the rlogind_var_run_t type, if you want to store the rlogind files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++.PP
++The following port types are defined for rlogind:
++
++.EX
++.TP 5
++.B rlogind_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 513
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible.
++.PP
++The following process types are defined for rlogind:
++
++.EX
++.B rlogind_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rlogind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B auth_home_t
++
++ /root/\.google_authenticator
++.br
++ /root/\.google_authenticator~
++.br
++ /home/[^/]*/\.google_authenticator
++.br
++ /home/[^/]*/\.google_authenticator~
++.br
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pam_var_run_t
++
++ /var/(db|lib|adm)/sudo(/.*)?
++.br
++ /var/run/sudo(/.*)?
++.br
++ /var/run/sepermit(/.*)?
++.br
++ /var/run/pam_mount(/.*)?
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B rlogind_tmp_t
++
++
++.br
++.B rlogind_var_run_t
++
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/roundup_selinux.8 b/man/man8/roundup_selinux.8
+new file mode 100644
+index 0000000..244f12e
+--- /dev/null
++++ b/man/man8/roundup_selinux.8
+@@ -0,0 +1,111 @@
++.TH "roundup_selinux" "8" "roundup" "dwalsh at redhat.com" "roundup SELinux Policy documentation"
++.SH "NAME"
++roundup_selinux \- Security Enhanced Linux Policy for the roundup processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the roundup processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux roundup policy is very flexible allowing users to setup their roundup processes in as secure a method as possible.
++.PP
++The following file types are defined for roundup:
++
++
++.EX
++.PP
++.B roundup_exec_t
++.EE
++
++- Set files with the roundup_exec_t type, if you want to transition an executable to the roundup_t domain.
++
++
++.EX
++.PP
++.B roundup_initrc_exec_t
++.EE
++
++- Set files with the roundup_initrc_exec_t type, if you want to transition an executable to the roundup_initrc_t domain.
++
++
++.EX
++.PP
++.B roundup_var_lib_t
++.EE
++
++- Set files with the roundup_var_lib_t type, if you want to store the roundup files under the /var/lib directory.
++
++
++.EX
++.PP
++.B roundup_var_run_t
++.EE
++
++- Set files with the roundup_var_run_t type, if you want to store the roundup files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux roundup policy is very flexible allowing users to setup their roundup processes in as secure a method as possible.
++.PP
++The following process types are defined for roundup:
++
++.EX
++.B roundup_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type roundup_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B roundup_var_lib_t
++
++ /var/lib/roundup(/.*)?
++.br
++
++.br
++.B roundup_var_run_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rpcbind_selinux.8 b/man/man8/rpcbind_selinux.8
+new file mode 100644
+index 0000000..93eab37
+--- /dev/null
++++ b/man/man8/rpcbind_selinux.8
+@@ -0,0 +1,131 @@
++.TH "rpcbind_selinux" "8" "rpcbind" "dwalsh at redhat.com" "rpcbind SELinux Policy documentation"
++.SH "NAME"
++rpcbind_selinux \- Security Enhanced Linux Policy for the rpcbind processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rpcbind processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rpcbind policy is very flexible allowing users to setup their rpcbind processes in as secure a method as possible.
++.PP
++The following file types are defined for rpcbind:
++
++
++.EX
++.PP
++.B rpcbind_exec_t
++.EE
++
++- Set files with the rpcbind_exec_t type, if you want to transition an executable to the rpcbind_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/rpcbind, /sbin/rpcbind
++
++.EX
++.PP
++.B rpcbind_initrc_exec_t
++.EE
++
++- Set files with the rpcbind_initrc_exec_t type, if you want to transition an executable to the rpcbind_initrc_t domain.
++
++
++.EX
++.PP
++.B rpcbind_var_lib_t
++.EE
++
++- Set files with the rpcbind_var_lib_t type, if you want to store the rpcbind files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/rpcbind(/.*)?, /var/cache/rpcbind(/.*)?
++
++.EX
++.PP
++.B rpcbind_var_run_t
++.EE
++
++- Set files with the rpcbind_var_run_t type, if you want to store the rpcbind files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/rpcbind\.sock, /var/run/rpcbind\.lock, /var/run/rpc.statd\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rpcbind policy is very flexible allowing users to setup their rpcbind processes in as secure a method as possible.
++.PP
++The following process types are defined for rpcbind:
++
++.EX
++.B rpcbind_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rpcbind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rpcbind_var_lib_t
++
++ /var/lib/rpcbind(/.*)?
++.br
++ /var/cache/rpcbind(/.*)?
++.br
++
++.br
++.B rpcbind_var_run_t
++
++ /var/run/rpc.statd\.pid
++.br
++ /var/run/rpcbind\.lock
++.br
++ /var/run/rpcbind\.sock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rpcd_selinux.8 b/man/man8/rpcd_selinux.8
+new file mode 100644
+index 0000000..eac3330
+--- /dev/null
++++ b/man/man8/rpcd_selinux.8
+@@ -0,0 +1,174 @@
++.TH "rpcd_selinux" "8" "rpcd" "dwalsh at redhat.com" "rpcd SELinux Policy documentation"
++.SH "NAME"
++rpcd_selinux \- Security Enhanced Linux Policy for the rpcd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rpcd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rpcd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rpcd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rpcd policy is very flexible allowing users to setup their rpcd processes in as secure a method as possible.
++.PP
++The following file types are defined for rpcd:
++
++
++.EX
++.PP
++.B rpcd_exec_t
++.EE
++
++- Set files with the rpcd_exec_t type, if you want to transition an executable to the rpcd_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/sm-notify, /usr/sbin/rpc\..*, /usr/sbin/rpc\.idmapd, /usr/sbin/sm-notify, /usr/sbin/rpc\.rquotad, /sbin/rpc\..*
++
++.EX
++.PP
++.B rpcd_initrc_exec_t
++.EE
++
++- Set files with the rpcd_initrc_exec_t type, if you want to transition an executable to the rpcd_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd
++
++.EX
++.PP
++.B rpcd_unit_file_t
++.EE
++
++- Set files with the rpcd_unit_file_t type, if you want to treat the files as rpcd unit content.
++
++
++.EX
++.PP
++.B rpcd_var_run_t
++.EE
++
++- Set files with the rpcd_var_run_t type, if you want to store the rpcd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/rpc\.statd(/.*)?, /var/run/rpc\.statd\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rpcd policy is very flexible allowing users to setup their rpcd processes in as secure a method as possible.
++.PP
++The following process types are defined for rpcd:
++
++.EX
++.B rpcd_t, rpcbind_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rpcd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B quota_db_t
++
++ /a?quota\.(user|group)
++.br
++ /etc/a?quota\.(user|group)
++.br
++ /var/a?quota\.(user|group)
++.br
++ /boot/a?quota\.(user|group)
++.br
++ /var/spool/(.*/)?a?quota\.(user|group)
++.br
++ /var/lib/stickshift/a?quota\.(user|group)
++.br
++ /home/[^/]*/a?quota\.(user|group)
++.br
++ /home/a?quota\.(user|group)
++.br
++
++.br
++.B rgmanager_tmp_t
++
++
++.br
++.B rpcd_var_run_t
++
++ /var/run/rpc\.statd(/.*)?
++.br
++ /var/run/rpc\.statd\.pid
++.br
++
++.br
++.B var_lib_nfs_t
++
++ /var/lib/nfs(/.*)?
++.br
++
++.br
++.B var_lib_t
++
++ /opt/(.*/)?var/lib(/.*)?
++.br
++ /var/lib(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1)
++, rpcbind_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rpm_script_selinux.8 b/man/man8/rpm_script_selinux.8
+new file mode 100644
+index 0000000..b3aa8e2
+--- /dev/null
++++ b/man/man8/rpm_script_selinux.8
+@@ -0,0 +1,114 @@
++.TH "rpm_script_selinux" "8" "rpm_script" "dwalsh at redhat.com" "rpm_script SELinux Policy documentation"
++.SH "NAME"
++rpm_script_selinux \- Security Enhanced Linux Policy for the rpm_script processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rpm_script processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rpm_script_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rpm_script_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rpm_script policy is very flexible allowing users to setup their rpm_script processes in as secure a method as possible.
++.PP
++The following file types are defined for rpm_script:
++
++
++.EX
++.PP
++.B rpm_script_exec_t
++.EE
++
++- Set files with the rpm_script_exec_t type, if you want to transition an executable to the rpm_script_t domain.
++
++
++.EX
++.PP
++.B rpm_script_tmp_t
++.EE
++
++- Set files with the rpm_script_tmp_t type, if you want to store rpm script temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rpm_script_tmpfs_t
++.EE
++
++- Set files with the rpm_script_tmpfs_t type, if you want to store rpm script files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rpm_script policy is very flexible allowing users to setup their rpm_script processes in as secure a method as possible.
++.PP
++The following process types are defined for rpm_script:
++
++.EX
++.B rpm_script_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rpm_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B file_type
++
++ all files on the system
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rpm_script(8), semanage(8), restorecon(8), chcon(1)
++, rpm_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rpm_selinux.8 b/man/man8/rpm_selinux.8
+new file mode 100644
+index 0000000..0a187e3
+--- /dev/null
++++ b/man/man8/rpm_selinux.8
+@@ -0,0 +1,194 @@
++.TH "rpm_selinux" "8" "rpm" "dwalsh at redhat.com" "rpm SELinux Policy documentation"
++.SH "NAME"
++rpm_selinux \- Security Enhanced Linux Policy for the rpm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rpm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rpm_script_t, rpm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rpm_script_t, rpm_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rpm policy is very flexible allowing users to setup their rpm processes in as secure a method as possible.
++.PP
++The following file types are defined for rpm:
++
++
++.EX
++.PP
++.B rpm_exec_t
++.EE
++
++- Set files with the rpm_exec_t type, if you want to transition an executable to the rpm_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/apt-get, /usr/sbin/bcfg2, /usr/sbin/rhn_check, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/synaptic, /usr/share/yumex/yumex-yum-backend, /usr/bin/apt-shell, /usr/sbin/yum-updatesd, /usr/sbin/pup, /usr/libexec/packagekitd, /usr/libexec/yumDBUSBackend.py, /usr/sbin/pirut, /usr/bin/package-cleanup, /bin/rpm, /usr/bin/yum, /usr/sbin/system-install-packages, /usr/bin/zif, /usr/bin/rpm, /usr/sbin/yum-complete-transaction, /usr/bin/smart, /usr/sbin/packagekitd, /usr/bin/fedora-rmdevelrpms, /usr/sbin/rhnreg_ks, /usr/share/yumex/yum_childtask\.py, /usr/sbin/up2date
++
++.EX
++.PP
++.B rpm_file_t
++.EE
++
++- Set files with the rpm_file_t type, if you want to treat the files as rpm content.
++
++
++.EX
++.PP
++.B rpm_log_t
++.EE
++
++- Set files with the rpm_log_t type, if you want to treat the data as rpm log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B rpm_script_exec_t
++.EE
++
++- Set files with the rpm_script_exec_t type, if you want to transition an executable to the rpm_script_t domain.
++
++
++.EX
++.PP
++.B rpm_script_tmp_t
++.EE
++
++- Set files with the rpm_script_tmp_t type, if you want to store rpm script temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rpm_script_tmpfs_t
++.EE
++
++- Set files with the rpm_script_tmpfs_t type, if you want to store rpm script files on a tmpfs file system.
++
++
++.EX
++.PP
++.B rpm_tmp_t
++.EE
++
++- Set files with the rpm_tmp_t type, if you want to store rpm temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rpm_tmpfs_t
++.EE
++
++- Set files with the rpm_tmpfs_t type, if you want to store rpm files on a tmpfs file system.
++
++
++.EX
++.PP
++.B rpm_var_cache_t
++.EE
++
++- Set files with the rpm_var_cache_t type, if you want to store the files under the /var/cache directory.
++
++.br
++.TP 5
++Paths:
++/var/cache/PackageKit(/.*)?, /var/cache/yum(/.*)?, /var/spool/up2date(/.*)?
++
++.EX
++.PP
++.B rpm_var_lib_t
++.EE
++
++- Set files with the rpm_var_lib_t type, if you want to store the rpm files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/yum(/.*)?, /var/lib/PackageKit(/.*)?, /var/lib/rpm(/.*)?, /var/lib/alternatives(/.*)?
++
++.EX
++.PP
++.B rpm_var_run_t
++.EE
++
++- Set files with the rpm_var_run_t type, if you want to store the rpm files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/PackageKit(/.*)?, /var/run/yum.*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rpm policy is very flexible allowing users to setup their rpm processes in as secure a method as possible.
++.PP
++The following process types are defined for rpm:
++
++.EX
++.B rpm_t, rpm_script_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rpm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B file_type
++
++ all files on the system
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1)
++, rpm_script_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rshd_selinux.8 b/man/man8/rshd_selinux.8
+new file mode 100644
+index 0000000..8977cf3
+--- /dev/null
++++ b/man/man8/rshd_selinux.8
+@@ -0,0 +1,277 @@
++.TH "rshd_selinux" "8" "rshd" "dwalsh at redhat.com" "rshd SELinux Policy documentation"
++.SH "NAME"
++rshd_selinux \- Security Enhanced Linux Policy for the rshd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rshd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rshd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rshd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
++.PP
++The following file types are defined for rshd:
++
++
++.EX
++.PP
++.B rshd_exec_t
++.EE
++
++- Set files with the rshd_exec_t type, if you want to transition an executable to the rshd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/in\.rshd, /usr/kerberos/sbin/kshd, /usr/sbin/in\.rexecd
++
++.EX
++.PP
++.B rshd_keytab_t
++.EE
++
++- Set files with the rshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
++.PP
++The following port types are defined for rshd:
++
++.EX
++.TP 5
++.B rsh_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 514
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible.
++.PP
++The following process types are defined for rshd:
++
++.EX
++.B rshd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rshd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B auth_home_t
++
++ /root/\.google_authenticator
++.br
++ /root/\.google_authenticator~
++.br
++ /home/[^/]*/\.google_authenticator
++.br
++ /home/[^/]*/\.google_authenticator~
++.br
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pam_var_run_t
++
++ /var/(db|lib|adm)/sudo(/.*)?
++.br
++ /var/run/sudo(/.*)?
++.br
++ /var/run/sepermit(/.*)?
++.br
++ /var/run/pam_mount(/.*)?
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rssh_chroot_helper_selinux.8 b/man/man8/rssh_chroot_helper_selinux.8
+new file mode 100644
+index 0000000..dc6b17f
+--- /dev/null
++++ b/man/man8/rssh_chroot_helper_selinux.8
+@@ -0,0 +1,92 @@
++.TH "rssh_chroot_helper_selinux" "8" "rssh_chroot_helper" "dwalsh at redhat.com" "rssh_chroot_helper SELinux Policy documentation"
++.SH "NAME"
++rssh_chroot_helper_selinux \- Security Enhanced Linux Policy for the rssh_chroot_helper processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rssh_chroot_helper processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rssh_chroot_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rssh_chroot_helper_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rssh_chroot_helper policy is very flexible allowing users to setup their rssh_chroot_helper processes in as secure a method as possible.
++.PP
++The following file types are defined for rssh_chroot_helper:
++
++
++.EX
++.PP
++.B rssh_chroot_helper_exec_t
++.EE
++
++- Set files with the rssh_chroot_helper_exec_t type, if you want to transition an executable to the rssh_chroot_helper_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rssh_chroot_helper policy is very flexible allowing users to setup their rssh_chroot_helper processes in as secure a method as possible.
++.PP
++The following process types are defined for rssh_chroot_helper:
++
++.EX
++.B rssh_chroot_helper_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rssh_chroot_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rssh_chroot_helper(8), semanage(8), restorecon(8), chcon(1)
++, rssh_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rssh_selinux.8 b/man/man8/rssh_selinux.8
+new file mode 100644
+index 0000000..e7179dd
+--- /dev/null
++++ b/man/man8/rssh_selinux.8
+@@ -0,0 +1,120 @@
++.TH "rssh_selinux" "8" "rssh" "dwalsh at redhat.com" "rssh SELinux Policy documentation"
++.SH "NAME"
++rssh_selinux \- Security Enhanced Linux Policy for the rssh processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rssh processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rssh_chroot_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rssh_chroot_helper_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rssh policy is very flexible allowing users to setup their rssh processes in as secure a method as possible.
++.PP
++The following file types are defined for rssh:
++
++
++.EX
++.PP
++.B rssh_chroot_helper_exec_t
++.EE
++
++- Set files with the rssh_chroot_helper_exec_t type, if you want to transition an executable to the rssh_chroot_helper_t domain.
++
++
++.EX
++.PP
++.B rssh_exec_t
++.EE
++
++- Set files with the rssh_exec_t type, if you want to transition an executable to the rssh_t domain.
++
++
++.EX
++.PP
++.B rssh_ro_t
++.EE
++
++- Set files with the rssh_ro_t type, if you want to treat the files as rssh read/only content.
++
++
++.EX
++.PP
++.B rssh_rw_t
++.EE
++
++- Set files with the rssh_rw_t type, if you want to treat the files as rssh read/write content.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rssh policy is very flexible allowing users to setup their rssh processes in as secure a method as possible.
++.PP
++The following process types are defined for rssh:
++
++.EX
++.B rssh_t, rssh_chroot_helper_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rssh_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rssh_rw_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1)
++, rssh_chroot_helper_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
+index ad9ccf5..bf48e69 100644
+--- a/man/man8/rsync_selinux.8
++++ b/man/man8/rsync_selinux.8
+@@ -1,52 +1,237 @@
+-.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
+-.de EX
+-.nf
+-.ft CW
+-..
+-.de EE
+-.ft R
+-.fi
+-..
++.TH "rsync_selinux" "8" "rsync" "dwalsh at redhat.com" "rsync SELinux Policy documentation"
+ .SH "NAME"
+-rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
++rsync_selinux \- Security Enhanced Linux Policy for the rsync processes
+ .SH "DESCRIPTION"
+
+-Security-Enhanced Linux secures the rsync server via flexible mandatory access
++Security-Enhanced Linux secures the rsync processes via flexible mandatory access
+ control.
+-.SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type.
+-Policy governs the access daemons have to these files.
+-If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
+-would need to label the directory with the chcon tool.
+-.TP
+-chcon -t public_content_t /var/rsync
+-.TP
+-.TP
+-To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. rsync policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rsync with the tightest access possible.
++
++
++.PP
++If you want to allow rsync to run as a client, you must turn on the rsync_client boolean.
++
++.EX
++.B setsebool -P rsync_client 1
++.EE
++
++.PP
++If you want to allow rsync to export any files/directories read only, you must turn on the rsync_export_all_ro boolean.
++
++.EX
++.B setsebool -P rsync_export_all_ro 1
++.EE
++
++.PP
++If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
++
++.EX
++.B setsebool -P rsync_use_nfs 1
++.EE
++
++.PP
++If you want to allow rsync servers to share cifs files systems, you must turn on the rsync_use_cifs boolean.
++
++.EX
++.B setsebool -P rsync_use_cifs 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rsync_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rsync_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+ .TP
++Allow rsync servers to read the /var/rsync directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
+ semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
++.br
++.B restorecon -F -R -v /var/rsync
++.pp
+ .TP
+-This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
+-.TP
+-/var/rsync(/.*)? system_u:object_r:publix_content_t:s0
+-.TP
+-Run the restorecon command to apply the changes:
+-.TP
+-restorecon -R -v /var/rsync/
++Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsyncd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/rsync/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/rsync/incoming
++
++
++.PP
++If you want to allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the rsync_anon_write boolean.
++
++.EX
++.B setsebool -P rsync_anon_write 1
+ .EE
+
+-.SH SHARING FILES
+-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
++.PP
++The following file types are defined for rsync:
++
+
+ .EX
+-setsebool -P allow_rsync_anon_write=1
++.PP
++.B rsync_data_t
+ .EE
+
+-.SH BOOLEANS
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
++- Set files with the rsync_data_t type, if you want to treat the files as rsync content.
++
++
++.EX
++.PP
++.B rsync_etc_t
++.EE
++
++- Set files with the rsync_etc_t type, if you want to store rsync files in the /etc directories.
++
++
++.EX
++.PP
++.B rsync_exec_t
++.EE
++
++- Set files with the rsync_exec_t type, if you want to transition an executable to the rsync_t domain.
++
++
++.EX
++.PP
++.B rsync_log_t
++.EE
++
++- Set files with the rsync_log_t type, if you want to treat the data as rsync log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B rsync_tmp_t
++.EE
++
++- Set files with the rsync_tmp_t type, if you want to store rsync temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B rsync_var_run_t
++.EE
++
++- Set files with the rsync_var_run_t type, if you want to store the rsync files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
++.PP
++The following port types are defined for rsync:
++
++.EX
++.TP 5
++.B rsync_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 873
++.EE
++udp 873
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible.
++.PP
++The following process types are defined for rsync:
++
++.EX
++.B rsync_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rsync_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rsync_log_t
++
++ /var/log/rsync\.log.*
++.br
++
++.br
++.B rsync_tmp_t
++
++
++.br
++.B rsync_var_run_t
++
++ /var/run/rsyncd\.lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
+ .SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++This manual page was auto-generated by genman.py.
+
+ .SH "SEE ALSO"
+-selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)
++selinux(8), rsync(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/rtkit_daemon_selinux.8 b/man/man8/rtkit_daemon_selinux.8
+new file mode 100644
+index 0000000..3901756
+--- /dev/null
++++ b/man/man8/rtkit_daemon_selinux.8
+@@ -0,0 +1,95 @@
++.TH "rtkit_daemon_selinux" "8" "rtkit_daemon" "dwalsh at redhat.com" "rtkit_daemon SELinux Policy documentation"
++.SH "NAME"
++rtkit_daemon_selinux \- Security Enhanced Linux Policy for the rtkit_daemon processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rtkit_daemon processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rtkit_daemon_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rtkit_daemon_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rtkit_daemon policy is very flexible allowing users to setup their rtkit_daemon processes in as secure a method as possible.
++.PP
++The following file types are defined for rtkit_daemon:
++
++
++.EX
++.PP
++.B rtkit_daemon_exec_t
++.EE
++
++- Set files with the rtkit_daemon_exec_t type, if you want to transition an executable to the rtkit_daemon_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rtkit_daemon policy is very flexible allowing users to setup their rtkit_daemon processes in as secure a method as possible.
++.PP
++The following process types are defined for rtkit_daemon:
++
++.EX
++.B rtkit_daemon_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rtkit_daemon_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rtkit_daemon(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/run_init_selinux.8 b/man/man8/run_init_selinux.8
+new file mode 100644
+index 0000000..ba67797
+--- /dev/null
++++ b/man/man8/run_init_selinux.8
+@@ -0,0 +1,135 @@
++.TH "run_init_selinux" "8" "run_init" "dwalsh at redhat.com" "run_init SELinux Policy documentation"
++.SH "NAME"
++run_init_selinux \- Security Enhanced Linux Policy for the run_init processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the run_init processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the run_init_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the run_init_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux run_init policy is very flexible allowing users to setup their run_init processes in as secure a method as possible.
++.PP
++The following file types are defined for run_init:
++
++
++.EX
++.PP
++.B run_init_exec_t
++.EE
++
++- Set files with the run_init_exec_t type, if you want to transition an executable to the run_init_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux run_init policy is very flexible allowing users to setup their run_init processes in as secure a method as possible.
++.PP
++The following process types are defined for run_init:
++
++.EX
++.B run_init_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type run_init_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), run_init(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/rwhod_selinux.8 b/man/man8/rwhod_selinux.8
+new file mode 100644
+index 0000000..fa1da4b
+--- /dev/null
++++ b/man/man8/rwhod_selinux.8
+@@ -0,0 +1,139 @@
++.TH "rwhod_selinux" "8" "rwhod" "dwalsh at redhat.com" "rwhod SELinux Policy documentation"
++.SH "NAME"
++rwhod_selinux \- Security Enhanced Linux Policy for the rwhod processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rwhod processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the rwhod_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the rwhod_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rwhod policy is very flexible allowing users to setup their rwhod processes in as secure a method as possible.
++.PP
++The following file types are defined for rwhod:
++
++
++.EX
++.PP
++.B rwhod_exec_t
++.EE
++
++- Set files with the rwhod_exec_t type, if you want to transition an executable to the rwhod_t domain.
++
++
++.EX
++.PP
++.B rwhod_spool_t
++.EE
++
++- Set files with the rwhod_spool_t type, if you want to store the rwhod files under the /var/spool directory.
++
++
++.EX
++.PP
++.B rwhod_unit_file_t
++.EE
++
++- Set files with the rwhod_unit_file_t type, if you want to treat the files as rwhod unit content.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux rwhod policy is very flexible allowing users to setup their rwhod processes in as secure a method as possible.
++.PP
++The following port types are defined for rwhod:
++
++.EX
++.TP 5
++.B rwho_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 513
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rwhod policy is very flexible allowing users to setup their rwhod processes in as secure a method as possible.
++.PP
++The following process types are defined for rwhod:
++
++.EX
++.B rwhod_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type rwhod_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B rwhod_spool_t
++
++ /var/spool/rwho(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), rwhod(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/samba_net_selinux.8 b/man/man8/samba_net_selinux.8
+new file mode 100644
+index 0000000..63b3384
+--- /dev/null
++++ b/man/man8/samba_net_selinux.8
+@@ -0,0 +1,141 @@
++.TH "samba_net_selinux" "8" "samba_net" "dwalsh at redhat.com" "samba_net SELinux Policy documentation"
++.SH "NAME"
++samba_net_selinux \- Security Enhanced Linux Policy for the samba_net processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the samba_net processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the samba_net_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the samba_net_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux samba_net policy is very flexible allowing users to setup their samba_net processes in as secure a method as possible.
++.PP
++The following file types are defined for samba_net:
++
++
++.EX
++.PP
++.B samba_net_exec_t
++.EE
++
++- Set files with the samba_net_exec_t type, if you want to transition an executable to the samba_net_t domain.
++
++
++.EX
++.PP
++.B samba_net_tmp_t
++.EE
++
++- Set files with the samba_net_tmp_t type, if you want to store samba net temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux samba_net policy is very flexible allowing users to setup their samba_net processes in as secure a method as possible.
++.PP
++The following process types are defined for samba_net:
++
++.EX
++.B samba_net_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type samba_net_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B krb5_keytab_t
++
++ /etc/krb5\.keytab
++.br
++ /etc/krb5kdc/kadm5\.keytab
++.br
++ /var/kerberos/krb5kdc/kadm5\.keytab
++.br
++
++.br
++.B samba_net_tmp_t
++
++
++.br
++.B samba_secrets_t
++
++ /etc/samba/smbpasswd
++.br
++ /etc/samba/passdb\.tdb
++.br
++ /etc/samba/MACHINE\.SID
++.br
++ /etc/samba/secrets\.tdb
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), samba_net(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
+deleted file mode 100644
+index ca702c7..0000000
+--- a/man/man8/samba_selinux.8
++++ /dev/null
+@@ -1,56 +0,0 @@
+-.TH "samba_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "Samba Selinux Policy documentation"
+-.SH "NAME"
+-samba_selinux \- Security Enhanced Linux Policy for Samba
+-.SH "DESCRIPTION"
+-
+-Security-Enhanced Linux secures the Samba server via flexible mandatory access
+-control.
+-.SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type.
+-Policy governs the access daemons have to these files.
+-If you want to share files other than home directories, those files must be
+-labeled samba_share_t. So if you created a special directory /var/eng, you
+-would need to label the directory with the chcon tool.
+-.TP
+-chcon -t samba_share_t /var/eng
+-.TP
+-To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
+-.TP
+-semanage fcontext -a -t samba_share_t "/var/eng(/.*)?"
+-.TP
+-This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
+-.TP
+-/var/eng(/.*)? system_u:object_r:samba_share_t:s0
+-.TP
+-Run the restorecon command to apply the changes:
+-.TP
+-restorecon -R -v /var/eng/
+-
+-.SH SHARING FILES
+-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute:
+-
+-setsebool -P allow_smbd_anon_write=1
+-
+-.SH BOOLEANS
+-.br
+-SELinux policy is customizable based on least access required. So by
+-default SELinux policy turns off SELinux sharing of home directories and
+-the use of Samba shares from a remote machine as a home directory.
+-.TP
+-If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean.
+-.br
+-
+-setsebool -P samba_enable_home_dirs 1
+-.TP
+-If you want to use a remote Samba server for the home directories on this machine, you must set the use_samba_home_dirs boolean.
+-.br
+-
+-setsebool -P use_samba_home_dirs 1
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+-
+-.SH "SEE ALSO"
+-selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)
+diff --git a/man/man8/samba_unconfined_script_selinux.8 b/man/man8/samba_unconfined_script_selinux.8
+new file mode 100644
+index 0000000..7006cb4
+--- /dev/null
++++ b/man/man8/samba_unconfined_script_selinux.8
+@@ -0,0 +1,77 @@
++.TH "samba_unconfined_script_selinux" "8" "samba_unconfined_script" "dwalsh at redhat.com" "samba_unconfined_script SELinux Policy documentation"
++.SH "NAME"
++samba_unconfined_script_selinux \- Security Enhanced Linux Policy for the samba_unconfined_script processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the samba_unconfined_script processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux samba_unconfined_script policy is very flexible allowing users to setup their samba_unconfined_script processes in as secure a method as possible.
++.PP
++The following file types are defined for samba_unconfined_script:
++
++
++.EX
++.PP
++.B samba_unconfined_script_exec_t
++.EE
++
++- Set files with the samba_unconfined_script_exec_t type, if you want to transition an executable to the samba_unconfined_script_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux samba_unconfined_script policy is very flexible allowing users to setup their samba_unconfined_script processes in as secure a method as possible.
++.PP
++The following process types are defined for samba_unconfined_script:
++
++.EX
++.B samba_unconfined_script_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type samba_unconfined_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), samba_unconfined_script(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sambagui_selinux.8 b/man/man8/sambagui_selinux.8
+new file mode 100644
+index 0000000..0620dd4
+--- /dev/null
++++ b/man/man8/sambagui_selinux.8
+@@ -0,0 +1,115 @@
++.TH "sambagui_selinux" "8" "sambagui" "dwalsh at redhat.com" "sambagui SELinux Policy documentation"
++.SH "NAME"
++sambagui_selinux \- Security Enhanced Linux Policy for the sambagui processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sambagui processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sambagui_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sambagui_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sambagui policy is very flexible allowing users to setup their sambagui processes in as secure a method as possible.
++.PP
++The following file types are defined for sambagui:
++
++
++.EX
++.PP
++.B sambagui_exec_t
++.EE
++
++- Set files with the sambagui_exec_t type, if you want to transition an executable to the sambagui_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sambagui policy is very flexible allowing users to setup their sambagui processes in as secure a method as possible.
++.PP
++The following process types are defined for sambagui:
++
++.EX
++.B sambagui_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sambagui_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sandbox_selinux.8 b/man/man8/sandbox_selinux.8
+new file mode 100644
+index 0000000..759c807
+--- /dev/null
++++ b/man/man8/sandbox_selinux.8
+@@ -0,0 +1,172 @@
++.TH "sandbox_selinux" "8" "sandbox" "dwalsh at redhat.com" "sandbox SELinux Policy documentation"
++.SH "NAME"
++sandbox_selinux \- Security Enhanced Linux Policy for the sandbox processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sandbox processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sandbox with the tightest access possible.
++
++
++.PP
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
++
++.EX
++.B setsebool -P unconfined_chrome_sandbox_transition 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
++.PP
++The following file types are defined for sandbox:
++
++
++.EX
++.PP
++.B sandbox_devpts_t
++.EE
++
++- Set files with the sandbox_devpts_t type, if you want to treat the files as sandbox devpts data.
++
++
++.EX
++.PP
++.B sandbox_exec_t
++.EE
++
++- Set files with the sandbox_exec_t type, if you want to transition an executable to the sandbox_t domain.
++
++
++.EX
++.PP
++.B sandbox_file_t
++.EE
++
++- Set files with the sandbox_file_t type, if you want to treat the files as sandbox content.
++
++
++.EX
++.PP
++.B sandbox_min_client_tmpfs_t
++.EE
++
++- Set files with the sandbox_min_client_tmpfs_t type, if you want to store sandbox min client files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sandbox_net_client_tmpfs_t
++.EE
++
++- Set files with the sandbox_net_client_tmpfs_t type, if you want to store sandbox net client files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sandbox_web_client_tmpfs_t
++.EE
++
++- Set files with the sandbox_web_client_tmpfs_t type, if you want to store sandbox web client files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sandbox_x_client_tmpfs_t
++.EE
++
++- Set files with the sandbox_x_client_tmpfs_t type, if you want to store sandbox x client files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sandbox_xserver_tmpfs_t
++.EE
++
++- Set files with the sandbox_xserver_tmpfs_t type, if you want to store sandbox xserver files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
++.PP
++The following process types are defined for sandbox:
++
++.EX
++.B sandbox_x_client_t, sandbox_net_client_t, sandbox_xserver_t, sandbox_x_t, sandbox_web_client_t, sandbox_min_t, sandbox_net_t, sandbox_web_t, sandbox_min_client_t, sandbox_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sandbox_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sandbox_file_t
++
++
++.br
++.B sandbox_tmpfs_type
++
++ all sandbox content in tmpfs file systems
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sandbox(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/sanlock_selinux.8 b/man/man8/sanlock_selinux.8
+new file mode 100644
+index 0000000..9f02fe9
+--- /dev/null
++++ b/man/man8/sanlock_selinux.8
+@@ -0,0 +1,164 @@
++.TH "sanlock_selinux" "8" "sanlock" "dwalsh at redhat.com" "sanlock SELinux Policy documentation"
++.SH "NAME"
++sanlock_selinux \- Security Enhanced Linux Policy for the sanlock processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sanlock processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sanlock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sanlock with the tightest access possible.
++
++
++.PP
++If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
++
++.EX
++.B setsebool -P virt_use_sanlock 1
++.EE
++
++.PP
++If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++
++.EX
++.B setsebool -P sanlock_use_nfs 1
++.EE
++
++.PP
++If you want to allow sanlock to manage cifs files, you must turn on the sanlock_use_samba boolean.
++
++.EX
++.B setsebool -P sanlock_use_samba 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sanlock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sanlock_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sanlock policy is very flexible allowing users to setup their sanlock processes in as secure a method as possible.
++.PP
++The following file types are defined for sanlock:
++
++
++.EX
++.PP
++.B sanlock_exec_t
++.EE
++
++- Set files with the sanlock_exec_t type, if you want to transition an executable to the sanlock_t domain.
++
++
++.EX
++.PP
++.B sanlock_initrc_exec_t
++.EE
++
++- Set files with the sanlock_initrc_exec_t type, if you want to transition an executable to the sanlock_initrc_t domain.
++
++
++.EX
++.PP
++.B sanlock_log_t
++.EE
++
++- Set files with the sanlock_log_t type, if you want to treat the data as sanlock log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B sanlock_var_run_t
++.EE
++
++- Set files with the sanlock_var_run_t type, if you want to store the sanlock files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sanlock policy is very flexible allowing users to setup their sanlock processes in as secure a method as possible.
++.PP
++The following process types are defined for sanlock:
++
++.EX
++.B sanlock_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sanlock_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sanlock_log_t
++
++ /var/log/sanlock\.log.*
++.br
++
++.br
++.B sanlock_var_run_t
++
++ /var/run/sanlock(/.*)?
++.br
++
++.br
++.B virt_var_lib_t
++
++ /var/lib/oz(/.*)?
++.br
++ /var/lib/libvirt(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sanlock(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/saslauthd_selinux.8 b/man/man8/saslauthd_selinux.8
+new file mode 100644
+index 0000000..7569230
+--- /dev/null
++++ b/man/man8/saslauthd_selinux.8
+@@ -0,0 +1,202 @@
++.TH "saslauthd_selinux" "8" "saslauthd" "dwalsh at redhat.com" "saslauthd SELinux Policy documentation"
++.SH "NAME"
++saslauthd_selinux \- Security Enhanced Linux Policy for the saslauthd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the saslauthd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. saslauthd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run saslauthd with the tightest access possible.
++
++
++.PP
++If you want to allow sasl to read shadow, you must turn on the saslauthd_read_shadow boolean.
++
++.EX
++.B setsebool -P saslauthd_read_shadow 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the saslauthd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the saslauthd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux saslauthd policy is very flexible allowing users to setup their saslauthd processes in as secure a method as possible.
++.PP
++The following file types are defined for saslauthd:
++
++
++.EX
++.PP
++.B saslauthd_exec_t
++.EE
++
++- Set files with the saslauthd_exec_t type, if you want to transition an executable to the saslauthd_t domain.
++
++
++.EX
++.PP
++.B saslauthd_initrc_exec_t
++.EE
++
++- Set files with the saslauthd_initrc_exec_t type, if you want to transition an executable to the saslauthd_initrc_t domain.
++
++
++.EX
++.PP
++.B saslauthd_keytab_t
++.EE
++
++- Set files with the saslauthd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B saslauthd_var_run_t
++.EE
++
++- Set files with the saslauthd_var_run_t type, if you want to store the saslauthd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/saslauthd(/.*)?, /var/lib/sasl2(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux saslauthd policy is very flexible allowing users to setup their saslauthd processes in as secure a method as possible.
++.PP
++The following process types are defined for saslauthd:
++
++.EX
++.B saslauthd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type saslauthd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B saslauthd_var_run_t
++
++ /var/lib/sasl2(/.*)?
++.br
++ /var/run/saslauthd(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), saslauthd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/sblim_gatherd_selinux.8 b/man/man8/sblim_gatherd_selinux.8
+new file mode 100644
+index 0000000..4e2573c
+--- /dev/null
++++ b/man/man8/sblim_gatherd_selinux.8
+@@ -0,0 +1,83 @@
++.TH "sblim_gatherd_selinux" "8" "sblim_gatherd" "dwalsh at redhat.com" "sblim_gatherd SELinux Policy documentation"
++.SH "NAME"
++sblim_gatherd_selinux \- Security Enhanced Linux Policy for the sblim_gatherd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sblim_gatherd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sblim_gatherd policy is very flexible allowing users to setup their sblim_gatherd processes in as secure a method as possible.
++.PP
++The following file types are defined for sblim_gatherd:
++
++
++.EX
++.PP
++.B sblim_gatherd_exec_t
++.EE
++
++- Set files with the sblim_gatherd_exec_t type, if you want to transition an executable to the sblim_gatherd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sblim_gatherd policy is very flexible allowing users to setup their sblim_gatherd processes in as secure a method as possible.
++.PP
++The following process types are defined for sblim_gatherd:
++
++.EX
++.B sblim_gatherd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sblim_gatherd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sblim_var_run_t
++
++ /var/run/gather(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sblim_gatherd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sblim_reposd_selinux.8 b/man/man8/sblim_reposd_selinux.8
+new file mode 100644
+index 0000000..3d7b830
+--- /dev/null
++++ b/man/man8/sblim_reposd_selinux.8
+@@ -0,0 +1,83 @@
++.TH "sblim_reposd_selinux" "8" "sblim_reposd" "dwalsh at redhat.com" "sblim_reposd SELinux Policy documentation"
++.SH "NAME"
++sblim_reposd_selinux \- Security Enhanced Linux Policy for the sblim_reposd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sblim_reposd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sblim_reposd policy is very flexible allowing users to setup their sblim_reposd processes in as secure a method as possible.
++.PP
++The following file types are defined for sblim_reposd:
++
++
++.EX
++.PP
++.B sblim_reposd_exec_t
++.EE
++
++- Set files with the sblim_reposd_exec_t type, if you want to transition an executable to the sblim_reposd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sblim_reposd policy is very flexible allowing users to setup their sblim_reposd processes in as secure a method as possible.
++.PP
++The following process types are defined for sblim_reposd:
++
++.EX
++.B sblim_reposd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sblim_reposd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sblim_var_run_t
++
++ /var/run/gather(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sblim_reposd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/secadm_selinux.8 b/man/man8/secadm_selinux.8
+new file mode 100644
+index 0000000..b3b1b75
+--- /dev/null
++++ b/man/man8/secadm_selinux.8
+@@ -0,0 +1,306 @@
++.TH "secadm_selinux" "8" "secadm" "mgrepl at redhat.com" "secadm SELinux Policy documentation"
++.SH "NAME"
++secadm_r \- \fBSecurity administrator role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
++
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
++
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
++
++The default type for the secadm_r role is secadm_t.
++
++The
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r secadm_r -t secadm_t
++
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to secadm_r by adding a similar line to the /etc/sudoers file.
++
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
++
++.br
++sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
++
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach secadm_r role.
++
++Execute the following to see all of the assigned SELinux roles:
++
++.B semanage user -l
++
++You need to add secadm_r to the staff_u user. You could setup the staff_u user to be able to use the secadm_r role with a command like:
++
++.B $ semanage user -m -R 'staff_r system_r secadm_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the sysadm_r, staff_r, auditadm_r roles can transition to the secadm_r role.
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type secadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B boolean_type
++
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B chrome_sandbox_tmpfs_t
++
++
++.br
++.B default_context_t
++
++ /etc/selinux/([^/]*/)?contexts(/.*)?
++.br
++ /root/\.default_contexts
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B file_context_t
++
++ /etc/selinux/([^/]*/)?contexts/files(/.*)?
++.br
++
++.br
++.B games_data_t
++
++ /var/games(/.*)?
++.br
++ /var/lib/games(/.*)?
++.br
++
++.br
++.B gpg_agent_tmp_t
++
++ /home/[^/]*/\.gnupg/log-socket
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B mqueue_spool_t
++
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
++
++.br
++.B nfsd_rw_t
++
++
++.br
++.B noxattrfs
++
++ all files on file systems which do not support extended attributes
++.br
++
++.br
++.B screen_home_t
++
++ /root/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screenrc
++.br
++
++.br
++.B selinux_config_t
++
++ /etc/selinux(/.*)?
++.br
++ /etc/selinux/([^/]*/)?seusers
++.br
++ /etc/selinux/([^/]*/)?users(/.*)?
++.br
++ /etc/selinux/([^/]*/)?setrans\.conf
++.br
++
++.br
++.B selinux_login_config_t
++
++ /etc/selinux/([^/]*/)?logins(/.*)?
++.br
++
++.br
++.B semanage_store_t
++
++ /etc/selinux/([^/]*/)?policy(/.*)?
++.br
++ /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?
++.br
++ /etc/share/selinux/mls(/.*)?
++.br
++ /etc/share/selinux/targeted(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B usbfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), secadm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8
+new file mode 100644
+index 0000000..9f14b6d
+--- /dev/null
++++ b/man/man8/sectoolm_selinux.8
+@@ -0,0 +1,113 @@
++.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh at redhat.com" "sectoolm SELinux Policy documentation"
++.SH "NAME"
++sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sectoolm processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sectoolm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sectoolm_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
++.PP
++The following file types are defined for sectoolm:
++
++
++.EX
++.PP
++.B sectoolm_exec_t
++.EE
++
++- Set files with the sectoolm_exec_t type, if you want to transition an executable to the sectoolm_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
++.PP
++The following process types are defined for sectoolm:
++
++.EX
++.B sectoolm_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sectoolm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sectool_tmp_t
++
++
++.br
++.B sectool_var_lib_t
++
++ /var/lib/sectool(/.*)?
++.br
++
++.br
++.B sectool_var_log_t
++
++ /var/log/sectool\.log.*
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/selinux_munin_plugin_selinux.8 b/man/man8/selinux_munin_plugin_selinux.8
+new file mode 100644
+index 0000000..650ba12
+--- /dev/null
++++ b/man/man8/selinux_munin_plugin_selinux.8
+@@ -0,0 +1,95 @@
++.TH "selinux_munin_plugin_selinux" "8" "selinux_munin_plugin" "dwalsh at redhat.com" "selinux_munin_plugin SELinux Policy documentation"
++.SH "NAME"
++selinux_munin_plugin_selinux \- Security Enhanced Linux Policy for the selinux_munin_plugin processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the selinux_munin_plugin processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux selinux_munin_plugin policy is very flexible allowing users to setup their selinux_munin_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for selinux_munin_plugin:
++
++
++.EX
++.PP
++.B selinux_munin_plugin_exec_t
++.EE
++
++- Set files with the selinux_munin_plugin_exec_t type, if you want to transition an executable to the selinux_munin_plugin_t domain.
++
++
++.EX
++.PP
++.B selinux_munin_plugin_tmp_t
++.EE
++
++- Set files with the selinux_munin_plugin_tmp_t type, if you want to store selinux munin plugin temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux selinux_munin_plugin policy is very flexible allowing users to setup their selinux_munin_plugin processes in as secure a method as possible.
++.PP
++The following process types are defined for selinux_munin_plugin:
++
++.EX
++.B selinux_munin_plugin_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type selinux_munin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B munin_plugin_state_t
++
++ /var/lib/munin/plugin-state(/.*)?
++.br
++
++.br
++.B selinux_munin_plugin_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), selinux_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8
+new file mode 100644
+index 0000000..be9a4db
+--- /dev/null
++++ b/man/man8/semanage_selinux.8
+@@ -0,0 +1,209 @@
++.TH "semanage_selinux" "8" "semanage" "dwalsh at redhat.com" "semanage SELinux Policy documentation"
++.SH "NAME"
++semanage_selinux \- Security Enhanced Linux Policy for the semanage processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the semanage processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the semanage_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the semanage_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++.PP
++The following file types are defined for semanage:
++
++
++.EX
++.PP
++.B semanage_exec_t
++.EE
++
++- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
++
++.EX
++.PP
++.B semanage_read_lock_t
++.EE
++
++- Set files with the semanage_read_lock_t type, if you want to treat the files as semanage read lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B semanage_store_t
++.EE
++
++- Set files with the semanage_store_t type, if you want to treat the files as semanage store data.
++
++.br
++.TP 5
++Paths:
++/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)?
++
++.EX
++.PP
++.B semanage_tmp_t
++.EE
++
++- Set files with the semanage_tmp_t type, if you want to store semanage temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B semanage_trans_lock_t
++.EE
++
++- Set files with the semanage_trans_lock_t type, if you want to treat the files as semanage trans lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B semanage_var_lib_t
++.EE
++
++- Set files with the semanage_var_lib_t type, if you want to store the semanage files under the /var/lib directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++.PP
++The following process types are defined for semanage:
++
++.EX
++.B semanage_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type semanage_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boolean_type
++
++
++.br
++.B default_context_t
++
++ /etc/selinux/([^/]*/)?contexts(/.*)?
++.br
++ /root/\.default_contexts
++.br
++
++.br
++.B file_context_t
++
++ /etc/selinux/([^/]*/)?contexts/files(/.*)?
++.br
++
++.br
++.B mock_var_lib_t
++
++ /var/lib/mock(/.*)?
++.br
++
++.br
++.B selinux_config_t
++
++ /etc/selinux(/.*)?
++.br
++ /etc/selinux/([^/]*/)?seusers
++.br
++ /etc/selinux/([^/]*/)?users(/.*)?
++.br
++ /etc/selinux/([^/]*/)?setrans\.conf
++.br
++
++.br
++.B semanage_read_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK
++.br
++
++.br
++.B semanage_store_t
++
++ /etc/selinux/([^/]*/)?policy(/.*)?
++.br
++ /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?
++.br
++ /etc/share/selinux/mls(/.*)?
++.br
++ /etc/share/selinux/targeted(/.*)?
++.br
++
++.br
++.B semanage_tmp_t
++
++
++.br
++.B semanage_trans_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK
++.br
++
++.br
++.B semanage_var_lib_t
++
++ /var/lib/selinux(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sendmail_selinux.8 b/man/man8/sendmail_selinux.8
+new file mode 100644
+index 0000000..635b959
+--- /dev/null
++++ b/man/man8/sendmail_selinux.8
+@@ -0,0 +1,262 @@
++.TH "sendmail_selinux" "8" "sendmail" "dwalsh at redhat.com" "sendmail SELinux Policy documentation"
++.SH "NAME"
++sendmail_selinux \- Security Enhanced Linux Policy for the sendmail processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sendmail processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sendmail policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sendmail with the tightest access possible.
++
++
++.PP
++If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
++
++.EX
++.B setsebool -P httpd_can_sendmail 1
++.EE
++
++.PP
++If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
++
++.EX
++.B setsebool -P logging_syslogd_can_sendmail 1
++.EE
++
++.PP
++If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
++
++.EX
++.B setsebool -P gitosis_can_sendmail 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sendmail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sendmail_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sendmail policy is very flexible allowing users to setup their sendmail processes in as secure a method as possible.
++.PP
++The following file types are defined for sendmail:
++
++
++.EX
++.PP
++.B sendmail_exec_t
++.EE
++
++- Set files with the sendmail_exec_t type, if you want to transition an executable to the sendmail_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/mail(x)?, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/bin/esmtp, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail, /usr/lib/sendmail, /bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)?
++
++.EX
++.PP
++.B sendmail_initrc_exec_t
++.EE
++
++- Set files with the sendmail_initrc_exec_t type, if you want to transition an executable to the sendmail_initrc_t domain.
++
++
++.EX
++.PP
++.B sendmail_keytab_t
++.EE
++
++- Set files with the sendmail_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B sendmail_log_t
++.EE
++
++- Set files with the sendmail_log_t type, if you want to treat the data as sendmail log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/sendmail\.st, /var/log/mail(/.*)?
++
++.EX
++.PP
++.B sendmail_tmp_t
++.EE
++
++- Set files with the sendmail_tmp_t type, if you want to store sendmail temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B sendmail_var_run_t
++.EE
++
++- Set files with the sendmail_var_run_t type, if you want to store the sendmail files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/sendmail\.pid, /var/run/sm-client\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sendmail policy is very flexible allowing users to setup their sendmail processes in as secure a method as possible.
++.PP
++The following process types are defined for sendmail:
++
++.EX
++.B sendmail_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sendmail_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
++.B etc_aliases_t
++
++ /etc/postfix/aliases.*
++.br
++ /etc/aliases
++.br
++ /etc/aliases\.db
++.br
++ /etc/mail/aliases
++.br
++ /etc/mail/aliases\.db
++.br
++
++.br
++.B exim_spool_t
++
++ /var/spool/exim[0-9]?(/.*)?
++.br
++
++.br
++.B initrc_tmp_t
++
++
++.br
++.B mail_home_rw_t
++
++ /root/Maildir(/.*)?
++.br
++ /home/[^/]*/Maildir(/.*)?
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B mqueue_spool_t
++
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
++
++.br
++.B procmail_tmp_t
++
++
++.br
++.B sendmail_log_t
++
++ /var/log/mail(/.*)?
++.br
++ /var/log/sendmail\.st
++.br
++
++.br
++.B sendmail_tmp_t
++
++
++.br
++.B sendmail_var_run_t
++
++ /var/run/sendmail\.pid
++.br
++ /var/run/sm-client\.pid
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sendmail(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/sensord_selinux.8 b/man/man8/sensord_selinux.8
+new file mode 100644
+index 0000000..89f45f4
+--- /dev/null
++++ b/man/man8/sensord_selinux.8
+@@ -0,0 +1,99 @@
++.TH "sensord_selinux" "8" "sensord" "dwalsh at redhat.com" "sensord SELinux Policy documentation"
++.SH "NAME"
++sensord_selinux \- Security Enhanced Linux Policy for the sensord processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sensord processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sensord policy is very flexible allowing users to setup their sensord processes in as secure a method as possible.
++.PP
++The following file types are defined for sensord:
++
++
++.EX
++.PP
++.B sensord_exec_t
++.EE
++
++- Set files with the sensord_exec_t type, if you want to transition an executable to the sensord_t domain.
++
++
++.EX
++.PP
++.B sensord_unit_file_t
++.EE
++
++- Set files with the sensord_unit_file_t type, if you want to treat the files as sensord unit content.
++
++
++.EX
++.PP
++.B sensord_var_run_t
++.EE
++
++- Set files with the sensord_var_run_t type, if you want to store the sensord files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sensord policy is very flexible allowing users to setup their sensord processes in as secure a method as possible.
++.PP
++The following process types are defined for sensord:
++
++.EX
++.B sensord_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sensord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sensord_var_run_t
++
++ /var/run/sensord\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sensord(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/services_munin_plugin_selinux.8 b/man/man8/services_munin_plugin_selinux.8
+new file mode 100644
+index 0000000..85b97dd
+--- /dev/null
++++ b/man/man8/services_munin_plugin_selinux.8
+@@ -0,0 +1,99 @@
++.TH "services_munin_plugin_selinux" "8" "services_munin_plugin" "dwalsh at redhat.com" "services_munin_plugin SELinux Policy documentation"
++.SH "NAME"
++services_munin_plugin_selinux \- Security Enhanced Linux Policy for the services_munin_plugin processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the services_munin_plugin processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux services_munin_plugin policy is very flexible allowing users to setup their services_munin_plugin processes in as secure a method as possible.
++.PP
++The following file types are defined for services_munin_plugin:
++
++
++.EX
++.PP
++.B services_munin_plugin_exec_t
++.EE
++
++- Set files with the services_munin_plugin_exec_t type, if you want to transition an executable to the services_munin_plugin_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/http_loadtime
++
++.EX
++.PP
++.B services_munin_plugin_tmp_t
++.EE
++
++- Set files with the services_munin_plugin_tmp_t type, if you want to store services munin plugin temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux services_munin_plugin policy is very flexible allowing users to setup their services_munin_plugin processes in as secure a method as possible.
++.PP
++The following process types are defined for services_munin_plugin:
++
++.EX
++.B services_munin_plugin_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type services_munin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B munin_plugin_state_t
++
++ /var/lib/munin/plugin-state(/.*)?
++.br
++
++.br
++.B services_munin_plugin_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), services_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/setfiles_selinux.8 b/man/man8/setfiles_selinux.8
+new file mode 100644
+index 0000000..8770c6f
+--- /dev/null
++++ b/man/man8/setfiles_selinux.8
+@@ -0,0 +1,87 @@
++.TH "setfiles_selinux" "8" "setfiles" "dwalsh at redhat.com" "setfiles SELinux Policy documentation"
++.SH "NAME"
++setfiles_selinux \- Security Enhanced Linux Policy for the setfiles processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setfiles processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setfiles policy is very flexible allowing users to setup their setfiles processes in as secure a method as possible.
++.PP
++The following file types are defined for setfiles:
++
++
++.EX
++.PP
++.B setfiles_exec_t
++.EE
++
++- Set files with the setfiles_exec_t type, if you want to transition an executable to the setfiles_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setfiles policy is very flexible allowing users to setup their setfiles processes in as secure a method as possible.
++.PP
++The following process types are defined for setfiles:
++
++.EX
++.B setfiles_mac_t, setfiles_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setfiles_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/setkey_selinux.8 b/man/man8/setkey_selinux.8
+new file mode 100644
+index 0000000..0335054
+--- /dev/null
++++ b/man/man8/setkey_selinux.8
+@@ -0,0 +1,81 @@
++.TH "setkey_selinux" "8" "setkey" "dwalsh at redhat.com" "setkey SELinux Policy documentation"
++.SH "NAME"
++setkey_selinux \- Security Enhanced Linux Policy for the setkey processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setkey processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setkey policy is very flexible allowing users to setup their setkey processes in as secure a method as possible.
++.PP
++The following file types are defined for setkey:
++
++
++.EX
++.PP
++.B setkey_exec_t
++.EE
++
++- Set files with the setkey_exec_t type, if you want to transition an executable to the setkey_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/setkey, /sbin/setkey
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setkey policy is very flexible allowing users to setup their setkey processes in as secure a method as possible.
++.PP
++The following process types are defined for setkey:
++
++.EX
++.B setkey_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setkey_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/setrans_selinux.8 b/man/man8/setrans_selinux.8
+new file mode 100644
+index 0000000..b26f4bd
+--- /dev/null
++++ b/man/man8/setrans_selinux.8
+@@ -0,0 +1,115 @@
++.TH "setrans_selinux" "8" "setrans" "dwalsh at redhat.com" "setrans SELinux Policy documentation"
++.SH "NAME"
++setrans_selinux \- Security Enhanced Linux Policy for the setrans processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setrans processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setrans policy is very flexible allowing users to setup their setrans processes in as secure a method as possible.
++.PP
++The following file types are defined for setrans:
++
++
++.EX
++.PP
++.B setrans_exec_t
++.EE
++
++- Set files with the setrans_exec_t type, if you want to transition an executable to the setrans_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/mcstransd, /usr/sbin/mcstransd
++
++.EX
++.PP
++.B setrans_initrc_exec_t
++.EE
++
++- Set files with the setrans_initrc_exec_t type, if you want to transition an executable to the setrans_initrc_t domain.
++
++
++.EX
++.PP
++.B setrans_var_run_t
++.EE
++
++- Set files with the setrans_var_run_t type, if you want to store the setrans files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/mcstransd\.pid, /var/run/setrans(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setrans policy is very flexible allowing users to setup their setrans processes in as secure a method as possible.
++.PP
++The following process types are defined for setrans:
++
++.EX
++.B setrans_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setrans_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B setrans_var_run_t
++
++ /var/run/setrans(/.*)?
++.br
++ /var/run/mcstransd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/setroubleshoot_fixit_selinux.8 b/man/man8/setroubleshoot_fixit_selinux.8
+new file mode 100644
+index 0000000..5058700
+--- /dev/null
++++ b/man/man8/setroubleshoot_fixit_selinux.8
+@@ -0,0 +1,91 @@
++.TH "setroubleshoot_fixit_selinux" "8" "setroubleshoot_fixit" "dwalsh at redhat.com" "setroubleshoot_fixit SELinux Policy documentation"
++.SH "NAME"
++setroubleshoot_fixit_selinux \- Security Enhanced Linux Policy for the setroubleshoot_fixit processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setroubleshoot_fixit processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setroubleshoot_fixit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the setroubleshoot_fixit_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setroubleshoot_fixit policy is very flexible allowing users to setup their setroubleshoot_fixit processes in as secure a method as possible.
++.PP
++The following file types are defined for setroubleshoot_fixit:
++
++
++.EX
++.PP
++.B setroubleshoot_fixit_exec_t
++.EE
++
++- Set files with the setroubleshoot_fixit_exec_t type, if you want to transition an executable to the setroubleshoot_fixit_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setroubleshoot_fixit policy is very flexible allowing users to setup their setroubleshoot_fixit processes in as secure a method as possible.
++.PP
++The following process types are defined for setroubleshoot_fixit:
++
++.EX
++.B setroubleshoot_fixit_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setroubleshoot_fixit_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setroubleshoot_fixit(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/setroubleshootd_selinux.8 b/man/man8/setroubleshootd_selinux.8
+new file mode 100644
+index 0000000..1885226
+--- /dev/null
++++ b/man/man8/setroubleshootd_selinux.8
+@@ -0,0 +1,116 @@
++.TH "setroubleshootd_selinux" "8" "setroubleshootd" "dwalsh at redhat.com" "setroubleshootd SELinux Policy documentation"
++.SH "NAME"
++setroubleshootd_selinux \- Security Enhanced Linux Policy for the setroubleshootd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setroubleshootd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the setroubleshootd_t, setroubleshoot_fixit_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setroubleshootd policy is very flexible allowing users to setup their setroubleshootd processes in as secure a method as possible.
++.PP
++The following file types are defined for setroubleshootd:
++
++
++.EX
++.PP
++.B setroubleshootd_exec_t
++.EE
++
++- Set files with the setroubleshootd_exec_t type, if you want to transition an executable to the setroubleshootd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setroubleshootd policy is very flexible allowing users to setup their setroubleshootd processes in as secure a method as possible.
++.PP
++The following process types are defined for setroubleshootd:
++
++.EX
++.B setroubleshoot_fixit_t, setroubleshootd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setroubleshootd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B setroubleshoot_var_lib_t
++
++ /var/lib/setroubleshoot(/.*)?
++.br
++
++.br
++.B setroubleshoot_var_log_t
++
++ /var/log/setroubleshoot(/.*)?
++.br
++
++.br
++.B setroubleshoot_var_run_t
++
++ /var/run/setroubleshoot(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1)
++, setroubleshoot_fixit_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/setsebool_selinux.8 b/man/man8/setsebool_selinux.8
+new file mode 100644
+index 0000000..098ee19
+--- /dev/null
++++ b/man/man8/setsebool_selinux.8
+@@ -0,0 +1,149 @@
++.TH "setsebool_selinux" "8" "setsebool" "dwalsh at redhat.com" "setsebool SELinux Policy documentation"
++.SH "NAME"
++setsebool_selinux \- Security Enhanced Linux Policy for the setsebool processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the setsebool processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the setsebool_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the setsebool_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux setsebool policy is very flexible allowing users to setup their setsebool processes in as secure a method as possible.
++.PP
++The following file types are defined for setsebool:
++
++
++.EX
++.PP
++.B setsebool_exec_t
++.EE
++
++- Set files with the setsebool_exec_t type, if you want to transition an executable to the setsebool_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux setsebool policy is very flexible allowing users to setup their setsebool processes in as secure a method as possible.
++.PP
++The following process types are defined for setsebool:
++
++.EX
++.B setsebool_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type setsebool_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B boolean_type
++
++
++.br
++.B default_context_t
++
++ /etc/selinux/([^/]*/)?contexts(/.*)?
++.br
++ /root/\.default_contexts
++.br
++
++.br
++.B file_context_t
++
++ /etc/selinux/([^/]*/)?contexts/files(/.*)?
++.br
++
++.br
++.B selinux_config_t
++
++ /etc/selinux(/.*)?
++.br
++ /etc/selinux/([^/]*/)?seusers
++.br
++ /etc/selinux/([^/]*/)?users(/.*)?
++.br
++ /etc/selinux/([^/]*/)?setrans\.conf
++.br
++
++.br
++.B semanage_read_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK
++.br
++
++.br
++.B semanage_store_t
++
++ /etc/selinux/([^/]*/)?policy(/.*)?
++.br
++ /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?
++.br
++ /etc/share/selinux/mls(/.*)?
++.br
++ /etc/share/selinux/targeted(/.*)?
++.br
++
++.br
++.B semanage_tmp_t
++
++
++.br
++.B semanage_trans_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sge_execd_selinux.8 b/man/man8/sge_execd_selinux.8
+new file mode 100644
+index 0000000..533a01d
+--- /dev/null
++++ b/man/man8/sge_execd_selinux.8
+@@ -0,0 +1,101 @@
++.TH "sge_execd_selinux" "8" "sge_execd" "dwalsh at redhat.com" "sge_execd SELinux Policy documentation"
++.SH "NAME"
++sge_execd_selinux \- Security Enhanced Linux Policy for the sge_execd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sge_execd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sge_execd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sge_execd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sge_execd policy is very flexible allowing users to setup their sge_execd processes in as secure a method as possible.
++.PP
++The following file types are defined for sge_execd:
++
++
++.EX
++.PP
++.B sge_execd_exec_t
++.EE
++
++- Set files with the sge_execd_exec_t type, if you want to transition an executable to the sge_execd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sge_execd policy is very flexible allowing users to setup their sge_execd processes in as secure a method as possible.
++.PP
++The following process types are defined for sge_execd:
++
++.EX
++.B sge_execd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sge_execd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sge_spool_t
++
++ /var/spool/gridengine(/.*)?
++.br
++
++.br
++.B sge_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sge_execd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sge_job_selinux.8 b/man/man8/sge_job_selinux.8
+new file mode 100644
+index 0000000..2f731de
+--- /dev/null
++++ b/man/man8/sge_job_selinux.8
+@@ -0,0 +1,123 @@
++.TH "sge_job_selinux" "8" "sge_job" "dwalsh at redhat.com" "sge_job SELinux Policy documentation"
++.SH "NAME"
++sge_job_selinux \- Security Enhanced Linux Policy for the sge_job processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sge_job processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sge_job_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sge_job_ssh_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sge_job policy is very flexible allowing users to setup their sge_job processes in as secure a method as possible.
++.PP
++The following file types are defined for sge_job:
++
++
++.EX
++.PP
++.B sge_job_exec_t
++.EE
++
++- Set files with the sge_job_exec_t type, if you want to transition an executable to the sge_job_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sge_job policy is very flexible allowing users to setup their sge_job processes in as secure a method as possible.
++.PP
++The following process types are defined for sge_job:
++
++.EX
++.B sge_job_ssh_t, sge_job_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sge_job_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sge_spool_t
++
++ /var/spool/gridengine(/.*)?
++.br
++
++.br
++.B sge_tmp_t
++
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sge_job(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sge_shepherd_selinux.8 b/man/man8/sge_shepherd_selinux.8
+new file mode 100644
+index 0000000..e8abc98
+--- /dev/null
++++ b/man/man8/sge_shepherd_selinux.8
+@@ -0,0 +1,87 @@
++.TH "sge_shepherd_selinux" "8" "sge_shepherd" "dwalsh at redhat.com" "sge_shepherd SELinux Policy documentation"
++.SH "NAME"
++sge_shepherd_selinux \- Security Enhanced Linux Policy for the sge_shepherd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sge_shepherd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sge_shepherd policy is very flexible allowing users to setup their sge_shepherd processes in as secure a method as possible.
++.PP
++The following file types are defined for sge_shepherd:
++
++
++.EX
++.PP
++.B sge_shepherd_exec_t
++.EE
++
++- Set files with the sge_shepherd_exec_t type, if you want to transition an executable to the sge_shepherd_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sge_shepherd policy is very flexible allowing users to setup their sge_shepherd processes in as secure a method as possible.
++.PP
++The following process types are defined for sge_shepherd:
++
++.EX
++.B sge_shepherd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sge_shepherd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sge_spool_t
++
++ /var/spool/gridengine(/.*)?
++.br
++
++.br
++.B sge_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sge_shepherd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/shorewall_selinux.8 b/man/man8/shorewall_selinux.8
+new file mode 100644
+index 0000000..311756f
+--- /dev/null
++++ b/man/man8/shorewall_selinux.8
+@@ -0,0 +1,193 @@
++.TH "shorewall_selinux" "8" "shorewall" "dwalsh at redhat.com" "shorewall SELinux Policy documentation"
++.SH "NAME"
++shorewall_selinux \- Security Enhanced Linux Policy for the shorewall processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the shorewall processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the shorewall_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the shorewall_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux shorewall policy is very flexible allowing users to setup their shorewall processes in as secure a method as possible.
++.PP
++The following file types are defined for shorewall:
++
++
++.EX
++.PP
++.B shorewall_etc_t
++.EE
++
++- Set files with the shorewall_etc_t type, if you want to store shorewall files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/shorewall-lite(/.*)?, /etc/shorewall(/.*)?
++
++.EX
++.PP
++.B shorewall_exec_t
++.EE
++
++- Set files with the shorewall_exec_t type, if you want to transition an executable to the shorewall_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite, /usr/sbin/shorewall6?
++
++.EX
++.PP
++.B shorewall_initrc_exec_t
++.EE
++
++- Set files with the shorewall_initrc_exec_t type, if you want to transition an executable to the shorewall_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite
++
++.EX
++.PP
++.B shorewall_lock_t
++.EE
++
++- Set files with the shorewall_lock_t type, if you want to treat the files as shorewall lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B shorewall_log_t
++.EE
++
++- Set files with the shorewall_log_t type, if you want to treat the data as shorewall log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B shorewall_tmp_t
++.EE
++
++- Set files with the shorewall_tmp_t type, if you want to store shorewall temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B shorewall_var_lib_t
++.EE
++
++- Set files with the shorewall_var_lib_t type, if you want to store the shorewall files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux shorewall policy is very flexible allowing users to setup their shorewall processes in as secure a method as possible.
++.PP
++The following process types are defined for shorewall:
++
++.EX
++.B shorewall_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type shorewall_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B shorewall_lock_t
++
++ /var/lock/subsys/shorewall
++.br
++
++.br
++.B shorewall_log_t
++
++ /var/log/shorewall.*
++.br
++
++.br
++.B shorewall_tmp_t
++
++
++.br
++.B shorewall_var_lib_t
++
++ /var/lib/shorewall(/.*)?
++.br
++ /var/lib/shorewall6(/.*)?
++.br
++ /var/lib/shorewall-lite(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/showmount_selinux.8 b/man/man8/showmount_selinux.8
+new file mode 100644
+index 0000000..0e81d8f
+--- /dev/null
++++ b/man/man8/showmount_selinux.8
+@@ -0,0 +1,77 @@
++.TH "showmount_selinux" "8" "showmount" "dwalsh at redhat.com" "showmount SELinux Policy documentation"
++.SH "NAME"
++showmount_selinux \- Security Enhanced Linux Policy for the showmount processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the showmount processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux showmount policy is very flexible allowing users to setup their showmount processes in as secure a method as possible.
++.PP
++The following file types are defined for showmount:
++
++
++.EX
++.PP
++.B showmount_exec_t
++.EE
++
++- Set files with the showmount_exec_t type, if you want to transition an executable to the showmount_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux showmount policy is very flexible allowing users to setup their showmount processes in as secure a method as possible.
++.PP
++The following process types are defined for showmount:
++
++.EX
++.B showmount_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type showmount_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/shutdown_selinux.8 b/man/man8/shutdown_selinux.8
+new file mode 100644
+index 0000000..66ed980
+--- /dev/null
++++ b/man/man8/shutdown_selinux.8
+@@ -0,0 +1,164 @@
++.TH "shutdown_selinux" "8" "shutdown" "dwalsh at redhat.com" "shutdown SELinux Policy documentation"
++.SH "NAME"
++shutdown_selinux \- Security Enhanced Linux Policy for the shutdown processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the shutdown processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. shutdown policy is extremely flexible and has several booleans that allow you to manipulate the policy and run shutdown with the tightest access possible.
++
++
++.PP
++If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
++
++.EX
++.B setsebool -P httpd_graceful_shutdown 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the shutdown_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the shutdown_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux shutdown policy is very flexible allowing users to setup their shutdown processes in as secure a method as possible.
++.PP
++The following file types are defined for shutdown:
++
++
++.EX
++.PP
++.B shutdown_etc_t
++.EE
++
++- Set files with the shutdown_etc_t type, if you want to store shutdown files in the /etc directories.
++
++
++.EX
++.PP
++.B shutdown_exec_t
++.EE
++
++- Set files with the shutdown_exec_t type, if you want to transition an executable to the shutdown_t domain.
++
++.br
++.TP 5
++Paths:
++/sbin/shutdown, /usr/sbin/shutdown, /usr/lib/upstart/shutdown, /lib/upstart/shutdown
++
++.EX
++.PP
++.B shutdown_var_run_t
++.EE
++
++- Set files with the shutdown_var_run_t type, if you want to store the shutdown files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux shutdown policy is very flexible allowing users to setup their shutdown processes in as secure a method as possible.
++.PP
++The following process types are defined for shutdown:
++
++.EX
++.B shutdown_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type shutdown_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B shutdown_etc_t
++
++ /etc/nologin
++.br
++
++.br
++.B shutdown_var_run_t
++
++ /var/run/shutdown\.pid
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/slapd_selinux.8 b/man/man8/slapd_selinux.8
+new file mode 100644
+index 0000000..a306cd7
+--- /dev/null
++++ b/man/man8/slapd_selinux.8
+@@ -0,0 +1,267 @@
++.TH "slapd_selinux" "8" "slapd" "dwalsh at redhat.com" "slapd SELinux Policy documentation"
++.SH "NAME"
++slapd_selinux \- Security Enhanced Linux Policy for the slapd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the slapd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the slapd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the slapd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux slapd policy is very flexible allowing users to setup their slapd processes in as secure a method as possible.
++.PP
++The following file types are defined for slapd:
++
++
++.EX
++.PP
++.B slapd_cert_t
++.EE
++
++- Set files with the slapd_cert_t type, if you want to treat the files as slapd certificate data.
++
++
++.EX
++.PP
++.B slapd_db_t
++.EE
++
++- Set files with the slapd_db_t type, if you want to treat the files as slapd database content.
++
++.br
++.TP 5
++Paths:
++/etc/openldap/slapd\.d(/.*)?, /var/lib/ldap(/.*)?
++
++.EX
++.PP
++.B slapd_etc_t
++.EE
++
++- Set files with the slapd_etc_t type, if you want to store slapd files in the /etc directories.
++
++
++.EX
++.PP
++.B slapd_exec_t
++.EE
++
++- Set files with the slapd_exec_t type, if you want to transition an executable to the slapd_t domain.
++
++
++.EX
++.PP
++.B slapd_initrc_exec_t
++.EE
++
++- Set files with the slapd_initrc_exec_t type, if you want to transition an executable to the slapd_initrc_t domain.
++
++
++.EX
++.PP
++.B slapd_keytab_t
++.EE
++
++- Set files with the slapd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B slapd_lock_t
++.EE
++
++- Set files with the slapd_lock_t type, if you want to treat the files as slapd lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B slapd_log_t
++.EE
++
++- Set files with the slapd_log_t type, if you want to treat the data as slapd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B slapd_replog_t
++.EE
++
++- Set files with the slapd_replog_t type, if you want to treat the files as slapd replog data.
++
++
++.EX
++.PP
++.B slapd_tmp_t
++.EE
++
++- Set files with the slapd_tmp_t type, if you want to store slapd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B slapd_tmpfs_t
++.EE
++
++- Set files with the slapd_tmpfs_t type, if you want to store slapd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B slapd_unit_file_t
++.EE
++
++- Set files with the slapd_unit_file_t type, if you want to treat the files as slapd unit content.
++
++
++.EX
++.PP
++.B slapd_var_run_t
++.EE
++
++- Set files with the slapd_var_run_t type, if you want to store the slapd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/slapd\.args, /var/run/openldap(/.*)?, /var/run/slapd\.pid, /var/run/ldapi, /var/run/slapd.*
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux slapd policy is very flexible allowing users to setup their slapd processes in as secure a method as possible.
++.PP
++The following process types are defined for slapd:
++
++.EX
++.B slapd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type slapd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B slapd_db_t
++
++ /var/lib/ldap(/.*)?
++.br
++ /etc/openldap/slapd\.d(/.*)?
++.br
++
++.br
++.B slapd_lock_t
++
++
++.br
++.B slapd_log_t
++
++
++.br
++.B slapd_replog_t
++
++ /var/lib/ldap/replog(/.*)?
++.br
++
++.br
++.B slapd_tmp_t
++
++
++.br
++.B slapd_tmpfs_t
++
++
++.br
++.B slapd_var_run_t
++
++ /var/run/slapd.*
++.br
++ /var/run/openldap(/.*)?
++.br
++ /var/run/ldapi
++.br
++ /var/run/slapd\.pid
++.br
++ /var/run/slapd\.args
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/slpd_selinux.8 b/man/man8/slpd_selinux.8
+new file mode 100644
+index 0000000..7d79f13
+--- /dev/null
++++ b/man/man8/slpd_selinux.8
+@@ -0,0 +1,127 @@
++.TH "slpd_selinux" "8" "slpd" "dwalsh at redhat.com" "slpd SELinux Policy documentation"
++.SH "NAME"
++slpd_selinux \- Security Enhanced Linux Policy for the slpd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the slpd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the slpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the slpd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux slpd policy is very flexible allowing users to setup their slpd processes in as secure a method as possible.
++.PP
++The following file types are defined for slpd:
++
++
++.EX
++.PP
++.B slpd_exec_t
++.EE
++
++- Set files with the slpd_exec_t type, if you want to transition an executable to the slpd_t domain.
++
++
++.EX
++.PP
++.B slpd_initrc_exec_t
++.EE
++
++- Set files with the slpd_initrc_exec_t type, if you want to transition an executable to the slpd_initrc_t domain.
++
++
++.EX
++.PP
++.B slpd_var_log_t
++.EE
++
++- Set files with the slpd_var_log_t type, if you want to treat the data as slpd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B slpd_var_run_t
++.EE
++
++- Set files with the slpd_var_run_t type, if you want to store the slpd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux slpd policy is very flexible allowing users to setup their slpd processes in as secure a method as possible.
++.PP
++The following process types are defined for slpd:
++
++.EX
++.B slpd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type slpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B slpd_var_log_t
++
++ /var/log/slpd\.log
++.br
++
++.br
++.B slpd_var_run_t
++
++ /var/run/slpd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), slpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/smbcontrol_selinux.8 b/man/man8/smbcontrol_selinux.8
+new file mode 100644
+index 0000000..7a4c12c
+--- /dev/null
++++ b/man/man8/smbcontrol_selinux.8
+@@ -0,0 +1,87 @@
++.TH "smbcontrol_selinux" "8" "smbcontrol" "dwalsh at redhat.com" "smbcontrol SELinux Policy documentation"
++.SH "NAME"
++smbcontrol_selinux \- Security Enhanced Linux Policy for the smbcontrol processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the smbcontrol processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux smbcontrol policy is very flexible allowing users to setup their smbcontrol processes in as secure a method as possible.
++.PP
++The following file types are defined for smbcontrol:
++
++
++.EX
++.PP
++.B smbcontrol_exec_t
++.EE
++
++- Set files with the smbcontrol_exec_t type, if you want to transition an executable to the smbcontrol_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux smbcontrol policy is very flexible allowing users to setup their smbcontrol processes in as secure a method as possible.
++.PP
++The following process types are defined for smbcontrol:
++
++.EX
++.B smbcontrol_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type smbcontrol_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/smbd_selinux.8 b/man/man8/smbd_selinux.8
+new file mode 100644
+index 0000000..a46dfb3
+--- /dev/null
++++ b/man/man8/smbd_selinux.8
+@@ -0,0 +1,312 @@
++.TH "smbd_selinux" "8" "smbd" "dwalsh at redhat.com" "smbd SELinux Policy documentation"
++.SH "NAME"
++smbd_selinux \- Security Enhanced Linux Policy for the smbd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the smbd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smbmount_t, smbd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the smbmount_t, smbd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow smbd servers to read the /var/smbd directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/smbd(/.*)?"
++.br
++.B restorecon -F -R -v /var/smbd
++.pp
++.TP
++Allow smbd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_smbdd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/smbd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/smbd/incoming
++
++
++.PP
++If you want to allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the smbd_anon_write boolean.
++
++.EX
++.B setsebool -P smbd_anon_write 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
++.PP
++The following file types are defined for smbd:
++
++
++.EX
++.PP
++.B smbd_exec_t
++.EE
++
++- Set files with the smbd_exec_t type, if you want to transition an executable to the smbd_t domain.
++
++
++.EX
++.PP
++.B smbd_keytab_t
++.EE
++
++- Set files with the smbd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B smbd_tmp_t
++.EE
++
++- Set files with the smbd_tmp_t type, if you want to store smbd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B smbd_var_run_t
++.EE
++
++- Set files with the smbd_var_run_t type, if you want to store the smbd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/samba/gencache\.tdb, /var/run/samba/share_info\.tdb, /var/run/samba(/.*)?, /var/run/samba/locking\.tdb, /var/run/samba/connections\.tdb, /var/run/samba/smbd\.pid, /var/run/samba/sessionid\.tdb, /var/run/samba/brlock\.tdb
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
++.PP
++The following port types are defined for smbd:
++
++.EX
++.TP 5
++.B smbd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 137-139,445
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
++.PP
++The following process types are defined for smbd:
++
++.EX
++.B smbcontrol_t, smbmount_t, smbd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type smbd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B ctdbd_var_lib_t
++
++ /etc/ctdb(/.*)?
++.br
++ /var/ctdb(/.*)?
++.br
++ /var/ctdbd(/.*)?
++.br
++ /var/lib/ctdbd(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B nmbd_var_run_t
++
++ /var/run/nmbd(/.*)?
++.br
++ /var/run/samba/nmbd(/.*)?
++.br
++ /var/run/samba/nmbd\.pid
++.br
++ /var/run/samba/messages\.tdb
++.br
++ /var/run/samba/namelist\.debug
++.br
++ /var/run/samba/unexpected\.tdb
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B samba_log_t
++
++ /var/log/samba(/.*)?
++.br
++
++.br
++.B samba_secrets_t
++
++ /etc/samba/smbpasswd
++.br
++ /etc/samba/passdb\.tdb
++.br
++ /etc/samba/MACHINE\.SID
++.br
++ /etc/samba/secrets\.tdb
++.br
++
++.br
++.B samba_share_t
++
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B smbd_tmp_t
++
++
++.br
++.B smbd_var_run_t
++
++ /var/run/samba(/.*)?
++.br
++ /var/run/samba/smbd\.pid
++.br
++ /var/run/samba/brlock\.tdb
++.br
++ /var/run/samba/locking\.tdb
++.br
++ /var/run/samba/gencache\.tdb
++.br
++ /var/run/samba/sessionid\.tdb
++.br
++ /var/run/samba/share_info\.tdb
++.br
++ /var/run/samba/connections\.tdb
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1)
++, smbcontrol_selinux(8), smbmount_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/smbmount_selinux.8 b/man/man8/smbmount_selinux.8
+new file mode 100644
+index 0000000..7b6ceed
+--- /dev/null
++++ b/man/man8/smbmount_selinux.8
+@@ -0,0 +1,177 @@
++.TH "smbmount_selinux" "8" "smbmount" "dwalsh at redhat.com" "smbmount SELinux Policy documentation"
++.SH "NAME"
++smbmount_selinux \- Security Enhanced Linux Policy for the smbmount processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the smbmount processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smbmount_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the smbmount_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux smbmount policy is very flexible allowing users to setup their smbmount processes in as secure a method as possible.
++.PP
++The following file types are defined for smbmount:
++
++
++.EX
++.PP
++.B smbmount_exec_t
++.EE
++
++- Set files with the smbmount_exec_t type, if you want to transition an executable to the smbmount_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/smbmnt, /usr/bin/smbmount
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux smbmount policy is very flexible allowing users to setup their smbmount processes in as secure a method as possible.
++.PP
++The following process types are defined for smbmount:
++
++.EX
++.B smbmount_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type smbmount_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B samba_log_t
++
++ /var/log/samba(/.*)?
++.br
++
++.br
++.B samba_secrets_t
++
++ /etc/samba/smbpasswd
++.br
++ /etc/samba/passdb\.tdb
++.br
++ /etc/samba/MACHINE\.SID
++.br
++ /etc/samba/secrets\.tdb
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/smokeping_selinux.8 b/man/man8/smokeping_selinux.8
+new file mode 100644
+index 0000000..66973bf
+--- /dev/null
++++ b/man/man8/smokeping_selinux.8
+@@ -0,0 +1,127 @@
++.TH "smokeping_selinux" "8" "smokeping" "dwalsh at redhat.com" "smokeping SELinux Policy documentation"
++.SH "NAME"
++smokeping_selinux \- Security Enhanced Linux Policy for the smokeping processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the smokeping processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smokeping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the smokeping_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux smokeping policy is very flexible allowing users to setup their smokeping processes in as secure a method as possible.
++.PP
++The following file types are defined for smokeping:
++
++
++.EX
++.PP
++.B smokeping_exec_t
++.EE
++
++- Set files with the smokeping_exec_t type, if you want to transition an executable to the smokeping_t domain.
++
++
++.EX
++.PP
++.B smokeping_initrc_exec_t
++.EE
++
++- Set files with the smokeping_initrc_exec_t type, if you want to transition an executable to the smokeping_initrc_t domain.
++
++
++.EX
++.PP
++.B smokeping_var_lib_t
++.EE
++
++- Set files with the smokeping_var_lib_t type, if you want to store the smokeping files under the /var/lib directory.
++
++
++.EX
++.PP
++.B smokeping_var_run_t
++.EE
++
++- Set files with the smokeping_var_run_t type, if you want to store the smokeping files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux smokeping policy is very flexible allowing users to setup their smokeping processes in as secure a method as possible.
++.PP
++The following process types are defined for smokeping:
++
++.EX
++.B smokeping_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type smokeping_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B smokeping_var_lib_t
++
++ /var/lib/smokeping(/.*)?
++.br
++
++.br
++.B smokeping_var_run_t
++
++ /var/run/smokeping(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/smoltclient_selinux.8 b/man/man8/smoltclient_selinux.8
+new file mode 100644
+index 0000000..4059e62
+--- /dev/null
++++ b/man/man8/smoltclient_selinux.8
+@@ -0,0 +1,103 @@
++.TH "smoltclient_selinux" "8" "smoltclient" "dwalsh at redhat.com" "smoltclient SELinux Policy documentation"
++.SH "NAME"
++smoltclient_selinux \- Security Enhanced Linux Policy for the smoltclient processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the smoltclient processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smoltclient_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the smoltclient_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux smoltclient policy is very flexible allowing users to setup their smoltclient processes in as secure a method as possible.
++.PP
++The following file types are defined for smoltclient:
++
++
++.EX
++.PP
++.B smoltclient_exec_t
++.EE
++
++- Set files with the smoltclient_exec_t type, if you want to transition an executable to the smoltclient_t domain.
++
++
++.EX
++.PP
++.B smoltclient_tmp_t
++.EE
++
++- Set files with the smoltclient_tmp_t type, if you want to store smoltclient temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux smoltclient policy is very flexible allowing users to setup their smoltclient processes in as secure a method as possible.
++.PP
++The following process types are defined for smoltclient:
++
++.EX
++.B smoltclient_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type smoltclient_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B smoltclient_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/snmpd_selinux.8 b/man/man8/snmpd_selinux.8
+new file mode 100644
+index 0000000..00ce3f1
+--- /dev/null
++++ b/man/man8/snmpd_selinux.8
+@@ -0,0 +1,193 @@
++.TH "snmpd_selinux" "8" "snmpd" "dwalsh at redhat.com" "snmpd SELinux Policy documentation"
++.SH "NAME"
++snmpd_selinux \- Security Enhanced Linux Policy for the snmpd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the snmpd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the snmpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the snmpd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++.PP
++The following file types are defined for snmpd:
++
++
++.EX
++.PP
++.B snmpd_exec_t
++.EE
++
++- Set files with the snmpd_exec_t type, if you want to transition an executable to the snmpd_t domain.
++
++
++.EX
++.PP
++.B snmpd_initrc_exec_t
++.EE
++
++- Set files with the snmpd_initrc_exec_t type, if you want to transition an executable to the snmpd_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd
++
++.EX
++.PP
++.B snmpd_log_t
++.EE
++
++- Set files with the snmpd_log_t type, if you want to treat the data as snmpd log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B snmpd_var_lib_t
++.EE
++
++- Set files with the snmpd_var_lib_t type, if you want to store the snmpd files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/agentx(/.*)?, /usr/share/snmp/mibs/\.index, /var/net-snmp(/.*)?, /var/lib/net-snmp(/.*)?, /var/lib/snmp(/.*)?
++
++.EX
++.PP
++.B snmpd_var_run_t
++.EE
++
++- Set files with the snmpd_var_run_t type, if you want to store the snmpd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/net-snmpd(/.*)?, /var/run/snmpd\.pid, /var/run/snmpd(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++.PP
++The following port types are defined for snmpd:
++
++.EX
++.TP 5
++.B snmp_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 161-162,199,1161
++.EE
++udp 161-162
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++.PP
++The following process types are defined for snmpd:
++
++.EX
++.B snmpd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type snmpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B snmpd_log_t
++
++ /var/log/snmpd\.log.*
++.br
++
++.br
++.B snmpd_var_lib_t
++
++ /var/agentx(/.*)?
++.br
++ /var/lib/snmp(/.*)?
++.br
++ /var/net-snmp(/.*)?
++.br
++ /var/lib/net-snmp(/.*)?
++.br
++ /usr/share/snmp/mibs/\.index
++.br
++
++.br
++.B snmpd_var_run_t
++
++ /var/run/snmpd(/.*)?
++.br
++ /var/run/net-snmpd(/.*)?
++.br
++ /var/run/snmpd\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/snort_selinux.8 b/man/man8/snort_selinux.8
+new file mode 100644
+index 0000000..3b0dcb6
+--- /dev/null
++++ b/man/man8/snort_selinux.8
+@@ -0,0 +1,145 @@
++.TH "snort_selinux" "8" "snort" "dwalsh at redhat.com" "snort SELinux Policy documentation"
++.SH "NAME"
++snort_selinux \- Security Enhanced Linux Policy for the snort processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the snort processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux snort policy is very flexible allowing users to setup their snort processes in as secure a method as possible.
++.PP
++The following file types are defined for snort:
++
++
++.EX
++.PP
++.B snort_etc_t
++.EE
++
++- Set files with the snort_etc_t type, if you want to store snort files in the /etc directories.
++
++
++.EX
++.PP
++.B snort_exec_t
++.EE
++
++- Set files with the snort_exec_t type, if you want to transition an executable to the snort_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/snort-plain, /usr/s?bin/snort
++
++.EX
++.PP
++.B snort_initrc_exec_t
++.EE
++
++- Set files with the snort_initrc_exec_t type, if you want to transition an executable to the snort_initrc_t domain.
++
++
++.EX
++.PP
++.B snort_log_t
++.EE
++
++- Set files with the snort_log_t type, if you want to treat the data as snort log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B snort_tmp_t
++.EE
++
++- Set files with the snort_tmp_t type, if you want to store snort temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B snort_var_run_t
++.EE
++
++- Set files with the snort_var_run_t type, if you want to store the snort files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux snort policy is very flexible allowing users to setup their snort processes in as secure a method as possible.
++.PP
++The following process types are defined for snort:
++
++.EX
++.B snort_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type snort_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B prelude_spool_t
++
++ /var/spool/prelude(/.*)?
++.br
++ /var/spool/prelude-manager(/.*)?
++.br
++
++.br
++.B snort_log_t
++
++ /var/log/snort(/.*)?
++.br
++
++.br
++.B snort_tmp_t
++
++
++.br
++.B snort_var_run_t
++
++ /var/run/snort.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), snort(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sosreport_selinux.8 b/man/man8/sosreport_selinux.8
+new file mode 100644
+index 0000000..5ef70fd
+--- /dev/null
++++ b/man/man8/sosreport_selinux.8
+@@ -0,0 +1,193 @@
++.TH "sosreport_selinux" "8" "sosreport" "dwalsh at redhat.com" "sosreport SELinux Policy documentation"
++.SH "NAME"
++sosreport_selinux \- Security Enhanced Linux Policy for the sosreport processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sosreport processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sosreport_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sosreport_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sosreport policy is very flexible allowing users to setup their sosreport processes in as secure a method as possible.
++.PP
++The following file types are defined for sosreport:
++
++
++.EX
++.PP
++.B sosreport_exec_t
++.EE
++
++- Set files with the sosreport_exec_t type, if you want to transition an executable to the sosreport_t domain.
++
++
++.EX
++.PP
++.B sosreport_tmp_t
++.EE
++
++- Set files with the sosreport_tmp_t type, if you want to store sosreport temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B sosreport_tmpfs_t
++.EE
++
++- Set files with the sosreport_tmpfs_t type, if you want to store sosreport files on a tmpfs file system.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sosreport policy is very flexible allowing users to setup their sosreport processes in as secure a method as possible.
++.PP
++The following process types are defined for sosreport:
++
++.EX
++.B sosreport_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sosreport_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B abrt_var_cache_t
++
++ /var/cache/abrt(/.*)?
++.br
++ /var/spool/abrt(/.*)?
++.br
++ /var/cache/abrt-di(/.*)?
++.br
++
++.br
++.B abrt_var_run_t
++
++ /var/run/abrt(/.*)?
++.br
++ /var/run/abrtd?\.lock
++.br
++ /var/run/abrtd?\.socket
++.br
++ /var/run/abrt\.pid
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B sosreport_tmp_t
++
++ /.ismount-test-file
++.br
++
++.br
++.B sosreport_tmpfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/soundd_selinux.8 b/man/man8/soundd_selinux.8
+new file mode 100644
+index 0000000..87ab6a2
+--- /dev/null
++++ b/man/man8/soundd_selinux.8
+@@ -0,0 +1,185 @@
++.TH "soundd_selinux" "8" "soundd" "dwalsh at redhat.com" "soundd SELinux Policy documentation"
++.SH "NAME"
++soundd_selinux \- Security Enhanced Linux Policy for the soundd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the soundd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++.PP
++The following file types are defined for soundd:
++
++
++.EX
++.PP
++.B soundd_etc_t
++.EE
++
++- Set files with the soundd_etc_t type, if you want to store soundd files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/yiff(/.*)?, /etc/nas(/.*)?
++
++.EX
++.PP
++.B soundd_exec_t
++.EE
++
++- Set files with the soundd_exec_t type, if you want to transition an executable to the soundd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/gpe-soundserver, /usr/sbin/yiff, /usr/bin/nasd
++
++.EX
++.PP
++.B soundd_initrc_exec_t
++.EE
++
++- Set files with the soundd_initrc_exec_t type, if you want to transition an executable to the soundd_initrc_t domain.
++
++
++.EX
++.PP
++.B soundd_state_t
++.EE
++
++- Set files with the soundd_state_t type, if you want to treat the files as soundd state data.
++
++
++.EX
++.PP
++.B soundd_tmp_t
++.EE
++
++- Set files with the soundd_tmp_t type, if you want to store soundd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B soundd_tmpfs_t
++.EE
++
++- Set files with the soundd_tmpfs_t type, if you want to store soundd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B soundd_var_run_t
++.EE
++
++- Set files with the soundd_var_run_t type, if you want to store the soundd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/nasd(/.*)?, /var/run/yiff-[0-9]+\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++.PP
++The following port types are defined for soundd:
++
++.EX
++.TP 5
++.B soundd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 8000,9433,16001
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++.PP
++The following process types are defined for soundd:
++
++.EX
++.B soundd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type soundd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B soundd_state_t
++
++ /var/state/yiff(/.*)?
++.br
++
++.br
++.B soundd_tmp_t
++
++
++.br
++.B soundd_tmpfs_t
++
++
++.br
++.B soundd_var_run_t
++
++ /var/run/nasd(/.*)?
++.br
++ /var/run/yiff-[0-9]+\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/spamass_milter_selinux.8 b/man/man8/spamass_milter_selinux.8
+new file mode 100644
+index 0000000..8b878ba
+--- /dev/null
++++ b/man/man8/spamass_milter_selinux.8
+@@ -0,0 +1,123 @@
++.TH "spamass_milter_selinux" "8" "spamass_milter" "dwalsh at redhat.com" "spamass_milter SELinux Policy documentation"
++.SH "NAME"
++spamass_milter_selinux \- Security Enhanced Linux Policy for the spamass_milter processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the spamass_milter processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamass_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the spamass_milter_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux spamass_milter policy is very flexible allowing users to setup their spamass_milter processes in as secure a method as possible.
++.PP
++The following file types are defined for spamass_milter:
++
++
++.EX
++.PP
++.B spamass_milter_data_t
++.EE
++
++- Set files with the spamass_milter_data_t type, if you want to treat the files as spamass milter content.
++
++.br
++.TP 5
++Paths:
++/var/spool/postfix/spamass(/.*)?, /var/run/spamass(/.*)?, /var/run/spamass-milter\.pid, /var/run/spamass-milter(/.*)?
++
++.EX
++.PP
++.B spamass_milter_exec_t
++.EE
++
++- Set files with the spamass_milter_exec_t type, if you want to transition an executable to the spamass_milter_t domain.
++
++
++.EX
++.PP
++.B spamass_milter_state_t
++.EE
++
++- Set files with the spamass_milter_state_t type, if you want to treat the files as spamass milter state data.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux spamass_milter policy is very flexible allowing users to setup their spamass_milter processes in as secure a method as possible.
++.PP
++The following process types are defined for spamass_milter:
++
++.EX
++.B spamass_milter_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type spamass_milter_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B spamass_milter_data_t
++
++ /var/run/spamass(/.*)?
++.br
++ /var/run/spamass-milter(/.*)?
++.br
++ /var/spool/postfix/spamass(/.*)?
++.br
++ /var/run/spamass-milter\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), spamass_milter(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/spamc_selinux.8 b/man/man8/spamc_selinux.8
+new file mode 100644
+index 0000000..55fb70a
+--- /dev/null
++++ b/man/man8/spamc_selinux.8
+@@ -0,0 +1,145 @@
++.TH "spamc_selinux" "8" "spamc" "dwalsh at redhat.com" "spamc SELinux Policy documentation"
++.SH "NAME"
++spamc_selinux \- Security Enhanced Linux Policy for the spamc processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the spamc processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the spamc_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux spamc policy is very flexible allowing users to setup their spamc processes in as secure a method as possible.
++.PP
++The following file types are defined for spamc:
++
++
++.EX
++.PP
++.B spamc_exec_t
++.EE
++
++- Set files with the spamc_exec_t type, if you want to transition an executable to the spamc_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/pyzor, /usr/bin/spamc, /usr/bin/razor.*, /usr/bin/sa-learn, /usr/bin/spamassassin
++
++.EX
++.PP
++.B spamc_home_t
++.EE
++
++- Set files with the spamc_home_t type, if you want to store spamc files in the users home directory.
++
++.br
++.TP 5
++Paths:
++/root/\.spamd(/.*)?, /root/\.pyzor(/.*)?, /root/\.razor(/.*)?, /root/\.spamassassin(/.*)?
++
++.EX
++.PP
++.B spamc_tmp_t
++.EE
++
++- Set files with the spamc_tmp_t type, if you want to store spamc temporary files in the /tmp directories.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux spamc policy is very flexible allowing users to setup their spamc processes in as secure a method as possible.
++.PP
++The following process types are defined for spamc:
++
++.EX
++.B spamc_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type spamc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B spamass_milter_state_t
++
++ /var/lib/spamass-milter(/.*)?
++.br
++
++.br
++.B spamc_home_t
++
++ /root/\.pyzor(/.*)?
++.br
++ /root/\.spamd(/.*)?
++.br
++ /root/\.razor(/.*)?
++.br
++ /root/\.spamassassin(/.*)?
++.br
++ /home/[^/]*/\.pyzor(/.*)?
++.br
++ /home/[^/]*/\.spamd(/.*)?
++.br
++ /home/[^/]*/\.razor(/.*)?
++.br
++ /home/[^/]*/\.spamassassin(/.*)?
++.br
++
++.br
++.B spamc_tmp_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/spamd_selinux.8 b/man/man8/spamd_selinux.8
+new file mode 100644
+index 0000000..d12fcdc
+--- /dev/null
++++ b/man/man8/spamd_selinux.8
+@@ -0,0 +1,340 @@
++.TH "spamd_selinux" "8" "spamd" "dwalsh at redhat.com" "spamd SELinux Policy documentation"
++.SH "NAME"
++spamd_selinux \- Security Enhanced Linux Policy for the spamd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the spamd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. spamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run spamd with the tightest access possible.
++
++
++.PP
++If you want to allow user spamassassin clients to use the network, you must turn on the spamassassin_can_network boolean.
++
++.EX
++.B setsebool -P spamassassin_can_network 1
++.EE
++
++.PP
++If you want to allow spamd to read/write user home directories, you must turn on the spamd_enable_home_dirs boolean.
++
++.EX
++.B setsebool -P spamd_enable_home_dirs 1
++.EE
++
++.PP
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
++
++.EX
++.B setsebool -P httpd_can_check_spam 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamc_t, spamd_update_t, spamd_t, spamass_milter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the spamc_t, spamd_update_t, spamd_t, spamass_milter_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
++.PP
++The following file types are defined for spamd:
++
++
++.EX
++.PP
++.B spamd_compiled_t
++.EE
++
++- Set files with the spamd_compiled_t type, if you want to treat the files as spamd compiled data.
++
++
++.EX
++.PP
++.B spamd_etc_t
++.EE
++
++- Set files with the spamd_etc_t type, if you want to store spamd files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/pyzor(/.*)?, /etc/razor(/.*)?
++
++.EX
++.PP
++.B spamd_exec_t
++.EE
++
++- Set files with the spamd_exec_t type, if you want to transition an executable to the spamd_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/spampd, /usr/sbin/spamd, /usr/bin/mimedefang-multiplexor, /usr/bin/pyzord, /usr/bin/spamd, /usr/bin/mimedefang
++
++.EX
++.PP
++.B spamd_initrc_exec_t
++.EE
++
++- Set files with the spamd_initrc_exec_t type, if you want to transition an executable to the spamd_initrc_t domain.
++
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/spampd, /etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/mimedefang.*, /etc/rc\.d/init\.d/pyzord
++
++.EX
++.PP
++.B spamd_log_t
++.EE
++
++- Set files with the spamd_log_t type, if you want to treat the data as spamd log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/razor-agent\.log.*, /var/log/mimedefang, /var/log/pyzord\.log.*, /var/log/spamd\.log.*
++
++.EX
++.PP
++.B spamd_spool_t
++.EE
++
++- Set files with the spamd_spool_t type, if you want to store the spamd files under the /var/spool directory.
++
++.br
++.TP 5
++Paths:
++/var/spool/spamd(/.*)?, /var/spool/spamassassin(/.*)?, /var/spool/spampd(/.*)?
++
++.EX
++.PP
++.B spamd_tmp_t
++.EE
++
++- Set files with the spamd_tmp_t type, if you want to store spamd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B spamd_update_exec_t
++.EE
++
++- Set files with the spamd_update_exec_t type, if you want to transition an executable to the spamd_update_t domain.
++
++
++.EX
++.PP
++.B spamd_var_lib_t
++.EE
++
++- Set files with the spamd_var_lib_t type, if you want to store the spamd files under the /var/lib directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/spamassassin(/.*)?, /var/lib/razor(/.*)?, /var/lib/pyzord(/.*)?
++
++.EX
++.PP
++.B spamd_var_run_t
++.EE
++
++- Set files with the spamd_var_run_t type, if you want to store the spamd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/spamassassin(/.*)?, /var/spool/MIMEDefang(/.*)?, /var/spool/MD-Quarantine(/.*)?
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
++.PP
++The following port types are defined for spamd:
++
++.EX
++.TP 5
++.B spamd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 783,10026,10027
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
++.PP
++The following process types are defined for spamd:
++
++.EX
++.B spamc_t, spamd_t, spamd_update_t, spamass_milter_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type spamd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B amavis_var_lib_t
++
++ /var/amavis(/.*)?
++.br
++ /var/lib/amavis(/.*)?
++.br
++ /var/opt/f-secure(/.*)?
++.br
++
++.br
++.B exim_spool_t
++
++ /var/spool/exim[0-9]?(/.*)?
++.br
++
++.br
++.B spamass_milter_state_t
++
++ /var/lib/spamass-milter(/.*)?
++.br
++
++.br
++.B spamc_home_t
++
++ /root/\.pyzor(/.*)?
++.br
++ /root/\.spamd(/.*)?
++.br
++ /root/\.razor(/.*)?
++.br
++ /root/\.spamassassin(/.*)?
++.br
++ /home/[^/]*/\.pyzor(/.*)?
++.br
++ /home/[^/]*/\.spamd(/.*)?
++.br
++ /home/[^/]*/\.razor(/.*)?
++.br
++ /home/[^/]*/\.spamassassin(/.*)?
++.br
++
++.br
++.B spamd_compiled_t
++
++ /var/lib/spamassassin/compiled(/.*)?
++.br
++
++.br
++.B spamd_log_t
++
++ /var/log/spamd\.log.*
++.br
++ /var/log/pyzord\.log.*
++.br
++ /var/log/razor-agent\.log.*
++.br
++ /var/log/mimedefang
++.br
++
++.br
++.B spamd_spool_t
++
++ /var/spool/spamd(/.*)?
++.br
++ /var/spool/spampd(/.*)?
++.br
++ /var/spool/spamassassin(/.*)?
++.br
++
++.br
++.B spamd_tmp_t
++
++
++.br
++.B spamd_var_lib_t
++
++ /var/lib/razor(/.*)?
++.br
++ /var/lib/pyzord(/.*)?
++.br
++ /var/lib/spamassassin(/.*)?
++.br
++
++.br
++.B spamd_var_run_t
++
++ /var/run/spamassassin(/.*)?
++.br
++ /var/spool/MIMEDefang(/.*)?
++.br
++ /var/spool/MD-Quarantine(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), spamd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), spamass_milter_selinux(8), spamc_selinux(8), spamd_update_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/spamd_update_selinux.8 b/man/man8/spamd_update_selinux.8
+new file mode 100644
+index 0000000..bf8c132
+--- /dev/null
++++ b/man/man8/spamd_update_selinux.8
+@@ -0,0 +1,106 @@
++.TH "spamd_update_selinux" "8" "spamd_update" "dwalsh at redhat.com" "spamd_update SELinux Policy documentation"
++.SH "NAME"
++spamd_update_selinux \- Security Enhanced Linux Policy for the spamd_update processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the spamd_update processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamd_update_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the spamd_update_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux spamd_update policy is very flexible allowing users to setup their spamd_update processes in as secure a method as possible.
++.PP
++The following file types are defined for spamd_update:
++
++
++.EX
++.PP
++.B spamd_update_exec_t
++.EE
++
++- Set files with the spamd_update_exec_t type, if you want to transition an executable to the spamd_update_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux spamd_update policy is very flexible allowing users to setup their spamd_update processes in as secure a method as possible.
++.PP
++The following process types are defined for spamd_update:
++
++.EX
++.B spamd_update_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type spamd_update_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B spamd_tmp_t
++
++
++.br
++.B spamd_var_lib_t
++
++ /var/lib/razor(/.*)?
++.br
++ /var/lib/pyzord(/.*)?
++.br
++ /var/lib/spamassassin(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), spamd_update(8), semanage(8), restorecon(8), chcon(1)
++, spamd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/squid_cron_selinux.8 b/man/man8/squid_cron_selinux.8
+new file mode 100644
+index 0000000..f465ac5
+--- /dev/null
++++ b/man/man8/squid_cron_selinux.8
+@@ -0,0 +1,90 @@
++.TH "squid_cron_selinux" "8" "squid_cron" "dwalsh at redhat.com" "squid_cron SELinux Policy documentation"
++.SH "NAME"
++squid_cron_selinux \- Security Enhanced Linux Policy for the squid_cron processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the squid_cron processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux squid_cron policy is very flexible allowing users to setup their squid_cron processes in as secure a method as possible.
++.PP
++The following file types are defined for squid_cron:
++
++
++.EX
++.PP
++.B squid_cron_exec_t
++.EE
++
++- Set files with the squid_cron_exec_t type, if you want to transition an executable to the squid_cron_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux squid_cron policy is very flexible allowing users to setup their squid_cron processes in as secure a method as possible.
++.PP
++The following process types are defined for squid_cron:
++
++.EX
++.B squid_cron_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type squid_cron_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B squid_cache_t
++
++ /var/squidGuard(/.*)?
++.br
++ /var/lightsquid(/.*)?
++.br
++ /var/cache/squid(/.*)?
++.br
++ /var/spool/squid(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), squid_cron(8), semanage(8), restorecon(8), chcon(1)
++, squid_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/squid_selinux.8 b/man/man8/squid_selinux.8
+new file mode 100644
+index 0000000..3fbcfea
+--- /dev/null
++++ b/man/man8/squid_selinux.8
+@@ -0,0 +1,299 @@
++.TH "squid_selinux" "8" "squid" "dwalsh at redhat.com" "squid SELinux Policy documentation"
++.SH "NAME"
++squid_selinux \- Security Enhanced Linux Policy for the squid processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the squid processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. squid policy is extremely flexible and has several booleans that allow you to manipulate the policy and run squid with the tightest access possible.
++
++
++.PP
++If you want to allow squid to run as a transparent proxy (TPROXY), you must turn on the squid_use_tproxy boolean.
++
++.EX
++.B setsebool -P squid_use_tproxy 1
++.EE
++
++.PP
++If you want to allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the squid_connect_any boolean.
++
++.EX
++.B setsebool -P squid_connect_any 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the squid_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the squid_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
++.PP
++The following file types are defined for squid:
++
++
++.EX
++.PP
++.B squid_cache_t
++.EE
++
++- Set files with the squid_cache_t type, if you want to store the files under the /var/cache directory.
++
++.br
++.TP 5
++Paths:
++/var/lightsquid(/.*)?, /var/cache/squid(/.*)?, /var/spool/squid(/.*)?, /var/squidGuard(/.*)?
++
++.EX
++.PP
++.B squid_conf_t
++.EE
++
++- Set files with the squid_conf_t type, if you want to treat the files as squid configuration data, usually stored under the /etc directory.
++
++.br
++.TP 5
++Paths:
++/etc/lightsquid(/.*)?, /etc/squid(/.*)?, /usr/share/squid(/.*)?
++
++.EX
++.PP
++.B squid_cron_exec_t
++.EE
++
++- Set files with the squid_cron_exec_t type, if you want to transition an executable to the squid_cron_t domain.
++
++
++.EX
++.PP
++.B squid_exec_t
++.EE
++
++- Set files with the squid_exec_t type, if you want to transition an executable to the squid_t domain.
++
++
++.EX
++.PP
++.B squid_initrc_exec_t
++.EE
++
++- Set files with the squid_initrc_exec_t type, if you want to transition an executable to the squid_initrc_t domain.
++
++
++.EX
++.PP
++.B squid_log_t
++.EE
++
++- Set files with the squid_log_t type, if you want to treat the data as squid log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/squid(/.*)?, /var/log/squidGuard(/.*)?
++
++.EX
++.PP
++.B squid_tmp_t
++.EE
++
++- Set files with the squid_tmp_t type, if you want to store squid temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B squid_tmpfs_t
++.EE
++
++- Set files with the squid_tmpfs_t type, if you want to store squid files on a tmpfs file system.
++
++
++.EX
++.PP
++.B squid_var_run_t
++.EE
++
++- Set files with the squid_var_run_t type, if you want to store the squid files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
++.PP
++The following port types are defined for squid:
++
++.EX
++.TP 5
++.B squid_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 3128,3401,4827
++.EE
++udp 3401,4827
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
++.PP
++The following process types are defined for squid:
++
++.EX
++.B squid_t, squid_cron_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type squid_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B squid_cache_t
++
++ /var/squidGuard(/.*)?
++.br
++ /var/lightsquid(/.*)?
++.br
++ /var/cache/squid(/.*)?
++.br
++ /var/spool/squid(/.*)?
++.br
++
++.br
++.B squid_log_t
++
++ /var/log/squid(/.*)?
++.br
++ /var/log/squidGuard(/.*)?
++.br
++
++.br
++.B squid_tmp_t
++
++
++.br
++.B squid_tmpfs_t
++
++
++.br
++.B squid_var_run_t
++
++ /var/run/squid\.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), squid(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), squid_cron_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/srvsvcd_selinux.8 b/man/man8/srvsvcd_selinux.8
+new file mode 100644
+index 0000000..0bdd4d8
+--- /dev/null
++++ b/man/man8/srvsvcd_selinux.8
+@@ -0,0 +1,111 @@
++.TH "srvsvcd_selinux" "8" "srvsvcd" "dwalsh at redhat.com" "srvsvcd SELinux Policy documentation"
++.SH "NAME"
++srvsvcd_selinux \- Security Enhanced Linux Policy for the srvsvcd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the srvsvcd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux srvsvcd policy is very flexible allowing users to setup their srvsvcd processes in as secure a method as possible.
++.PP
++The following file types are defined for srvsvcd:
++
++
++.EX
++.PP
++.B srvsvcd_exec_t
++.EE
++
++- Set files with the srvsvcd_exec_t type, if you want to transition an executable to the srvsvcd_t domain.
++
++
++.EX
++.PP
++.B srvsvcd_var_lib_t
++.EE
++
++- Set files with the srvsvcd_var_lib_t type, if you want to store the srvsvcd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B srvsvcd_var_run_t
++.EE
++
++- Set files with the srvsvcd_var_run_t type, if you want to store the srvsvcd files under the /run directory.
++
++
++.EX
++.PP
++.B srvsvcd_var_socket_t
++.EE
++
++- Set files with the srvsvcd_var_socket_t type, if you want to treat the files as srvsvcd var socket data.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux srvsvcd policy is very flexible allowing users to setup their srvsvcd processes in as secure a method as possible.
++.PP
++The following process types are defined for srvsvcd:
++
++.EX
++.B srvsvcd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type srvsvcd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B srvsvcd_var_lib_t
++
++
++.br
++.B srvsvcd_var_run_t
++
++ /var/run/srvsvcd.pid
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ssh_keygen_selinux.8 b/man/man8/ssh_keygen_selinux.8
+new file mode 100644
+index 0000000..20dbef6
+--- /dev/null
++++ b/man/man8/ssh_keygen_selinux.8
+@@ -0,0 +1,132 @@
++.TH "ssh_keygen_selinux" "8" "ssh_keygen" "dwalsh at redhat.com" "ssh_keygen SELinux Policy documentation"
++.SH "NAME"
++ssh_keygen_selinux \- Security Enhanced Linux Policy for the ssh_keygen processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ssh_keygen processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ssh_keygen_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ssh_keygen_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ssh_keygen policy is very flexible allowing users to setup their ssh_keygen processes in as secure a method as possible.
++.PP
++The following file types are defined for ssh_keygen:
++
++
++.EX
++.PP
++.B ssh_keygen_exec_t
++.EE
++
++- Set files with the ssh_keygen_exec_t type, if you want to transition an executable to the ssh_keygen_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ssh_keygen policy is very flexible allowing users to setup their ssh_keygen processes in as secure a method as possible.
++.PP
++The following process types are defined for ssh_keygen:
++
++.EX
++.B ssh_keygen_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ssh_keygen_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
++
++.br
++.B sshd_key_t
++
++ /etc/ssh/ssh_host_key.pub
++.br
++ /etc/ssh/ssh_host_dsa_key.pub
++.br
++ /etc/ssh/ssh_host_rsa_key.pub
++.br
++ /etc/ssh/primes
++.br
++ /etc/ssh/ssh_host_key
++.br
++ /etc/ssh/ssh_host_dsa_key
++.br
++ /etc/ssh/ssh_host_rsa_key
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ssh_keygen(8), semanage(8), restorecon(8), chcon(1)
++, ssh_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ssh_keysign_selinux.8 b/man/man8/ssh_keysign_selinux.8
+new file mode 100644
+index 0000000..931ff5a
+--- /dev/null
++++ b/man/man8/ssh_keysign_selinux.8
+@@ -0,0 +1,92 @@
++.TH "ssh_keysign_selinux" "8" "ssh_keysign" "dwalsh at redhat.com" "ssh_keysign SELinux Policy documentation"
++.SH "NAME"
++ssh_keysign_selinux \- Security Enhanced Linux Policy for the ssh_keysign processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ssh_keysign processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. ssh_keysign policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ssh_keysign with the tightest access possible.
++
++
++.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ssh_keysign policy is very flexible allowing users to setup their ssh_keysign processes in as secure a method as possible.
++.PP
++The following file types are defined for ssh_keysign:
++
++
++.EX
++.PP
++.B ssh_keysign_exec_t
++.EE
++
++- Set files with the ssh_keysign_exec_t type, if you want to transition an executable to the ssh_keysign_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ssh_keysign policy is very flexible allowing users to setup their ssh_keysign processes in as secure a method as possible.
++.PP
++The following process types are defined for ssh_keysign:
++
++.EX
++.B ssh_keysign_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ssh_keysign_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ssh_keysign(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), ssh_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/ssh_selinux.8 b/man/man8/ssh_selinux.8
+new file mode 100644
+index 0000000..32088d6
+--- /dev/null
++++ b/man/man8/ssh_selinux.8
+@@ -0,0 +1,322 @@
++.TH "ssh_selinux" "8" "ssh" "dwalsh at redhat.com" "ssh SELinux Policy documentation"
++.SH "NAME"
++ssh_selinux \- Security Enhanced Linux Policy for the ssh processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ssh processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. ssh policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ssh with the tightest access possible.
++
++
++.PP
++If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
++
++.EX
++.B setsebool -P ssh_chroot_rw_homedirs 1
++.EE
++
++.PP
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++
++.EX
++.B setsebool -P sftpd_write_ssh_home 1
++.EE
++
++.PP
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
++.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
++.PP
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++
++.EX
++.B setsebool -P fenced_can_ssh 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++.PP
++The following file types are defined for ssh:
++
++
++.EX
++.PP
++.B ssh_agent_exec_t
++.EE
++
++- Set files with the ssh_agent_exec_t type, if you want to transition an executable to the ssh_agent_t domain.
++
++
++.EX
++.PP
++.B ssh_agent_tmp_t
++.EE
++
++- Set files with the ssh_agent_tmp_t type, if you want to store ssh agent temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B ssh_exec_t
++.EE
++
++- Set files with the ssh_exec_t type, if you want to transition an executable to the ssh_t domain.
++
++
++.EX
++.PP
++.B ssh_home_t
++.EE
++
++- Set files with the ssh_home_t type, if you want to store ssh files in the users home directory.
++
++.br
++.TP 5
++Paths:
++/var/lib/nocpulse/\.ssh(/.*)?, /var/lib/gitolite/\.ssh(/.*)?, /root/\.shosts, /var/lib/amanda/\.ssh(/.*)?, /var/lib/gitolite3/\.ssh(/.*)?, /var/lib/stickshift/[^/]+/\.ssh(/.*)?, /root/\.ssh(/.*)?
++
++.EX
++.PP
++.B ssh_keygen_exec_t
++.EE
++
++- Set files with the ssh_keygen_exec_t type, if you want to transition an executable to the ssh_keygen_t domain.
++
++
++.EX
++.PP
++.B ssh_keysign_exec_t
++.EE
++
++- Set files with the ssh_keysign_exec_t type, if you want to transition an executable to the ssh_keysign_t domain.
++
++
++.EX
++.PP
++.B ssh_tmpfs_t
++.EE
++
++- Set files with the ssh_tmpfs_t type, if you want to store ssh files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sshd_exec_t
++.EE
++
++- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain.
++
++
++.EX
++.PP
++.B sshd_initrc_exec_t
++.EE
++
++- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain.
++
++
++.EX
++.PP
++.B sshd_key_t
++.EE
++
++- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
++
++.br
++.TP 5
++Paths:
++/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
++
++.EX
++.PP
++.B sshd_keytab_t
++.EE
++
++- Set files with the sshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B sshd_tmpfs_t
++.EE
++
++- Set files with the sshd_tmpfs_t type, if you want to store sshd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sshd_var_run_t
++.EE
++
++- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/sshd\.pid, /var/run/sshd\.init\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++.PP
++The following port types are defined for ssh:
++
++.EX
++.TP 5
++.B ssh_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 22
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++.PP
++The following process types are defined for ssh:
++
++.EX
++.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type ssh_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
++
++.br
++.B ssh_tmpfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), ssh(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), ssh_keygen_selinux(8), ssh_keysign_selinux(8), sshd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/sshd_selinux.8 b/man/man8/sshd_selinux.8
+new file mode 100644
+index 0000000..46c1f08
+--- /dev/null
++++ b/man/man8/sshd_selinux.8
+@@ -0,0 +1,424 @@
++.TH "sshd_selinux" "8" "sshd" "dwalsh at redhat.com" "sshd SELinux Policy documentation"
++.SH "NAME"
++sshd_selinux \- Security Enhanced Linux Policy for the sshd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sshd processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sshd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sshd with the tightest access possible.
++
++
++.PP
++If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
++
++.EX
++.B setsebool -P ssh_chroot_rw_homedirs 1
++.EE
++
++.PP
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++
++.EX
++.B setsebool -P sftpd_write_ssh_home 1
++.EE
++
++.PP
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
++.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
++.PP
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++
++.EX
++.B setsebool -P fenced_can_ssh 1
++.EE
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
++.PP
++The following file types are defined for sshd:
++
++
++.EX
++.PP
++.B sshd_exec_t
++.EE
++
++- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain.
++
++
++.EX
++.PP
++.B sshd_initrc_exec_t
++.EE
++
++- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain.
++
++
++.EX
++.PP
++.B sshd_key_t
++.EE
++
++- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
++
++.br
++.TP 5
++Paths:
++/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
++
++.EX
++.PP
++.B sshd_keytab_t
++.EE
++
++- Set files with the sshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B sshd_tmpfs_t
++.EE
++
++- Set files with the sshd_tmpfs_t type, if you want to store sshd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B sshd_var_run_t
++.EE
++
++- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/sshd\.pid, /var/run/sshd\.init\.pid
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
++.PP
++The following port types are defined for sshd:
++
++.EX
++.TP 5
++.B ssh_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 22
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
++.PP
++The following process types are defined for sshd:
++
++.EX
++.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type sshd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B auth_home_t
++
++ /root/\.google_authenticator
++.br
++ /root/\.google_authenticator~
++.br
++ /home/[^/]*/\.google_authenticator
++.br
++ /home/[^/]*/\.google_authenticator~
++.br
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B condor_var_lib_t
++
++ /var/lib/condor(/.*)?
++.br
++ /var/lib/condor/spool(/.*)?
++.br
++ /var/lib/condor/execute(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B gitosis_var_lib_t
++
++ /var/lib/gitosis(/.*)?
++.br
++ /var/lib/gitolite(3)?(/.*)?
++.br
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B openshift_tmp_t
++
++ /var/lib/stickshift/.*/\.tmp(/.*)?
++.br
++ /var/lib/stickshift/.*/\.sandbox(/.*)?
++.br
++
++.br
++.B pam_var_run_t
++
++ /var/(db|lib|adm)/sudo(/.*)?
++.br
++ /var/run/sudo(/.*)?
++.br
++ /var/run/sepermit(/.*)?
++.br
++ /var/run/pam_mount(/.*)?
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B ssh_home_t
++
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
++
++.br
++.B sshd_tmpfs_t
++
++
++.br
++.B sshd_var_run_t
++
++ /var/run/sshd\.pid
++.br
++ /var/run/sshd\.init\.pid
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sshd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), ssh_selinux(8), ssh_selinux(8), ssh_keygen_selinux(8), ssh_keysign_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/sssd_selinux.8 b/man/man8/sssd_selinux.8
+new file mode 100644
+index 0000000..b685521
+--- /dev/null
++++ b/man/man8/sssd_selinux.8
+@@ -0,0 +1,241 @@
++.TH "sssd_selinux" "8" "sssd" "dwalsh at redhat.com" "sssd SELinux Policy documentation"
++.SH "NAME"
++sssd_selinux \- Security Enhanced Linux Policy for the sssd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the sssd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sssd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sssd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux sssd policy is very flexible allowing users to setup their sssd processes in as secure a method as possible.
++.PP
++The following file types are defined for sssd:
++
++
++.EX
++.PP
++.B sssd_conf_t
++.EE
++
++- Set files with the sssd_conf_t type, if you want to treat the files as sssd configuration data, usually stored under the /etc directory.
++
++
++.EX
++.PP
++.B sssd_exec_t
++.EE
++
++- Set files with the sssd_exec_t type, if you want to transition an executable to the sssd_t domain.
++
++
++.EX
++.PP
++.B sssd_initrc_exec_t
++.EE
++
++- Set files with the sssd_initrc_exec_t type, if you want to transition an executable to the sssd_initrc_t domain.
++
++
++.EX
++.PP
++.B sssd_public_t
++.EE
++
++- Set files with the sssd_public_t type, if you want to treat the files as sssd public data.
++
++.br
++.TP 5
++Paths:
++/var/lib/sss/mc(/.*)?, /var/lib/sss/pubconf(/.*)?
+
+.EX
-+.B showmount_t
++.PP
++.B sssd_var_lib_t
++.EE
++
++- Set files with the sssd_var_lib_t type, if you want to store the sssd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B sssd_var_log_t
++.EE
++
++- Set files with the sssd_var_log_t type, if you want to treat the data as sssd var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B sssd_var_run_t
++.EE
++
++- Set files with the sssd_var_run_t type, if you want to store the sssd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sssd policy is very flexible allowing users to setup their sssd processes in as secure a method as possible.
++.PP
++The following process types are defined for sssd:
++
++.EX
++.B sssd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type sssd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B selinux_login_config_t
++
++ /etc/selinux/([^/]*/)?logins(/.*)?
++.br
++
++.br
++.B sssd_public_t
++
++ /var/lib/sss/mc(/.*)?
++.br
++ /var/lib/sss/pubconf(/.*)?
++.br
++
++.br
++.B sssd_var_lib_t
++
++ /var/lib/sss(/.*)?
++.br
++
++.br
++.B sssd_var_log_t
++
++ /var/log/sssd(/.*)?
++.br
++
++.br
++.B sssd_var_run_t
++
++ /var/run/sssd.pid
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/staff_selinux.8 b/man/man8/staff_selinux.8
+new file mode 100644
+index 0000000..e84d243
+--- /dev/null
++++ b/man/man8/staff_selinux.8
+@@ -0,0 +1,504 @@
++.TH "staff_selinux" "8" "staff" "mgrepl at redhat.com" "staff SELinux Policy documentation"
++.SH "NAME"
++staff_u \- \fBAdministrator's unprivileged user\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBstaff_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBstaff_r\fP. The
++default role has a default type, \fBstaff_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B staff_u:staff_r:staff_t:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the staff_u user, you would execute:
++
++.B semanage login -m -s staff_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user staff, you would execute:
++
++.B $ semanage login -a -s staff_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user staff_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux user staff can execute sudo.
++
++You can set up sudo to allow staff to transition to an administrative domain:
++
++Add one or more of the following record to sudoers using visudo.
++
++
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=sysadm_r TYPE=sysadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:sysadm_r:sysadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
++.br
++sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++The SELinux type staff_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user staff_u is able to X Windows login.
++
++.SH NETWORK
++
++.TP
++The SELinux user staff_u is able to listen on the following tcp ports.
++
++.B xserver_port_t: 6000-6020
++
++.TP
++The SELinux user staff_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.TP
++The SELinux user staff_u is able to listen on the following udp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user staff_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. staff policy is extremely flexible and has several booleans that allow you to manipulate the policy and run staff with the tightest access possible.
++
++
++.PP
++If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
++
++.EX
++.B setsebool -P staff_use_svirt 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user staff_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when staff_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny staff_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow staff_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user staff_t can execute without transitioning:
++
++.B sesearch -A -s staff_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow staff_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user staff_t can execute and transition:
++
++.B $ sesearch -A -s staff_t -c process -p transition
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type staff_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B bluetooth_helper_tmp_t
++
++
++.br
++.B bluetooth_helper_tmpfs_t
++
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B chrome_sandbox_tmpfs_t
++
++
++.br
++.B games_data_t
++
++ /var/games(/.*)?
++.br
++ /var/lib/games(/.*)?
++.br
++
++.br
++.B gpg_agent_tmp_t
++
++ /home/[^/]*/\.gnupg/log-socket
++.br
++
++.br
++.B httpd_user_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.+)?
++.br
++
++.br
++.B httpd_user_htaccess_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/\.htaccess
++.br
++
++.br
++.B httpd_user_ra_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/logs(/.*)?
++.br
++
++.br
++.B httpd_user_rw_content_t
++
++
++.br
++.B httpd_user_script_exec_t
++
++ /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?
++.br
++
++.br
++.B iceauth_home_t
++
++ /root/\.DCOP.*
++.br
++ /root/\.ICEauthority.*
++.br
++ /home/[^/]*/\.DCOP.*
++.br
++ /home/[^/]*/\.ICEauthority.*
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B mqueue_spool_t
++
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
++
++.br
++.B nfsd_rw_t
++
++
++.br
++.B noxattrfs
++
++ all files on file systems which do not support extended attributes
++.br
++
++.br
++.B sandbox_file_t
++
++
++.br
++.B sandbox_tmpfs_type
++
++ all sandbox content in tmpfs file systems
++.br
++
++.br
++.B screen_home_t
++
++ /root/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screenrc
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B usbfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_fonts_t
++
++ /root/\.fonts(/.*)?
++.br
++ /tmp/\.font-unix(/.*)?
++.br
++ /home/[^/]*/\.fonts(/.*)?
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
++
++.br
++.B virt_image_type
++
++ all virtual image files
++.br
++
++.br
++.B xauth_home_t
++
++ /root/\.xauth.*
++.br
++ /root/\.Xauth.*
++.br
++ /root/\.serverauth.*
++.br
++ /root/\.Xauthority.*
++.br
++ /var/lib/pqsql/\.xauth.*
++.br
++ /var/lib/pqsql/\.Xauthority.*
++.br
++ /var/lib/nxserver/home/\.xauth.*
++.br
++ /var/lib/nxserver/home/\.Xauthority.*
++.br
++ /home/[^/]*/\.xauth.*
++.br
++ /home/[^/]*/\.Xauth.*
++.br
++ /home/[^/]*/\.serverauth.*
++.br
++ /home/[^/]*/\.Xauthority.*
++.br
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.br
++.B xserver_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47810,54 +81705,48 @@ index 0000000..b7b79e9
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/shutdown_selinux.8 b/man/man8/shutdown_selinux.8
++selinux(8), staff(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/stapserver_selinux.8 b/man/man8/stapserver_selinux.8
new file mode 100644
-index 0000000..36a3b8d
+index 0000000..8836267
--- /dev/null
-+++ b/man/man8/shutdown_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "shutdown_selinux" "8" "shutdown" "dwalsh at redhat.com" "shutdown SELinux Policy documentation"
++++ b/man/man8/stapserver_selinux.8
+@@ -0,0 +1,133 @@
++.TH "stapserver_selinux" "8" "stapserver" "dwalsh at redhat.com" "stapserver SELinux Policy documentation"
+.SH "NAME"
-+shutdown_selinux \- Security Enhanced Linux Policy for the shutdown processes
++stapserver_selinux \- Security Enhanced Linux Policy for the stapserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the shutdown processes via flexible mandatory access
++Security-Enhanced Linux secures the stapserver processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. shutdown policy is extremely flexible and has several booleans that allow you to manipulate the policy and run shutdown with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
-+
-+.EX
-+.B setsebool -P httpd_graceful_shutdown 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the shutdown_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the stapserver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the shutdown_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the stapserver_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47866,37 +81755,41 @@ index 0000000..36a3b8d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux shutdown policy is very flexible allowing users to setup their shutdown processes in as secure a method as possible.
++SELinux stapserver policy is very flexible allowing users to setup their stapserver processes in as secure a method as possible.
+.PP
-+The following file types are defined for shutdown:
++The following file types are defined for stapserver:
+
+
+.EX
+.PP
-+.B shutdown_etc_t
++.B stapserver_exec_t
+.EE
+
-+- Set files with the shutdown_etc_t type, if you want to store shutdown files in the /etc directories.
++- Set files with the stapserver_exec_t type, if you want to transition an executable to the stapserver_t domain.
+
+
+.EX
+.PP
-+.B shutdown_exec_t
++.B stapserver_log_t
+.EE
+
-+- Set files with the shutdown_exec_t type, if you want to transition an executable to the shutdown_t domain.
++- Set files with the stapserver_log_t type, if you want to treat the data as stapserver log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/shutdown, /usr/sbin/shutdown, /usr/lib/upstart/shutdown, /lib/upstart/shutdown
+
+.EX
+.PP
-+.B shutdown_var_run_t
++.B stapserver_var_lib_t
+.EE
+
-+- Set files with the shutdown_var_run_t type, if you want to store the shutdown files under the /run directory.
++- Set files with the stapserver_var_lib_t type, if you want to store the stapserver files under the /var/lib directory.
++
++
++.EX
++.PP
++.B stapserver_var_run_t
++.EE
++
++- Set files with the stapserver_var_run_t type, if you want to store the stapserver files under the /run directory.
+
+
+.PP
@@ -47912,18 +81805,40 @@ index 0000000..36a3b8d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux shutdown policy is very flexible allowing users to setup their shutdown processes in as secure a method as possible.
++SELinux stapserver policy is very flexible allowing users to setup their stapserver processes in as secure a method as possible.
+.PP
-+The following process types are defined for shutdown:
++The following process types are defined for stapserver:
+
+.EX
-+.B shutdown_t
++.B stapserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type stapserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B stapserver_log_t
++
++ /var/log/stap-server(/.*)?
++.br
++
++.br
++.B stapserver_var_lib_t
++
++ /var/lib/stap-server(/.*)?
++.br
++
++.br
++.B stapserver_var_run_t
++
++ /var/run/stap-server(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -47934,48 +81849,43 @@ index 0000000..36a3b8d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/slapd_selinux.8 b/man/man8/slapd_selinux.8
++selinux(8), stapserver(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/stunnel_selinux.8 b/man/man8/stunnel_selinux.8
new file mode 100644
-index 0000000..12c5b4c
+index 0000000..120490d
--- /dev/null
-+++ b/man/man8/slapd_selinux.8
-@@ -0,0 +1,191 @@
-+.TH "slapd_selinux" "8" "slapd" "dwalsh at redhat.com" "slapd SELinux Policy documentation"
++++ b/man/man8/stunnel_selinux.8
+@@ -0,0 +1,151 @@
++.TH "stunnel_selinux" "8" "stunnel" "dwalsh at redhat.com" "stunnel SELinux Policy documentation"
+.SH "NAME"
-+slapd_selinux \- Security Enhanced Linux Policy for the slapd processes
++stunnel_selinux \- Security Enhanced Linux Policy for the stunnel processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the slapd processes via flexible mandatory access
++Security-Enhanced Linux secures the stunnel processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the slapd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the stunnel_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the slapd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the stunnel_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -47984,129 +81894,72 @@ index 0000000..12c5b4c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux slapd policy is very flexible allowing users to setup their slapd processes in as secure a method as possible.
++SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
+.PP
-+The following file types are defined for slapd:
++The following file types are defined for stunnel:
+
+
+.EX
+.PP
-+.B slapd_cert_t
++.B stunnel_etc_t
+.EE
+
-+- Set files with the slapd_cert_t type, if you want to treat the files as slapd certificate data.
++- Set files with the stunnel_etc_t type, if you want to store stunnel files in the /etc directories.
+
+
+.EX
+.PP
-+.B slapd_db_t
++.B stunnel_exec_t
+.EE
+
-+- Set files with the slapd_db_t type, if you want to treat the files as slapd database content.
++- Set files with the stunnel_exec_t type, if you want to transition an executable to the stunnel_t domain.
+
+.br
+.TP 5
+Paths:
-+/etc/openldap/slapd\.d(/.*)?, /var/lib/ldap(/.*)?
-+
-+.EX
-+.PP
-+.B slapd_etc_t
-+.EE
-+
-+- Set files with the slapd_etc_t type, if you want to store slapd files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B slapd_exec_t
-+.EE
-+
-+- Set files with the slapd_exec_t type, if you want to transition an executable to the slapd_t domain.
-+
-+
-+.EX
-+.PP
-+.B slapd_initrc_exec_t
-+.EE
-+
-+- Set files with the slapd_initrc_exec_t type, if you want to transition an executable to the slapd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B slapd_keytab_t
-+.EE
-+
-+- Set files with the slapd_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
-+
-+.EX
-+.PP
-+.B slapd_lock_t
-+.EE
-+
-+- Set files with the slapd_lock_t type, if you want to treat the files as slapd lock data, stored under the /var/lock directory
-+
++/usr/sbin/stunnel, /usr/bin/stunnel
+
+.EX
+.PP
-+.B slapd_log_t
++.B stunnel_tmp_t
+.EE
+
-+- Set files with the slapd_log_t type, if you want to treat the data as slapd log data, usually stored under the /var/log directory.
++- Set files with the stunnel_tmp_t type, if you want to store stunnel temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B slapd_replog_t
++.B stunnel_var_run_t
+.EE
+
-+- Set files with the slapd_replog_t type, if you want to treat the files as slapd replog data.
++- Set files with the stunnel_var_run_t type, if you want to store the stunnel files under the /run directory.
+
+
-+.EX
+.PP
-+.B slapd_tmp_t
-+.EE
-+
-+- Set files with the slapd_tmp_t type, if you want to store slapd temporary files in the /tmp directories.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+.B slapd_tmpfs_t
-+.EE
-+
-+- Set files with the slapd_tmpfs_t type, if you want to store slapd files on a tmpfs file system.
++You can see the types associated with a port by using the following command:
+
++.B semanage port -l
+
-+.EX
+.PP
-+.B slapd_unit_file_t
-+.EE
-+
-+- Set files with the slapd_unit_file_t type, if you want to treat the files as slapd unit content.
-+
++Policy governs the access confined processes have to these ports.
++SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
++.PP
++The following port types are defined for stunnel:
+
+.EX
-+.PP
-+.B slapd_var_run_t
-+.EE
-+
-+- Set files with the slapd_var_run_t type, if you want to store the slapd files under the /run directory.
-+
-+.br
+.TP 5
-+Paths:
-+/var/run/slapd\.args, /var/run/openldap(/.*)?, /var/run/slapd\.pid, /var/run/ldapi, /var/run/slapd.*
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.B stunnel_port_t
++.TP 10
++.EE
+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -48114,18 +81967,32 @@ index 0000000..12c5b4c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux slapd policy is very flexible allowing users to setup their slapd processes in as secure a method as possible.
++SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
+.PP
-+The following process types are defined for slapd:
++The following process types are defined for stunnel:
+
+.EX
-+.B slapd_t
++.B stunnel_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type stunnel_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B stunnel_tmp_t
++
++
++.br
++.B stunnel_var_run_t
++
++ /var/run/stunnel(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48136,49 +82003,70 @@ index 0000000..12c5b4c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/smbcontrol_selinux.8 b/man/man8/smbcontrol_selinux.8
++selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sulogin_selinux.8 b/man/man8/sulogin_selinux.8
new file mode 100644
-index 0000000..7f6ce1e
+index 0000000..915dc79
--- /dev/null
-+++ b/man/man8/smbcontrol_selinux.8
-@@ -0,0 +1,73 @@
-+.TH "smbcontrol_selinux" "8" "smbcontrol" "dwalsh at redhat.com" "smbcontrol SELinux Policy documentation"
++++ b/man/man8/sulogin_selinux.8
+@@ -0,0 +1,101 @@
++.TH "sulogin_selinux" "8" "sulogin" "dwalsh at redhat.com" "sulogin SELinux Policy documentation"
+.SH "NAME"
-+smbcontrol_selinux \- Security Enhanced Linux Policy for the smbcontrol processes
++sulogin_selinux \- Security Enhanced Linux Policy for the sulogin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbcontrol processes via flexible mandatory access
++Security-Enhanced Linux secures the sulogin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sulogin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sulogin_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux smbcontrol policy is very flexible allowing users to setup their smbcontrol processes in as secure a method as possible.
++SELinux sulogin policy is very flexible allowing users to setup their sulogin processes in as secure a method as possible.
+.PP
-+The following file types are defined for smbcontrol:
++The following file types are defined for sulogin:
+
+
+.EX
+.PP
-+.B smbcontrol_exec_t
++.B sulogin_exec_t
+.EE
+
-+- Set files with the smbcontrol_exec_t type, if you want to transition an executable to the smbcontrol_t domain.
++- Set files with the sulogin_exec_t type, if you want to transition an executable to the sulogin_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48193,18 +82081,28 @@ index 0000000..7f6ce1e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux smbcontrol policy is very flexible allowing users to setup their smbcontrol processes in as secure a method as possible.
++SELinux sulogin policy is very flexible allowing users to setup their sulogin processes in as secure a method as possible.
+.PP
-+The following process types are defined for smbcontrol:
++The following process types are defined for sulogin:
+
+.EX
-+.B smbcontrol_t
++.B sulogin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type sulogin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B security_t
++
++ /selinux
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48220,112 +82118,44 @@ index 0000000..7f6ce1e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/smbd_selinux.8 b/man/man8/smbd_selinux.8
++selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/svc_multilog_selinux.8 b/man/man8/svc_multilog_selinux.8
new file mode 100644
-index 0000000..3dfbd74
+index 0000000..4c3b5f0
--- /dev/null
-+++ b/man/man8/smbd_selinux.8
-@@ -0,0 +1,167 @@
-+.TH "smbd_selinux" "8" "smbd" "dwalsh at redhat.com" "smbd SELinux Policy documentation"
++++ b/man/man8/svc_multilog_selinux.8
+@@ -0,0 +1,145 @@
++.TH "svc_multilog_selinux" "8" "svc_multilog" "dwalsh at redhat.com" "svc_multilog SELinux Policy documentation"
+.SH "NAME"
-+smbd_selinux \- Security Enhanced Linux Policy for the smbd processes
++svc_multilog_selinux \- Security Enhanced Linux Policy for the svc_multilog processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbd processes via flexible mandatory access
++Security-Enhanced Linux secures the svc_multilog processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smbmount_t, smbd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the smbmount_t, smbd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow smbd servers to read the /var/smbd directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/smbd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/smbd
-+.pp
-+.TP
-+Allow smbd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_smbdd_anon_write boolean to be set.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/smbd/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/smbd/incoming
-+
-+
-+.PP
-+If you want to allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the smbd_anon_write boolean.
-+
-+.EX
-+.B setsebool -P smbd_anon_write 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
++SELinux svc_multilog policy is very flexible allowing users to setup their svc_multilog processes in as secure a method as possible.
+.PP
-+The following file types are defined for smbd:
-+
-+
-+.EX
-+.PP
-+.B smbd_exec_t
-+.EE
-+
-+- Set files with the smbd_exec_t type, if you want to transition an executable to the smbd_t domain.
-+
-+
-+.EX
-+.PP
-+.B smbd_keytab_t
-+.EE
-+
-+- Set files with the smbd_keytab_t type, if you want to treat the files as kerberos keytab files.
-+
-+
-+.EX
-+.PP
-+.B smbd_tmp_t
-+.EE
-+
-+- Set files with the smbd_tmp_t type, if you want to store smbd temporary files in the /tmp directories.
++The following file types are defined for svc_multilog:
+
+
+.EX
+.PP
-+.B smbd_var_run_t
++.B svc_multilog_exec_t
+.EE
+
-+- Set files with the smbd_var_run_t type, if you want to store the smbd files under the /run directory.
++- Set files with the svc_multilog_exec_t type, if you want to transition an executable to the svc_multilog_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/samba/gencache\.tdb, /var/run/samba/share_info\.tdb, /var/run/samba(/.*)?, /var/run/samba/locking\.tdb, /var/run/samba/connections\.tdb, /var/run/samba/smbd\.pid, /var/run/samba/sessionid\.tdb, /var/run/samba/brlock\.tdb
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48334,47 +82164,96 @@ index 0000000..3dfbd74
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for smbd:
-+
-+.EX
-+.TP 5
-+.B smbd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 137-139,445
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible.
++SELinux svc_multilog policy is very flexible allowing users to setup their svc_multilog processes in as secure a method as possible.
+.PP
-+The following process types are defined for smbd:
++The following process types are defined for svc_multilog:
+
+.EX
-+.B smbcontrol_t, smbmount_t, smbd_t
++.B svc_multilog_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type svc_multilog_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B svc_svc_t
++
++ /service/.*
++.br
++ /var/axfrdns(/.*)?
++.br
++ /var/tinydns(/.*)?
++.br
++ /var/service/.*
++.br
++ /var/dnscache(/.*)?
++.br
++ /var/qmail/supervise(/.*)?
++.br
++ /service
++.br
++
++.br
++.B var_log_t
++
++ /var/log/.*
++.br
++ /nsr/logs(/.*)?
++.br
++ /var/webmin(/.*)?
++.br
++ /var/log/cron[^/]*
++.br
++ /var/log/secure[^/]*
++.br
++ /opt/zimbra/log(/.*)?
++.br
++ /var/log/maillog[^/]*
++.br
++ /var/log/spooler[^/]*
++.br
++ /var/log/messages[^/]*
++.br
++ /usr/centreon/log(/.*)?
++.br
++ /var/spool/rsyslog(/.*)?
++.br
++ /var/axfrdns/log/main(/.*)?
++.br
++ /var/spool/bacula/log(/.*)?
++.br
++ /var/tinydns/log/main(/.*)?
++.br
++ /var/dnscache/log/main(/.*)?
++.br
++ /var/stockmaniac/templates_cache(/.*)?
++.br
++ /opt/Symantec/scspagent/IDS/system(/.*)?
++.br
++ /var/log
++.br
++ /var/log/dmesg
++.br
++ /var/log/syslog
++.br
++ /var/log/boot\.log
++.br
++ /var/named/chroot/var/log
++.br
++ /var/spool/plymouth/boot\.log
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48385,70 +82264,53 @@ index 0000000..3dfbd74
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/smbmount_selinux.8 b/man/man8/smbmount_selinux.8
++selinux(8), svc_multilog(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/svc_run_selinux.8 b/man/man8/svc_run_selinux.8
new file mode 100644
-index 0000000..360ca80
+index 0000000..9a57aee
--- /dev/null
-+++ b/man/man8/smbmount_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "smbmount_selinux" "8" "smbmount" "dwalsh at redhat.com" "smbmount SELinux Policy documentation"
++++ b/man/man8/svc_run_selinux.8
+@@ -0,0 +1,81 @@
++.TH "svc_run_selinux" "8" "svc_run" "dwalsh at redhat.com" "svc_run SELinux Policy documentation"
+.SH "NAME"
-+smbmount_selinux \- Security Enhanced Linux Policy for the smbmount processes
++svc_run_selinux \- Security Enhanced Linux Policy for the svc_run processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbmount processes via flexible mandatory access
++Security-Enhanced Linux secures the svc_run processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smbmount_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the smbmount_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux smbmount policy is very flexible allowing users to setup their smbmount processes in as secure a method as possible.
++SELinux svc_run policy is very flexible allowing users to setup their svc_run processes in as secure a method as possible.
+.PP
-+The following file types are defined for smbmount:
++The following file types are defined for svc_run:
+
+
+.EX
+.PP
-+.B smbmount_exec_t
++.B svc_run_exec_t
+.EE
+
-+- Set files with the smbmount_exec_t type, if you want to transition an executable to the smbmount_t domain.
++- Set files with the svc_run_exec_t type, if you want to transition an executable to the svc_run_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/smbmnt, /usr/bin/smbmount
++/var/tinydns/run, /var/dnscache/log/run, /var/qmail/supervise/.*/run, /var/axfrdns/log/run, /usr/bin/setuidgid, /usr/bin/fghack, /var/tinydns/log/run, /var/service/.*/log/run, /var/axfrdns/run, /var/qmail/supervise/.*/log/run, /usr/bin/envuidgid, /usr/bin/envdir, /var/dnscache/run, /usr/bin/softlimit, /var/service/.*/run.*, /usr/bin/pgrphack, /usr/bin/setlock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48463,18 +82325,22 @@ index 0000000..360ca80
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux smbmount policy is very flexible allowing users to setup their smbmount processes in as secure a method as possible.
++SELinux svc_run policy is very flexible allowing users to setup their svc_run processes in as secure a method as possible.
+.PP
-+The following process types are defined for smbmount:
++The following process types are defined for svc_run:
+
+.EX
-+.B smbmount_t
++.B svc_run_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type svc_run_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48490,82 +82356,48 @@ index 0000000..360ca80
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/smokeping_selinux.8 b/man/man8/smokeping_selinux.8
++selinux(8), svc_run(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/svc_start_selinux.8 b/man/man8/svc_start_selinux.8
new file mode 100644
-index 0000000..9b6c4f2
+index 0000000..8ce23b1
--- /dev/null
-+++ b/man/man8/smokeping_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "smokeping_selinux" "8" "smokeping" "dwalsh at redhat.com" "smokeping SELinux Policy documentation"
++++ b/man/man8/svc_start_selinux.8
+@@ -0,0 +1,99 @@
++.TH "svc_start_selinux" "8" "svc_start" "dwalsh at redhat.com" "svc_start SELinux Policy documentation"
+.SH "NAME"
-+smokeping_selinux \- Security Enhanced Linux Policy for the smokeping processes
++svc_start_selinux \- Security Enhanced Linux Policy for the svc_start processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smokeping processes via flexible mandatory access
++Security-Enhanced Linux secures the svc_start processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smokeping_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the smokeping_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux smokeping policy is very flexible allowing users to setup their smokeping processes in as secure a method as possible.
-+.PP
-+The following file types are defined for smokeping:
-+
-+
-+.EX
-+.PP
-+.B smokeping_exec_t
-+.EE
-+
-+- Set files with the smokeping_exec_t type, if you want to transition an executable to the smokeping_t domain.
-+
-+
-+.EX
-+.PP
-+.B smokeping_initrc_exec_t
-+.EE
-+
-+- Set files with the smokeping_initrc_exec_t type, if you want to transition an executable to the smokeping_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B smokeping_var_lib_t
-+.EE
-+
-+- Set files with the smokeping_var_lib_t type, if you want to store the smokeping files under the /var/lib directory.
++Policy governs the access confined processes have to these files.
++SELinux svc_start policy is very flexible allowing users to setup their svc_start processes in as secure a method as possible.
++.PP
++The following file types are defined for svc_start:
+
+
+.EX
+.PP
-+.B smokeping_var_run_t
++.B svc_start_exec_t
+.EE
+
-+- Set files with the smokeping_var_run_t type, if you want to store the smokeping files under the /run directory.
++- Set files with the svc_start_exec_t type, if you want to transition an executable to the svc_start_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/svok, /usr/bin/svscan, /usr/bin/svc, /usr/bin/svscanboot, /usr/bin/supervise
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48580,18 +82412,40 @@ index 0000000..9b6c4f2
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux smokeping policy is very flexible allowing users to setup their smokeping processes in as secure a method as possible.
++SELinux svc_start policy is very flexible allowing users to setup their svc_start processes in as secure a method as possible.
+.PP
-+The following process types are defined for smokeping:
++The following process types are defined for svc_start:
+
+.EX
-+.B smokeping_t
++.B svc_start_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type svc_start_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B svc_svc_t
++
++ /service/.*
++.br
++ /var/axfrdns(/.*)?
++.br
++ /var/tinydns(/.*)?
++.br
++ /var/service/.*
++.br
++ /var/dnscache(/.*)?
++.br
++ /var/qmail/supervise(/.*)?
++.br
++ /service
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48607,66 +82461,88 @@ index 0000000..9b6c4f2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/smoltclient_selinux.8 b/man/man8/smoltclient_selinux.8
++selinux(8), svc_start(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/svnserve_selinux.8 b/man/man8/svnserve_selinux.8
new file mode 100644
-index 0000000..a665ee3
+index 0000000..3328dcb
--- /dev/null
-+++ b/man/man8/smoltclient_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "smoltclient_selinux" "8" "smoltclient" "dwalsh at redhat.com" "smoltclient SELinux Policy documentation"
++++ b/man/man8/svnserve_selinux.8
+@@ -0,0 +1,137 @@
++.TH "svnserve_selinux" "8" "svnserve" "dwalsh at redhat.com" "svnserve SELinux Policy documentation"
+.SH "NAME"
-+smoltclient_selinux \- Security Enhanced Linux Policy for the smoltclient processes
++svnserve_selinux \- Security Enhanced Linux Policy for the svnserve processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smoltclient processes via flexible mandatory access
++Security-Enhanced Linux secures the svnserve processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the smoltclient_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux svnserve policy is very flexible allowing users to setup their svnserve processes in as secure a method as possible.
++.PP
++The following file types are defined for svnserve:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B svnserve_content_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the smoltclient_t, you must turn on the kerberos_enabled boolean.
++- Set files with the svnserve_content_t type, if you want to treat the files as svnserve content.
++
++.br
++.TP 5
++Paths:
++/var/lib/subversion/repo(/.*)?, /var/subversion/repo(/.*)?
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B svnserve_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++- Set files with the svnserve_exec_t type, if you want to transition an executable to the svnserve_t domain.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux smoltclient policy is very flexible allowing users to setup their smoltclient processes in as secure a method as possible.
-+.PP
-+The following file types are defined for smoltclient:
++.B svnserve_initrc_exec_t
++.EE
++
++- Set files with the svnserve_initrc_exec_t type, if you want to transition an executable to the svnserve_initrc_t domain.
+
+
+.EX
+.PP
-+.B smoltclient_exec_t
++.B svnserve_unit_file_t
+.EE
+
-+- Set files with the smoltclient_exec_t type, if you want to transition an executable to the smoltclient_t domain.
++- Set files with the svnserve_unit_file_t type, if you want to treat the files as svnserve unit content.
+
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/svnserve\.service, /lib/systemd/system/svnserve\.service
+
+.EX
+.PP
-+.B smoltclient_tmp_t
++.B svnserve_var_run_t
+.EE
+
-+- Set files with the smoltclient_tmp_t type, if you want to store smoltclient temporary files in the /tmp directories.
++- Set files with the svnserve_var_run_t type, if you want to store the svnserve files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/svnserve(/.*)?, /var/run/svnserve.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48681,18 +82557,38 @@ index 0000000..a665ee3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux smoltclient policy is very flexible allowing users to setup their smoltclient processes in as secure a method as possible.
++SELinux svnserve policy is very flexible allowing users to setup their svnserve processes in as secure a method as possible.
+.PP
-+The following process types are defined for smoltclient:
++The following process types are defined for svnserve:
+
+.EX
-+.B smoltclient_t
++.B svnserve_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type svnserve_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B svnserve_content_t
++
++ /var/subversion/repo(/.*)?
++.br
++ /var/lib/subversion/repo(/.*)?
++.br
++
++.br
++.B svnserve_var_run_t
++
++ /var/run/svnserve.pid
++.br
++ /var/run/svnserve(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48708,38 +82604,38 @@ index 0000000..a665ee3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/snmpd_selinux.8 b/man/man8/snmpd_selinux.8
++selinux(8), svnserve(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/swat_selinux.8 b/man/man8/swat_selinux.8
new file mode 100644
-index 0000000..f87f0d4
+index 0000000..fc8dec4
--- /dev/null
-+++ b/man/man8/snmpd_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "snmpd_selinux" "8" "snmpd" "dwalsh at redhat.com" "snmpd SELinux Policy documentation"
++++ b/man/man8/swat_selinux.8
+@@ -0,0 +1,201 @@
++.TH "swat_selinux" "8" "swat" "dwalsh at redhat.com" "swat SELinux Policy documentation"
+.SH "NAME"
-+snmpd_selinux \- Security Enhanced Linux Policy for the snmpd processes
++swat_selinux \- Security Enhanced Linux Policy for the swat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the snmpd processes via flexible mandatory access
++Security-Enhanced Linux secures the swat processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the snmpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the swat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the snmpd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the swat_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -48748,62 +82644,34 @@ index 0000000..f87f0d4
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
+.PP
-+The following file types are defined for snmpd:
-+
-+
-+.EX
-+.PP
-+.B snmpd_exec_t
-+.EE
-+
-+- Set files with the snmpd_exec_t type, if you want to transition an executable to the snmpd_t domain.
-+
-+
-+.EX
-+.PP
-+.B snmpd_initrc_exec_t
-+.EE
-+
-+- Set files with the snmpd_initrc_exec_t type, if you want to transition an executable to the snmpd_initrc_t domain.
++The following file types are defined for swat:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd
+
+.EX
+.PP
-+.B snmpd_log_t
++.B swat_exec_t
+.EE
+
-+- Set files with the snmpd_log_t type, if you want to treat the data as snmpd log data, usually stored under the /var/log directory.
++- Set files with the swat_exec_t type, if you want to transition an executable to the swat_t domain.
+
+
+.EX
+.PP
-+.B snmpd_var_lib_t
++.B swat_tmp_t
+.EE
+
-+- Set files with the snmpd_var_lib_t type, if you want to store the snmpd files under the /var/lib directory.
++- Set files with the swat_tmp_t type, if you want to store swat temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/agentx(/.*)?, /usr/share/snmp/mibs/\.index, /var/net-snmp(/.*)?, /var/lib/net-snmp(/.*)?, /var/lib/snmp(/.*)?
+
+.EX
+.PP
-+.B snmpd_var_run_t
++.B swat_var_run_t
+.EE
+
-+- Set files with the snmpd_var_run_t type, if you want to store the snmpd files under the /run directory.
++- Set files with the swat_var_run_t type, if you want to store the swat files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/net-snmpd(/.*)?, /var/run/snmpd\.pid, /var/run/snmpd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48821,21 +82689,19 @@ index 0000000..f87f0d4
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
+.PP
-+The following port types are defined for snmpd:
++The following port types are defined for swat:
+
+.EX
+.TP 5
-+.B snmp_port_t
++.B swat_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 161-162,199,1161
-+.EE
-+udp 161-162
++tcp 901
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -48843,18 +82709,90 @@ index 0000000..f87f0d4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
++SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
+.PP
-+The following process types are defined for snmpd:
++The following process types are defined for swat:
+
+.EX
-+.B snmpd_t
++.B swat_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type swat_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B samba_etc_t
++
++ /etc/samba(/.*)?
++.br
++
++.br
++.B samba_log_t
++
++ /var/log/samba(/.*)?
++.br
++
++.br
++.B samba_secrets_t
++
++ /etc/samba/smbpasswd
++.br
++ /etc/samba/passdb\.tdb
++.br
++ /etc/samba/MACHINE\.SID
++.br
++ /etc/samba/secrets\.tdb
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B swat_tmp_t
++
++
++.br
++.B swat_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -48873,113 +82811,450 @@ index 0000000..f87f0d4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/snort_selinux.8 b/man/man8/snort_selinux.8
++selinux(8), swat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sysadm_selinux.8 b/man/man8/sysadm_selinux.8
new file mode 100644
-index 0000000..e679e9c
+index 0000000..bff177f
--- /dev/null
-+++ b/man/man8/snort_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "snort_selinux" "8" "snort" "dwalsh at redhat.com" "snort SELinux Policy documentation"
++++ b/man/man8/sysadm_selinux.8
+@@ -0,0 +1,458 @@
++.TH "sysadm_selinux" "8" "sysadm" "mgrepl at redhat.com" "sysadm SELinux Policy documentation"
+.SH "NAME"
-+snort_selinux \- Security Enhanced Linux Policy for the snort processes
-+.SH "DESCRIPTION"
++sysadm_u \- \fBGeneral system administration role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the snort processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
++
++\fBsysadm_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBsysadm_r\fP. The
++default role has a default type, \fBsysadm_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the sysadm_u user, you would execute:
++
++.B semanage login -m -s sysadm_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user sysadm, you would execute:
++
++.B $ semanage login -a -s sysadm_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user sysadm_u is an admin user. It means that a mapped Linux user to this SELinux user is intended for administrative actions. Usually this is assigned to a root Linux user.
++
++.SH SUDO
++
++The SELinux user sysadm can execute sudo.
++
++You can set up sudo to allow sysadm to transition to an administrative domain:
++
++Add one or more of the following record to sudoers using visudo.
++
++
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:auditadm_r:auditadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add sysadm_r to this list.
++
++.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:secadm_r:secadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add sysadm_r to this list.
++
++.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=staff_r TYPE=staff_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:staff_r:staff_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add sysadm_r to this list.
++
++.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
++
++For more details you can see semanage man page.
++
++
++USERNAME ALL=(ALL) ROLE=user_r TYPE=user_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:user_r:user_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add sysadm_r to this list.
++
++.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
++
++For more details you can see semanage man page.
++
++
++The SELinux type sysadm_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user sysadm_u is able to X Windows login.
++
++.SH NETWORK
++
++.TP
++The SELinux user sysadm_u is able to listen on the following tcp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user sysadm_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.TP
++The SELinux user sysadm_u is able to listen on the following udp ports.
++
++.B all ports with out defined types
++
++.B ntp_port_t: 123
++
++.TP
++The SELinux user sysadm_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sysadm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sysadm with the tightest access possible.
+
-+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
++
++.EX
++.B setsebool -P xdm_sysadm_login 1
++.EE
++
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux snort policy is very flexible allowing users to setup their snort processes in as secure a method as possible.
-+.PP
-+The following file types are defined for snort:
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user sysadm_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when sysadm_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny sysadm_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow sysadm_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user sysadm_t can execute without transitioning:
++
++.B sesearch -A -s sysadm_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow sysadm_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user sysadm_t can execute and transition:
++
++.B $ sesearch -A -s sysadm_t -c process -p transition
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type sysadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B auditd_etc_t
++
++ /etc/audit(/.*)?
++.br
++
++.br
++.B auditd_log_t
++
++ /var/log/audit(/.*)?
++.br
++ /var/log/audit\.log
++.br
++
++.br
++.B boolean_type
++
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B iceauth_home_t
++
++ /root/\.DCOP.*
++.br
++ /root/\.ICEauthority.*
++.br
++ /home/[^/]*/\.DCOP.*
++.br
++ /home/[^/]*/\.ICEauthority.*
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B krb5_keytab_t
++
++ /etc/krb5\.keytab
++.br
++ /etc/krb5kdc/kadm5\.keytab
++.br
++ /var/kerberos/krb5kdc/kadm5\.keytab
++.br
++
++.br
++.B non_security_file_type
++
++
++.br
++.B noxattrfs
++
++ all files on file systems which do not support extended attributes
++.br
++
++.br
++.B screen_home_t
++
++ /root/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screenrc
++.br
+
++.br
++.B sysctl_type
+
-+.EX
-+.PP
-+.B snort_etc_t
-+.EE
+
-+- Set files with the snort_etc_t type, if you want to store snort files in the /etc directories.
++.br
++.B systemd_passwd_var_run_t
+
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
-+.EX
-+.PP
-+.B snort_exec_t
-+.EE
++.br
++.B systemd_unit_file_type
+
-+- Set files with the snort_exec_t type, if you want to transition an executable to the snort_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/snort-plain, /usr/s?bin/snort
++.B usbfs_t
+
-+.EX
-+.PP
-+.B snort_initrc_exec_t
-+.EE
+
-+- Set files with the snort_initrc_exec_t type, if you want to transition an executable to the snort_initrc_t domain.
++.br
++.B user_fonts_cache_t
+
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
-+.EX
-+.PP
-+.B snort_log_t
-+.EE
++.br
++.B user_fonts_t
+
-+- Set files with the snort_log_t type, if you want to treat the data as snort log data, usually stored under the /var/log directory.
++ /root/\.fonts(/.*)?
++.br
++ /tmp/\.font-unix(/.*)?
++.br
++ /home/[^/]*/\.fonts(/.*)?
++.br
+
++.br
++.B user_home_t
+
-+.EX
-+.PP
-+.B snort_tmp_t
-+.EE
++ /home/[^/]*/.+
++.br
+
-+- Set files with the snort_tmp_t type, if you want to store snort temporary files in the /tmp directories.
++.br
++.B user_home_type
+
++ all user home files
++.br
+
-+.EX
-+.PP
-+.B snort_var_run_t
-+.EE
++.br
++.B user_tmp_type
+
-+- Set files with the snort_var_run_t type, if you want to store the snort files under the /run directory.
++ all user tmp files
++.br
+
++.br
++.B user_tmpfs_type
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ all user content in tmpfs file systems
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux snort policy is very flexible allowing users to setup their snort processes in as secure a method as possible.
-+.PP
-+The following process types are defined for snort:
++.br
++.B xauth_home_t
++
++ /root/\.xauth.*
++.br
++ /root/\.Xauth.*
++.br
++ /root/\.serverauth.*
++.br
++ /root/\.Xauthority.*
++.br
++ /var/lib/pqsql/\.xauth.*
++.br
++ /var/lib/pqsql/\.Xauthority.*
++.br
++ /var/lib/nxserver/home/\.xauth.*
++.br
++ /var/lib/nxserver/home/\.Xauthority.*
++.br
++ /home/[^/]*/\.xauth.*
++.br
++ /home/[^/]*/\.Xauth.*
++.br
++ /home/[^/]*/\.serverauth.*
++.br
++ /home/[^/]*/\.Xauthority.*
++.br
++
++.br
++.B xserver_tmpfs_t
+
-+.EX
-+.B snort_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -48991,139 +83266,81 @@ index 0000000..e679e9c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), snort(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sosreport_selinux.8 b/man/man8/sosreport_selinux.8
++selinux(8), sysadm(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/syslogd_selinux.8 b/man/man8/syslogd_selinux.8
new file mode 100644
-index 0000000..083ed50
+index 0000000..a4cb5f3
--- /dev/null
-+++ b/man/man8/sosreport_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "sosreport_selinux" "8" "sosreport" "dwalsh at redhat.com" "sosreport SELinux Policy documentation"
++++ b/man/man8/syslogd_selinux.8
+@@ -0,0 +1,237 @@
++.TH "syslogd_selinux" "8" "syslogd" "dwalsh at redhat.com" "syslogd SELinux Policy documentation"
+.SH "NAME"
-+sosreport_selinux \- Security Enhanced Linux Policy for the sosreport processes
++syslogd_selinux \- Security Enhanced Linux Policy for the syslogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sosreport processes via flexible mandatory access
++Security-Enhanced Linux secures the syslogd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. syslogd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run syslogd with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sosreport_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to determine whether Polipo session daemon can send syslog messages, you must turn on the polipo_session_send_syslog_msg boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P polipo_session_send_syslog_msg 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sosreport_t, you must turn on the kerberos_enabled boolean.
++If you want to allow syslogd the ability to read/write terminals, you must turn on the logging_syslogd_use_tty boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P logging_syslogd_use_tty 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux sosreport policy is very flexible allowing users to setup their sosreport processes in as secure a method as possible.
-+.PP
-+The following file types are defined for sosreport:
-+
++If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
+
+.EX
-+.PP
-+.B sosreport_exec_t
++.B setsebool -P logging_syslogd_can_sendmail 1
+.EE
+
-+- Set files with the sosreport_exec_t type, if you want to transition an executable to the sosreport_t domain.
-+
-+
-+.EX
+.PP
-+.B sosreport_tmp_t
-+.EE
-+
-+- Set files with the sosreport_tmp_t type, if you want to store sosreport temporary files in the /tmp directories.
-+
++If you want to determine whether Git session daemons can send syslog messages, you must turn on the git_session_send_syslog_msg boolean.
+
+.EX
-+.PP
-+.B sosreport_tmpfs_t
++.B setsebool -P git_session_send_syslog_msg 1
+.EE
+
-+- Set files with the sosreport_tmpfs_t type, if you want to store sosreport files on a tmpfs file system.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++.SH NSSWITCH DOMAIN
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux sosreport policy is very flexible allowing users to setup their sosreport processes in as secure a method as possible.
-+.PP
-+The following process types are defined for sosreport:
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the syslogd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B sosreport_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/soundd_selinux.8 b/man/man8/soundd_selinux.8
-new file mode 100644
-index 0000000..99e1c36
---- /dev/null
-+++ b/man/man8/soundd_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "soundd_selinux" "8" "soundd" "dwalsh at redhat.com" "soundd SELinux Policy documentation"
-+.SH "NAME"
-+soundd_selinux \- Security Enhanced Linux Policy for the soundd processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the soundd processes via flexible mandatory access
-+control.
++If you want to allow confined applications to run with kerberos for the syslogd_t, you must turn on the kerberos_enabled boolean.
+
-+.SH NSSWITCH DOMAIN
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -49131,78 +83348,62 @@ index 0000000..99e1c36
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
+.PP
-+The following file types are defined for soundd:
-+
-+
-+.EX
-+.PP
-+.B soundd_etc_t
-+.EE
-+
-+- Set files with the soundd_etc_t type, if you want to store soundd files in the /etc directories.
++The following file types are defined for syslogd:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/yiff(/.*)?, /etc/nas(/.*)?
+
+.EX
+.PP
-+.B soundd_exec_t
++.B syslogd_exec_t
+.EE
+
-+- Set files with the soundd_exec_t type, if you want to transition an executable to the soundd_t domain.
++- Set files with the syslogd_exec_t type, if you want to transition an executable to the syslogd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/gpe-soundserver, /usr/sbin/yiff, /usr/bin/nasd
-+
-+.EX
-+.PP
-+.B soundd_initrc_exec_t
-+.EE
-+
-+- Set files with the soundd_initrc_exec_t type, if you want to transition an executable to the soundd_initrc_t domain.
-+
++/usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/sbin/metalog, /usr/lib/systemd/systemd-journald, /usr/sbin/syslogd, /usr/sbin/minilogd, /sbin/rsyslogd, /usr/lib/systemd/systemd-kmsg-syslogd, /sbin/syslogd, /sbin/syslog-ng, /sbin/minilogd
+
+.EX
+.PP
-+.B soundd_state_t
++.B syslogd_initrc_exec_t
+.EE
+
-+- Set files with the soundd_state_t type, if you want to treat the files as soundd state data.
++- Set files with the syslogd_initrc_exec_t type, if you want to transition an executable to the syslogd_initrc_t domain.
+
+
+.EX
+.PP
-+.B soundd_tmp_t
++.B syslogd_tmp_t
+.EE
+
-+- Set files with the soundd_tmp_t type, if you want to store soundd temporary files in the /tmp directories.
++- Set files with the syslogd_tmp_t type, if you want to store syslogd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B soundd_tmpfs_t
++.B syslogd_var_lib_t
+.EE
+
-+- Set files with the soundd_tmpfs_t type, if you want to store soundd files on a tmpfs file system.
++- Set files with the syslogd_var_lib_t type, if you want to store the syslogd files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/syslog-ng.persist, /var/lib/r?syslog(/.*)?, /var/lib/syslog-ng(/.*)?
+
+.EX
+.PP
-+.B soundd_var_run_t
++.B syslogd_var_run_t
+.EE
+
-+- Set files with the soundd_var_run_t type, if you want to store the soundd files under the /run directory.
++- Set files with the syslogd_var_run_t type, if you want to store the syslogd files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/nasd(/.*)?, /var/run/yiff-[0-9]+\.pid
++/var/run/syslogd\.pid, /var/log/syslog-ng(/.*)?, /var/run/syslog-ng(/.*)?, /var/run/systemd/journal(/.*)?, /var/run/metalog\.pid, /var/run/log(/.*)?, /var/run/syslog-ng.ctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -49220,19 +83421,21 @@ index 0000000..99e1c36
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
+.PP
-+The following port types are defined for soundd:
++The following port types are defined for syslogd:
+
+.EX
+.TP 5
-+.B soundd_port_t
++.B syslogd_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 8000,9433,16001
++tcp 6514
++.EE
++udp 514,6514
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -49240,18 +83443,60 @@ index 0000000..99e1c36
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible.
++SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
+.PP
-+The following process types are defined for soundd:
++The following process types are defined for syslogd:
+
+.EX
-+.B soundd_t
++.B syslogd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type syslogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B logfile
++
++ all log files
++.br
++
++.br
++.B syslogd_tmp_t
++
++
++.br
++.B syslogd_var_lib_t
++
++ /var/lib/r?syslog(/.*)?
++.br
++ /var/lib/syslog-ng(/.*)?
++.br
++ /var/lib/syslog-ng.persist
++.br
++
++.br
++.B syslogd_var_run_t
++
++ /var/run/log(/.*)?
++.br
++ /var/run/syslog-ng.ctl
++.br
++ /var/log/syslog-ng(/.*)?
++.br
++ /var/run/syslog-ng(/.*)?
++.br
++ /var/run/systemd/journal(/.*)?
++.br
++ /var/run/metalog\.pid
++.br
++ /var/run/syslogd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -49265,41 +83510,49 @@ index 0000000..99e1c36
+.B semanage port
+can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/spamass_selinux.8 b/man/man8/spamass_selinux.8
++selinux(8), syslogd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/sysstat_selinux.8 b/man/man8/sysstat_selinux.8
new file mode 100644
-index 0000000..824297f
+index 0000000..f98f224
--- /dev/null
-+++ b/man/man8/spamass_selinux.8
-@@ -0,0 +1,108 @@
-+.TH "spamass_selinux" "8" "spamass" "dwalsh at redhat.com" "spamass SELinux Policy documentation"
++++ b/man/man8/sysstat_selinux.8
+@@ -0,0 +1,119 @@
++.TH "sysstat_selinux" "8" "sysstat" "dwalsh at redhat.com" "sysstat SELinux Policy documentation"
+.SH "NAME"
-+spamass_selinux \- Security Enhanced Linux Policy for the spamass processes
++sysstat_selinux \- Security Enhanced Linux Policy for the sysstat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamass processes via flexible mandatory access
++Security-Enhanced Linux secures the sysstat processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. spamass policy is extremely flexible and has several booleans that allow you to manipulate the policy and run spamass with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow user spamassassin clients to use the network, you must turn on the spamassassin_can_network boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sysstat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P spamassassin_can_network 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+.SH NSSWITCH DOMAIN
++.PP
++If you want to allow confined applications to run with kerberos for the sysstat_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -49307,38 +83560,34 @@ index 0000000..824297f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux spamass policy is very flexible allowing users to setup their spamass processes in as secure a method as possible.
++SELinux sysstat policy is very flexible allowing users to setup their sysstat processes in as secure a method as possible.
+.PP
-+The following file types are defined for spamass:
++The following file types are defined for sysstat:
+
+
+.EX
+.PP
-+.B spamass_milter_data_t
++.B sysstat_exec_t
+.EE
+
-+- Set files with the spamass_milter_data_t type, if you want to treat the files as spamass milter content.
++- Set files with the sysstat_exec_t type, if you want to transition an executable to the sysstat_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/spool/postfix/spamass(/.*)?, /var/run/spamass(/.*)?, /var/run/spamass-milter(/.*)?, /var/run/spamass-milter\.pid
-+
-+.EX
-+.PP
-+.B spamass_milter_exec_t
-+.EE
-+
-+- Set files with the spamass_milter_exec_t type, if you want to transition an executable to the spamass_milter_t domain.
-+
++/usr/lib/sa/sa.*, /usr/lib/sysstat/sa.*, /usr/lib/atsar/atsa.*
+
+.EX
+.PP
-+.B spamass_milter_state_t
++.B sysstat_log_t
+.EE
+
-+- Set files with the spamass_milter_state_t type, if you want to treat the files as spamass milter state data.
++- Set files with the sysstat_log_t type, if you want to treat the data as sysstat log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/opt/sartest(/.*)?, /var/log/sysstat(/.*)?, /var/log/sa(/.*)?, /var/log/atsar(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -49353,18 +83602,34 @@ index 0000000..824297f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux spamass policy is very flexible allowing users to setup their spamass processes in as secure a method as possible.
++SELinux sysstat policy is very flexible allowing users to setup their sysstat processes in as secure a method as possible.
+.PP
-+The following process types are defined for spamass:
++The following process types are defined for sysstat:
+
+.EX
-+.B spamass_milter_t
++.B sysstat_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type sysstat_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sysstat_log_t
++
++ /var/log/sa(/.*)?
++.br
++ /opt/sartest(/.*)?
++.br
++ /var/log/atsar(/.*)?
++.br
++ /var/log/sysstat(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -49375,91 +83640,60 @@ index 0000000..824297f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), spamass(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/spamc_selinux.8 b/man/man8/spamc_selinux.8
++selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/system_munin_plugin_selinux.8 b/man/man8/system_munin_plugin_selinux.8
new file mode 100644
-index 0000000..36e84ee
+index 0000000..3e735d4
--- /dev/null
-+++ b/man/man8/spamc_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "spamc_selinux" "8" "spamc" "dwalsh at redhat.com" "spamc SELinux Policy documentation"
++++ b/man/man8/system_munin_plugin_selinux.8
+@@ -0,0 +1,105 @@
++.TH "system_munin_plugin_selinux" "8" "system_munin_plugin" "dwalsh at redhat.com" "system_munin_plugin SELinux Policy documentation"
+.SH "NAME"
-+spamc_selinux \- Security Enhanced Linux Policy for the spamc processes
++system_munin_plugin_selinux \- Security Enhanced Linux Policy for the system_munin_plugin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamc processes via flexible mandatory access
++Security-Enhanced Linux secures the system_munin_plugin processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the spamc_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux spamc policy is very flexible allowing users to setup their spamc processes in as secure a method as possible.
++SELinux system_munin_plugin policy is very flexible allowing users to setup their system_munin_plugin processes in as secure a method as possible.
+.PP
-+The following file types are defined for spamc:
-+
-+
-+.EX
-+.PP
-+.B spamc_exec_t
-+.EE
-+
-+- Set files with the spamc_exec_t type, if you want to transition an executable to the spamc_t domain.
++The following file types are defined for system_munin_plugin:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/pyzor, /usr/bin/spamc, /usr/bin/razor.*, /usr/bin/sa-learn, /usr/bin/spamassassin
+
+.EX
+.PP
-+.B spamc_home_t
++.B system_munin_plugin_exec_t
+.EE
+
-+- Set files with the spamc_home_t type, if you want to store spamc files in the users home directory.
++- Set files with the system_munin_plugin_exec_t type, if you want to transition an executable to the system_munin_plugin_t domain.
+
+.br
+.TP 5
+Paths:
-+/root/\.spamd(/.*)?, /root/\.pyzor(/.*)?, /root/\.razor(/.*)?, /root/\.spamassassin(/.*)?
++/usr/share/munin/plugins/swap, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/load, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/users, /usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/open_files
+
+.EX
+.PP
-+.B spamc_tmp_t
++.B system_munin_plugin_tmp_t
+.EE
+
-+- Set files with the spamc_tmp_t type, if you want to store spamc temporary files in the /tmp directories.
++- Set files with the system_munin_plugin_tmp_t type, if you want to store system munin plugin temporary files in the /tmp directories.
+
+
+.PP
@@ -49475,18 +83709,38 @@ index 0000000..36e84ee
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux spamc policy is very flexible allowing users to setup their spamc processes in as secure a method as possible.
++SELinux system_munin_plugin policy is very flexible allowing users to setup their system_munin_plugin processes in as secure a method as possible.
+.PP
-+The following process types are defined for spamc:
++The following process types are defined for system_munin_plugin:
+
+.EX
-+.B spamc_t
++.B system_munin_plugin_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type system_munin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B munin_plugin_state_t
++
++ /var/lib/munin/plugin-state(/.*)?
++.br
++
++.br
++.B munin_var_lib_t
++
++ /var/lib/munin(/.*)?
++.br
++
++.br
++.B system_munin_plugin_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -49502,63 +83756,38 @@ index 0000000..36e84ee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/spamd_selinux.8 b/man/man8/spamd_selinux.8
++selinux(8), system_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/systemd_logger_selinux.8 b/man/man8/systemd_logger_selinux.8
new file mode 100644
-index 0000000..301c200
+index 0000000..9abc94b
--- /dev/null
-+++ b/man/man8/spamd_selinux.8
-@@ -0,0 +1,242 @@
-+.TH "spamd_selinux" "8" "spamd" "dwalsh at redhat.com" "spamd SELinux Policy documentation"
++++ b/man/man8/systemd_logger_selinux.8
+@@ -0,0 +1,91 @@
++.TH "systemd_logger_selinux" "8" "systemd_logger" "dwalsh at redhat.com" "systemd_logger SELinux Policy documentation"
+.SH "NAME"
-+spamd_selinux \- Security Enhanced Linux Policy for the spamd processes
++systemd_logger_selinux \- Security Enhanced Linux Policy for the systemd_logger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamd processes via flexible mandatory access
++Security-Enhanced Linux secures the systemd_logger processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. spamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run spamd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow user spamassassin clients to use the network, you must turn on the spamassassin_can_network boolean.
-+
-+.EX
-+.B setsebool -P spamassassin_can_network 1
-+.EE
-+
-+.PP
-+If you want to allow spamd to read/write user home directories, you must turn on the spamd_enable_home_dirs boolean.
-+
-+.EX
-+.B setsebool -P spamd_enable_home_dirs 1
-+.EE
-+
-+.PP
-+If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
-+
-+.EX
-+.B setsebool -P httpd_can_check_spam 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the spamc_t, spamd_update_t, spamd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the systemd_logger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the spamc_t, spamd_update_t, spamd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the systemd_logger_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -49567,118 +83796,143 @@ index 0000000..301c200
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
++SELinux systemd_logger policy is very flexible allowing users to setup their systemd_logger processes in as secure a method as possible.
+.PP
-+The following file types are defined for spamd:
++The following file types are defined for systemd_logger:
+
+
+.EX
+.PP
-+.B spamd_compiled_t
++.B systemd_logger_exec_t
+.EE
+
-+- Set files with the spamd_compiled_t type, if you want to treat the files as spamd compiled data.
++- Set files with the systemd_logger_exec_t type, if you want to transition an executable to the systemd_logger_t domain.
+
+
-+.EX
+.PP
-+.B spamd_etc_t
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux systemd_logger policy is very flexible allowing users to setup their systemd_logger processes in as secure a method as possible.
++.PP
++The following process types are defined for systemd_logger:
++
++.EX
++.B systemd_logger_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the spamd_etc_t type, if you want to store spamd files in the /etc directories.
++.SH "MANAGED FILES"
+
-+.br
-+.TP 5
-+Paths:
-+/etc/pyzor(/.*)?, /etc/razor(/.*)?
++The SELinux user type systemd_logger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B spamd_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the spamd_exec_t type, if you want to transition an executable to the spamd_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/spamd, /usr/bin/mimedefang-multiplexor, /usr/bin/pyzord, /usr/bin/spamd, /usr/bin/mimedefang
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), systemd_logger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/systemd_logind_selinux.8 b/man/man8/systemd_logind_selinux.8
+new file mode 100644
+index 0000000..51b3bf3
+--- /dev/null
++++ b/man/man8/systemd_logind_selinux.8
+@@ -0,0 +1,209 @@
++.TH "systemd_logind_selinux" "8" "systemd_logind" "dwalsh at redhat.com" "systemd_logind SELinux Policy documentation"
++.SH "NAME"
++systemd_logind_selinux \- Security Enhanced Linux Policy for the systemd_logind processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B spamd_initrc_exec_t
-+.EE
++Security-Enhanced Linux secures the systemd_logind processes via flexible mandatory access
++control.
+
-+- Set files with the spamd_initrc_exec_t type, if you want to transition an executable to the spamd_initrc_t domain.
++.SH NSSWITCH DOMAIN
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/mimedefang.*, /etc/rc\.d/init\.d/pyzord
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the systemd_logind_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B spamd_log_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the spamd_log_t type, if you want to treat the data as spamd log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/razor-agent\.log.*, /var/log/mimedefang, /var/log/pyzord\.log.*, /var/log/spamd\.log.*
++.PP
++If you want to allow confined applications to run with kerberos for the systemd_logind_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B spamd_spool_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the spamd_spool_t type, if you want to store the spamd files under the /var/spool directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux systemd_logind policy is very flexible allowing users to setup their systemd_logind processes in as secure a method as possible.
++.PP
++The following file types are defined for systemd_logind:
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/spamd(/.*)?, /var/spool/spamassassin(/.*)?
+
+.EX
+.PP
-+.B spamd_tmp_t
++.B systemd_logind_exec_t
+.EE
+
-+- Set files with the spamd_tmp_t type, if you want to store spamd temporary files in the /tmp directories.
++- Set files with the systemd_logind_exec_t type, if you want to transition an executable to the systemd_logind_t domain.
+
+
+.EX
+.PP
-+.B spamd_update_exec_t
++.B systemd_logind_inhibit_var_run_t
+.EE
+
-+- Set files with the spamd_update_exec_t type, if you want to transition an executable to the spamd_update_t domain.
++- Set files with the systemd_logind_inhibit_var_run_t type, if you want to store the systemd logind inhibit files under the /run directory.
+
+
+.EX
+.PP
-+.B spamd_var_lib_t
++.B systemd_logind_sessions_t
+.EE
+
-+- Set files with the spamd_var_lib_t type, if you want to store the spamd files under the /var/lib directory.
++- Set files with the systemd_logind_sessions_t type, if you want to treat the files as systemd logind sessions data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/spamassassin(/.*)?, /var/lib/razor(/.*)?, /var/lib/pyzord(/.*)?
+
+.EX
+.PP
-+.B spamd_var_run_t
++.B systemd_logind_var_run_t
+.EE
+
-+- Set files with the spamd_var_run_t type, if you want to store the spamd files under the /run directory.
++- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/spamassassin(/.*)?, /var/spool/MIMEDefang(/.*)?, /var/spool/MD-Quarantine(/.*)?
++/var/run/nologin, /var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -49687,47 +83941,118 @@ index 0000000..301c200
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for spamd:
-+
-+.EX
-+.TP 5
-+.B spamd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 783
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible.
++SELinux systemd_logind policy is very flexible allowing users to setup their systemd_logind processes in as secure a method as possible.
+.PP
-+The following process types are defined for spamd:
++The following process types are defined for systemd_logind:
+
+.EX
-+.B spamc_t, spamd_t, spamd_update_t, spamass_milter_t
++.B systemd_logind_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type systemd_logind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B config_home_t
++
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_logind_inhibit_var_run_t
++
++ /var/run/systemd/inhibit(/.*)?
++.br
++
++.br
++.B systemd_logind_sessions_t
++
++ /var/run/systemd/sessions(/.*)?
++.br
++
++.br
++.B systemd_logind_var_run_t
++
++ /var/run/systemd/seats(/.*)?
++.br
++ /var/run/systemd/users(/.*)?
++.br
++ /var/run/nologin
++.br
++
++.br
++.B udev_rules_t
++
++ /etc/udev/rules.d(/.*)?
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -49738,69 +84063,43 @@ index 0000000..301c200
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), spamd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/squid_selinux.8 b/man/man8/squid_selinux.8
++selinux(8), systemd_logind(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/systemd_notify_selinux.8 b/man/man8/systemd_notify_selinux.8
new file mode 100644
-index 0000000..39622ca
+index 0000000..ed296ff
--- /dev/null
-+++ b/man/man8/squid_selinux.8
-@@ -0,0 +1,205 @@
-+.TH "squid_selinux" "8" "squid" "dwalsh at redhat.com" "squid SELinux Policy documentation"
++++ b/man/man8/systemd_notify_selinux.8
+@@ -0,0 +1,103 @@
++.TH "systemd_notify_selinux" "8" "systemd_notify" "dwalsh at redhat.com" "systemd_notify SELinux Policy documentation"
+.SH "NAME"
-+squid_selinux \- Security Enhanced Linux Policy for the squid processes
++systemd_notify_selinux \- Security Enhanced Linux Policy for the systemd_notify processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the squid processes via flexible mandatory access
++Security-Enhanced Linux secures the systemd_notify processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. squid policy is extremely flexible and has several booleans that allow you to manipulate the policy and run squid with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow squid to run as a transparent proxy (TPROXY), you must turn on the squid_use_tproxy boolean.
-+
-+.EX
-+.B setsebool -P squid_use_tproxy 1
-+.EE
-+
-+.PP
-+If you want to allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the squid_connect_any boolean.
-+
-+.EX
-+.B setsebool -P squid_connect_any 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the squid_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the systemd_notify_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the squid_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the systemd_notify_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -49809,86 +84108,131 @@ index 0000000..39622ca
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
++SELinux systemd_notify policy is very flexible allowing users to setup their systemd_notify processes in as secure a method as possible.
+.PP
-+The following file types are defined for squid:
++The following file types are defined for systemd_notify:
+
+
+.EX
+.PP
-+.B squid_cache_t
++.B systemd_notify_exec_t
+.EE
+
-+- Set files with the squid_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/cache/squid(/.*)?, /var/spool/squid(/.*)?, /var/squidGuard(/.*)?
++/usr/bin/systemd-notify, /bin/systemd-notify
+
-+.EX
+.PP
-+.B squid_conf_t
-+.EE
-+
-+- Set files with the squid_conf_t type, if you want to treat the files as squid configuration data, usually stored under the /etc directory.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/squid(/.*)?, /usr/share/squid(/.*)?
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux systemd_notify policy is very flexible allowing users to setup their systemd_notify processes in as secure a method as possible.
++.PP
++The following process types are defined for systemd_notify:
+
+.EX
-+.PP
-+.B squid_exec_t
++.B systemd_notify_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the squid_exec_t type, if you want to transition an executable to the squid_t domain.
++.SH "MANAGED FILES"
+
++The SELinux user type systemd_notify_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B squid_initrc_exec_t
-+.EE
++.br
++.B readahead_var_run_t
+
-+- Set files with the squid_initrc_exec_t type, if you want to transition an executable to the squid_initrc_t domain.
++ /dev/\.systemd/readahead(/.*)?
++.br
++ /var/run/systemd/readahead(/.*)?
++.br
+
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B squid_log_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the squid_log_t type, if you want to treat the data as squid log data, usually stored under the /var/log directory.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/squid(/.*)?, /var/log/squidGuard(/.*)?
++.SH "SEE ALSO"
++selinux(8), systemd_notify(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/systemd_passwd_agent_selinux.8 b/man/man8/systemd_passwd_agent_selinux.8
+new file mode 100644
+index 0000000..7ef8fb2
+--- /dev/null
++++ b/man/man8/systemd_passwd_agent_selinux.8
+@@ -0,0 +1,103 @@
++.TH "systemd_passwd_agent_selinux" "8" "systemd_passwd_agent" "dwalsh at redhat.com" "systemd_passwd_agent SELinux Policy documentation"
++.SH "NAME"
++systemd_passwd_agent_selinux \- Security Enhanced Linux Policy for the systemd_passwd_agent processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B squid_tmp_t
-+.EE
++Security-Enhanced Linux secures the systemd_passwd_agent processes via flexible mandatory access
++control.
+
-+- Set files with the squid_tmp_t type, if you want to store squid temporary files in the /tmp directories.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the systemd_passwd_agent_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B squid_tmpfs_t
++If you want to allow confined applications to run with kerberos for the systemd_passwd_agent_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the squid_tmpfs_t type, if you want to store squid files on a tmpfs file system.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux systemd_passwd_agent policy is very flexible allowing users to setup their systemd_passwd_agent processes in as secure a method as possible.
++.PP
++The following file types are defined for systemd_passwd_agent:
+
+
+.EX
+.PP
-+.B squid_var_run_t
++.B systemd_passwd_agent_exec_t
+.EE
+
-+- Set files with the squid_var_run_t type, if you want to store the squid files under the /run directory.
++- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain.
+
++.br
++.TP 5
++Paths:
++/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -49897,49 +84241,36 @@ index 0000000..39622ca
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
-+.PP
-+The following port types are defined for squid:
-+
-+.EX
-+.TP 5
-+.B squid_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 3128,3401,4827
-+.EE
-+udp 3401,4827
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible.
++SELinux systemd_passwd_agent policy is very flexible allowing users to setup their systemd_passwd_agent processes in as secure a method as possible.
+.PP
-+The following process types are defined for squid:
++The following process types are defined for systemd_passwd_agent:
+
+.EX
-+.B squid_t
++.B systemd_passwd_agent_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type systemd_passwd_agent_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -49950,81 +84281,67 @@ index 0000000..39622ca
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), squid(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/srvsvcd_selinux.8 b/man/man8/srvsvcd_selinux.8
++selinux(8), systemd_passwd_agent(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/systemd_tmpfiles_selinux.8 b/man/man8/systemd_tmpfiles_selinux.8
new file mode 100644
-index 0000000..c867ab4
+index 0000000..1cd7d68
--- /dev/null
-+++ b/man/man8/srvsvcd_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "srvsvcd_selinux" "8" "srvsvcd" "dwalsh at redhat.com" "srvsvcd SELinux Policy documentation"
++++ b/man/man8/systemd_tmpfiles_selinux.8
+@@ -0,0 +1,179 @@
++.TH "systemd_tmpfiles_selinux" "8" "systemd_tmpfiles" "dwalsh at redhat.com" "systemd_tmpfiles SELinux Policy documentation"
+.SH "NAME"
-+srvsvcd_selinux \- Security Enhanced Linux Policy for the srvsvcd processes
++systemd_tmpfiles_selinux \- Security Enhanced Linux Policy for the systemd_tmpfiles processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the srvsvcd processes via flexible mandatory access
++Security-Enhanced Linux secures the systemd_tmpfiles processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux srvsvcd policy is very flexible allowing users to setup their srvsvcd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for srvsvcd:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the systemd_tmpfiles_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B srvsvcd_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the srvsvcd_exec_t type, if you want to transition an executable to the srvsvcd_t domain.
-+
-+
-+.EX
+.PP
-+.B srvsvcd_var_lib_t
-+.EE
-+
-+- Set files with the srvsvcd_var_lib_t type, if you want to store the srvsvcd files under the /var/lib directory.
-+
++If you want to allow confined applications to run with kerberos for the systemd_tmpfiles_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B srvsvcd_var_run_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the srvsvcd_var_run_t type, if you want to store the srvsvcd files under the /run directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux systemd_tmpfiles policy is very flexible allowing users to setup their systemd_tmpfiles processes in as secure a method as possible.
++.PP
++The following file types are defined for systemd_tmpfiles:
+
+
+.EX
+.PP
-+.B srvsvcd_var_socket_t
++.B systemd_tmpfiles_exec_t
+.EE
+
-+- Set files with the srvsvcd_var_socket_t type, if you want to treat the files as srvsvcd var socket data.
++- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -50039,18 +84356,106 @@ index 0000000..c867ab4
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux srvsvcd policy is very flexible allowing users to setup their srvsvcd processes in as secure a method as possible.
++SELinux systemd_tmpfiles policy is very flexible allowing users to setup their systemd_tmpfiles processes in as secure a method as possible.
+.PP
-+The following process types are defined for srvsvcd:
++The following process types are defined for systemd_tmpfiles:
+
+.EX
-+.B srvsvcd_t
++.B systemd_tmpfiles_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type systemd_tmpfiles_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B lockfile
++
++
++.br
++.B man_t
++
++ /opt/(.*/)?man(/.*)?
++.br
++ /usr/man(/.*)?
++.br
++ /usr/share/man(/.*)?
++.br
++ /usr/X11R6/man(/.*)?
++.br
++ /var/cache/man(/.*)?
++.br
++ /usr/lib/perl5/man(/.*)?
++.br
++
++.br
++.B pidfile
++
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B tmp_t
++
++ /sandbox(/.*)?
++.br
++ /tmp
++.br
++ /var/tmp
++.br
++ /var/tmp
++.br
++ /usr/tmp
++.br
++ /var/tmp/vi\.recover
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -50066,205 +84471,199 @@ index 0000000..c867ab4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ssh_selinux.8 b/man/man8/ssh_selinux.8
++selinux(8), systemd_tmpfiles(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tcpd_selinux.8 b/man/man8/tcpd_selinux.8
new file mode 100644
-index 0000000..9fc8832
+index 0000000..8ac449c
--- /dev/null
-+++ b/man/man8/ssh_selinux.8
-@@ -0,0 +1,264 @@
-+.TH "ssh_selinux" "8" "ssh" "dwalsh at redhat.com" "ssh SELinux Policy documentation"
++++ b/man/man8/tcpd_selinux.8
+@@ -0,0 +1,118 @@
++.TH "tcpd_selinux" "8" "tcpd" "dwalsh at redhat.com" "tcpd SELinux Policy documentation"
+.SH "NAME"
-+ssh_selinux \- Security Enhanced Linux Policy for the ssh processes
++tcpd_selinux \- Security Enhanced Linux Policy for the tcpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ssh processes via flexible mandatory access
++Security-Enhanced Linux secures the tcpd processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. ssh policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ssh with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
-+
-+.EX
-+.B setsebool -P ssh_chroot_rw_homedirs 1
-+.EE
-+
-+.PP
-+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++SELinux policy is customizable based on least access required. tcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tcpd with the tightest access possible.
+
-+.EX
-+.B setsebool -P sftpd_write_ssh_home 1
-+.EE
+
+.PP
-+If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
+
+.EX
-+.B setsebool -P ssh_sysadm_login 1
++.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
+.EE
+
+.PP
-+If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean.
+
+.EX
-+.B setsebool -P ssh_keysign 1
++.B setsebool -P daemons_use_tcp_wrapper 1
+.EE
+
+.PP
-+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
+
+.EX
-+.B setsebool -P fenced_can_ssh 1
++.B setsebool -P user_tcp_server 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++SELinux tcpd policy is very flexible allowing users to setup their tcpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for ssh:
++The following file types are defined for tcpd:
+
+
+.EX
+.PP
-+.B ssh_agent_exec_t
++.B tcpd_exec_t
+.EE
+
-+- Set files with the ssh_agent_exec_t type, if you want to transition an executable to the ssh_agent_t domain.
++- Set files with the tcpd_exec_t type, if you want to transition an executable to the tcpd_t domain.
+
+
+.EX
+.PP
-+.B ssh_agent_tmp_t
++.B tcpd_tmp_t
+.EE
+
-+- Set files with the ssh_agent_tmp_t type, if you want to store ssh agent temporary files in the /tmp directories.
++- Set files with the tcpd_tmp_t type, if you want to store tcpd temporary files in the /tmp directories.
+
+
-+.EX
+.PP
-+.B ssh_exec_t
-+.EE
-+
-+- Set files with the ssh_exec_t type, if you want to transition an executable to the ssh_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux tcpd policy is very flexible allowing users to setup their tcpd processes in as secure a method as possible.
++.PP
++The following process types are defined for tcpd:
+
+.EX
-+.PP
-+.B ssh_home_t
++.B tcpd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the ssh_home_t type, if you want to store ssh files in the users home directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/nocpulse/\.ssh(/.*)?, /var/lib/gitolite/\.ssh(/.*)?, /root/\.shosts, /var/lib/amanda/\.ssh(/.*)?, /var/lib/gitolite3/\.ssh(/.*)?, /root/\.ssh(/.*)?, /var/lib/stickshift/.*/\.ssh(/.*)?
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B ssh_keygen_exec_t
-+.EE
++The SELinux user type tcpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the ssh_keygen_exec_t type, if you want to transition an executable to the ssh_keygen_t domain.
++.br
++.B tcpd_tmp_t
+
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B ssh_keysign_exec_t
-+.EE
-+
-+- Set files with the ssh_keysign_exec_t type, if you want to transition an executable to the ssh_keysign_t domain.
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
+
-+.EX
+.PP
-+.B ssh_tmpfs_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the ssh_tmpfs_t type, if you want to store ssh files on a tmpfs file system.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), tcpd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/tcsd_selinux.8 b/man/man8/tcsd_selinux.8
+new file mode 100644
+index 0000000..3c95130
+--- /dev/null
++++ b/man/man8/tcsd_selinux.8
+@@ -0,0 +1,139 @@
++.TH "tcsd_selinux" "8" "tcsd" "dwalsh at redhat.com" "tcsd SELinux Policy documentation"
++.SH "NAME"
++tcsd_selinux \- Security Enhanced Linux Policy for the tcsd processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B sshd_exec_t
-+.EE
++Security-Enhanced Linux secures the tcsd processes via flexible mandatory access
++control.
+
-+- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tcsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B sshd_initrc_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the tcsd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B sshd_key_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
++.PP
++The following file types are defined for tcsd:
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
+
+.EX
+.PP
-+.B sshd_keytab_t
++.B tcsd_exec_t
+.EE
+
-+- Set files with the sshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the tcsd_exec_t type, if you want to transition an executable to the tcsd_t domain.
+
+
+.EX
+.PP
-+.B sshd_tmpfs_t
++.B tcsd_initrc_exec_t
+.EE
+
-+- Set files with the sshd_tmpfs_t type, if you want to store sshd files on a tmpfs file system.
++- Set files with the tcsd_initrc_exec_t type, if you want to transition an executable to the tcsd_initrc_t domain.
+
+
+.EX
+.PP
-+.B sshd_var_run_t
++.B tcsd_var_lib_t
+.EE
+
-+- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
++- Set files with the tcsd_var_lib_t type, if you want to store the tcsd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -50282,19 +84681,19 @@ index 0000000..9fc8832
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
+.PP
-+The following port types are defined for ssh:
++The following port types are defined for tcsd:
+
+.EX
+.TP 5
-+.B ssh_port_t
++.B tcs_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 22
++tcp 30003
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -50302,18 +84701,28 @@ index 0000000..9fc8832
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible.
++SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
+.PP
-+The following process types are defined for ssh:
++The following process types are defined for tcsd:
+
+.EX
-+.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t
++.B tcsd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tcsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B tcsd_var_lib_t
++
++ /var/lib/tpm(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -50327,155 +84736,224 @@ index 0000000..9fc8832
+.B semanage port
+can also be used to manipulate the port definitions
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ssh(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/sshd_selinux.8 b/man/man8/sshd_selinux.8
++selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_gabble_selinux.8 b/man/man8/telepathy_gabble_selinux.8
new file mode 100644
-index 0000000..1b057a8
+index 0000000..d7a0fc7
--- /dev/null
-+++ b/man/man8/sshd_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "sshd_selinux" "8" "sshd" "dwalsh at redhat.com" "sshd SELinux Policy documentation"
++++ b/man/man8/telepathy_gabble_selinux.8
+@@ -0,0 +1,147 @@
++.TH "telepathy_gabble_selinux" "8" "telepathy_gabble" "dwalsh at redhat.com" "telepathy_gabble SELinux Policy documentation"
+.SH "NAME"
-+sshd_selinux \- Security Enhanced Linux Policy for the sshd processes
++telepathy_gabble_selinux \- Security Enhanced Linux Policy for the telepathy_gabble processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sshd processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_gabble processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sshd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sshd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_gabble_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P ssh_chroot_rw_homedirs 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_gabble_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P sftpd_write_ssh_home 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux telepathy_gabble policy is very flexible allowing users to setup their telepathy_gabble processes in as secure a method as possible.
++.PP
++The following file types are defined for telepathy_gabble:
++
+
+.EX
-+.B setsebool -P ssh_sysadm_login 1
++.PP
++.B telepathy_gabble_cache_home_t
+.EE
+
-+.PP
-+If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++- Set files with the telepathy_gabble_cache_home_t type, if you want to store telepathy gabble cache files in the users home directory.
++
+
+.EX
-+.B setsebool -P ssh_keysign 1
++.PP
++.B telepathy_gabble_exec_t
+.EE
+
-+.PP
-+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++- Set files with the telepathy_gabble_exec_t type, if you want to transition an executable to the telepathy_gabble_t domain.
++
+
+.EX
-+.B setsebool -P fenced_can_ssh 1
++.PP
++.B telepathy_gabble_tmp_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the telepathy_gabble_tmp_t type, if you want to store telepathy gabble temporary files in the /tmp directories.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow confined applications to run with kerberos for the ssh_keygen_t, sshd_t, ssh_t, you must turn on the kerberos_enabled boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux telepathy_gabble policy is very flexible allowing users to setup their telepathy_gabble processes in as secure a method as possible.
++.PP
++The following process types are defined for telepathy_gabble:
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B telepathy_gabble_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_gabble_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
++.br
++.B config_home_t
++
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
++
++.br
++.B telepathy_gabble_cache_home_t
++
++ /home/[^/]*/\.cache/wocky(/.*)?
++.br
++ /home/[^/]*/\.cache/telepathy/gabble(/.*)?
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for sshd:
-+
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B sshd_exec_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
++.SH "SEE ALSO"
++selinux(8), telepathy_gabble(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_idle_selinux.8 b/man/man8/telepathy_idle_selinux.8
+new file mode 100644
+index 0000000..c81a382
+--- /dev/null
++++ b/man/man8/telepathy_idle_selinux.8
+@@ -0,0 +1,109 @@
++.TH "telepathy_idle_selinux" "8" "telepathy_idle" "dwalsh at redhat.com" "telepathy_idle SELinux Policy documentation"
++.SH "NAME"
++telepathy_idle_selinux \- Security Enhanced Linux Policy for the telepathy_idle processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B sshd_initrc_exec_t
-+.EE
++Security-Enhanced Linux secures the telepathy_idle processes via flexible mandatory access
++control.
+
-+- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_idle_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B sshd_key_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
++.PP
++If you want to allow confined applications to run with kerberos for the telepathy_idle_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B sshd_keytab_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the sshd_keytab_t type, if you want to treat the files as kerberos keytab files.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux telepathy_idle policy is very flexible allowing users to setup their telepathy_idle processes in as secure a method as possible.
++.PP
++The following file types are defined for telepathy_idle:
+
+
+.EX
+.PP
-+.B sshd_tmpfs_t
++.B telepathy_idle_exec_t
+.EE
+
-+- Set files with the sshd_tmpfs_t type, if you want to store sshd files on a tmpfs file system.
++- Set files with the telepathy_idle_exec_t type, if you want to transition an executable to the telepathy_idle_t domain.
+
+
+.EX
+.PP
-+.B sshd_var_run_t
++.B telepathy_idle_tmp_t
+.EE
+
-+- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
++- Set files with the telepathy_idle_tmp_t type, if you want to store telepathy idle temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -50484,47 +84962,38 @@ index 0000000..1b057a8
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for sshd:
-+
-+.EX
-+.TP 5
-+.B ssh_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 22
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible.
++SELinux telepathy_idle policy is very flexible allowing users to setup their telepathy_idle processes in as secure a method as possible.
+.PP
-+The following process types are defined for sshd:
++The following process types are defined for telepathy_idle:
+
+.EX
-+.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t
++.B telepathy_idle_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_idle_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -50535,51 +85004,43 @@ index 0000000..1b057a8
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sshd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/sssd_selinux.8 b/man/man8/sssd_selinux.8
++selinux(8), telepathy_idle(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_logger_selinux.8 b/man/man8/telepathy_logger_selinux.8
new file mode 100644
-index 0000000..485226e
+index 0000000..98b1c16
--- /dev/null
-+++ b/man/man8/sssd_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "sssd_selinux" "8" "sssd" "dwalsh at redhat.com" "sssd SELinux Policy documentation"
++++ b/man/man8/telepathy_logger_selinux.8
+@@ -0,0 +1,159 @@
++.TH "telepathy_logger_selinux" "8" "telepathy_logger" "dwalsh at redhat.com" "telepathy_logger SELinux Policy documentation"
+.SH "NAME"
-+sssd_selinux \- Security Enhanced Linux Policy for the sssd processes
++telepathy_logger_selinux \- Security Enhanced Linux Policy for the telepathy_logger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sssd processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_logger processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sssd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_logger_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sssd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_logger_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -50588,69 +85049,41 @@ index 0000000..485226e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sssd policy is very flexible allowing users to setup their sssd processes in as secure a method as possible.
++SELinux telepathy_logger policy is very flexible allowing users to setup their telepathy_logger processes in as secure a method as possible.
+.PP
-+The following file types are defined for sssd:
++The following file types are defined for telepathy_logger:
+
+
+.EX
+.PP
-+.B sssd_conf_t
-+.EE
-+
-+- Set files with the sssd_conf_t type, if you want to treat the files as sssd configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
-+.PP
-+.B sssd_exec_t
-+.EE
-+
-+- Set files with the sssd_exec_t type, if you want to transition an executable to the sssd_t domain.
-+
-+
-+.EX
-+.PP
-+.B sssd_initrc_exec_t
-+.EE
-+
-+- Set files with the sssd_initrc_exec_t type, if you want to transition an executable to the sssd_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B sssd_public_t
++.B telepathy_logger_cache_home_t
+.EE
+
-+- Set files with the sssd_public_t type, if you want to treat the files as sssd public data.
++- Set files with the telepathy_logger_cache_home_t type, if you want to store telepathy logger cache files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/sss/mc(/.*)?, /var/lib/sss/pubconf(/.*)?
+
+.EX
+.PP
-+.B sssd_var_lib_t
++.B telepathy_logger_data_home_t
+.EE
+
-+- Set files with the sssd_var_lib_t type, if you want to store the sssd files under the /var/lib directory.
++- Set files with the telepathy_logger_data_home_t type, if you want to store telepathy logger data files in the users home directory.
+
+
+.EX
+.PP
-+.B sssd_var_log_t
++.B telepathy_logger_exec_t
+.EE
+
-+- Set files with the sssd_var_log_t type, if you want to treat the data as sssd var log data, usually stored under the /var/log directory.
++- Set files with the telepathy_logger_exec_t type, if you want to transition an executable to the telepathy_logger_t domain.
+
+
+.EX
+.PP
-+.B sssd_var_run_t
++.B telepathy_logger_tmp_t
+.EE
+
-+- Set files with the sssd_var_run_t type, if you want to store the sssd files under the /run directory.
++- Set files with the telepathy_logger_tmp_t type, if you want to store telepathy logger temporary files in the /tmp directories.
+
+
+.PP
@@ -50666,18 +85099,66 @@ index 0000000..485226e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sssd policy is very flexible allowing users to setup their sssd processes in as secure a method as possible.
++SELinux telepathy_logger policy is very flexible allowing users to setup their telepathy_logger processes in as secure a method as possible.
+.PP
-+The following process types are defined for sssd:
++The following process types are defined for telepathy_logger:
+
+.EX
-+.B sssd_t
++.B telepathy_logger_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_logger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
++.br
++.B config_home_t
++
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
++
++.br
++.B telepathy_logger_cache_home_t
++
++ /home/[^/]*/\.cache/telepathy/logger(/.*)?
++.br
++
++.br
++.B telepathy_logger_data_home_t
++
++ /home/[^/]*/\.local/share/TpLogger(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -50693,288 +85174,340 @@ index 0000000..485226e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/staff_selinux.8 b/man/man8/staff_selinux.8
++selinux(8), telepathy_logger(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_mission_control_selinux.8 b/man/man8/telepathy_mission_control_selinux.8
new file mode 100644
-index 0000000..039dc00
+index 0000000..7ecaef1
--- /dev/null
-+++ b/man/man8/staff_selinux.8
-@@ -0,0 +1,244 @@
-+.TH "staff_selinux" "8" "staff" "mgrepl at redhat.com" "staff SELinux Policy documentation"
++++ b/man/man8/telepathy_mission_control_selinux.8
+@@ -0,0 +1,173 @@
++.TH "telepathy_mission_control_selinux" "8" "telepathy_mission_control" "dwalsh at redhat.com" "telepathy_mission_control SELinux Policy documentation"
+.SH "NAME"
-+staff_u \- \fBAdministrator's unprivileged user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBstaff_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBstaff_r\fP. The
-+default role has a default type, \fBstaff_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B staff_u:staff_r:staff_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++telepathy_mission_control_selinux \- Security Enhanced Linux Policy for the telepathy_mission_control processes
++.SH "DESCRIPTION"
+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++Security-Enhanced Linux secures the telepathy_mission_control processes via flexible mandatory access
++control.
+
-+You can list all Linux User to SELinux user mapping using:
++.SH NSSWITCH DOMAIN
+
-+.B semanage login -l
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_mission_control_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+If you wanted to change the default user mapping to use the staff_u user, you would execute:
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
+
-+.B semanage login -m -s staff_u __default__
++.PP
++If you want to allow confined applications to run with kerberos for the telepathy_mission_control_t, you must turn on the kerberos_enabled boolean.
+
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
-+If you want to map the one Linux user (joe) to the SELinux user staff, you would execute:
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux telepathy_mission_control policy is very flexible allowing users to setup their telepathy_mission_control processes in as secure a method as possible.
++.PP
++The following file types are defined for telepathy_mission_control:
+
-+.B $ semanage login -a -s staff_u joe
+
++.EX
++.PP
++.B telepathy_mission_control_cache_home_t
++.EE
+
-+.SH USER DESCRIPTION
++- Set files with the telepathy_mission_control_cache_home_t type, if you want to store telepathy mission control cache files in the users home directory.
+
-+The SELinux user staff_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
+
-+.SH SUDO
++.EX
++.PP
++.B telepathy_mission_control_data_home_t
++.EE
+
-+The SELinux user staff can execute sudo.
++- Set files with the telepathy_mission_control_data_home_t type, if you want to store telepathy mission control data files in the users home directory.
+
-+You can set up sudo to allow staff to transition to an administrative domain:
+
-+Add one or more of the following record to sudoers using visudo.
++.EX
++.PP
++.B telepathy_mission_control_exec_t
++.EE
+
++- Set files with the telepathy_mission_control_exec_t type, if you want to transition an executable to the telepathy_mission_control_t domain.
+
-+USERNAME ALL=(ALL) ROLE=ftpadmin_r TYPE=ftpadmin_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:ftpadmin_r:ftpadmin_t:LEVEL
+
-+USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
++.EX
++.PP
++.B telepathy_mission_control_home_t
++.EE
+
-+USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
++- Set files with the telepathy_mission_control_home_t type, if you want to store telepathy mission control files in the users home directory.
+
-+USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
+
-+USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
++.EX
++.PP
++.B telepathy_mission_control_tmp_t
++.EE
+
-+USERNAME ALL=(ALL) ROLE=sysadm_r TYPE=sysadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:sysadm_r:sysadm_t:LEVEL
++- Set files with the telepathy_mission_control_tmp_t type, if you want to store telepathy mission control temporary files in the /tmp directories.
+
-+USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
+
-+USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
-+.br
-+sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+You might also need to add one or more of these new roles to your SELinux user record.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux telepathy_mission_control policy is very flexible allowing users to setup their telepathy_mission_control processes in as secure a method as possible.
++.PP
++The following process types are defined for telepathy_mission_control:
+
-+List the SELinux roles your SELinux user can reach by executing:
++.EX
++.B telepathy_mission_control_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.B $ semanage user -l |grep selinux_name
++.SH "MANAGED FILES"
+
-+Modify the roles list and add staff_r to this list.
++The SELinux user type telepathy_mission_control_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B $ semanage user -m -R 'staff_r ftpadmin_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++.br
++.B cache_home_t
+
-+For more details you can see semanage man page.
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
+
++.br
++.B config_home_t
+
-+.SH X WINDOWS LOGIN
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
+
-+The SELinux user staff_u is able to X Windows login.
++.br
++.B telepathy_mission_control_cache_home_t
+
-+.SH TERMINAL LOGIN
++ /home/[^/]*/\.cache/\.mc_connections
++.br
+
-+The SELinux user staff_u is able to terminal login.
++.br
++.B telepathy_mission_control_data_home_t
+
-+.SH NETWORK
++ /home/[^/]*/\.local/share/telepathy/mission-control(/.*)?
++.br
+
-+.TP
-+The SELinux user staff_u is able to listen on the following tcp ports.
++.br
++.B telepathy_mission_control_home_t
+
-+.B xserver_port_t: 6000-6020
++ /home/[^/]*/\.mission-control(/.*)?
++.br
+
-+.TP
-+The SELinux user staff_u is able to listen on the following udp ports.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B all ports with out defined types
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+.TP
-+The SELinux user staff_u is able to connect to the following tcp ports.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.B all ports
++.SH "SEE ALSO"
++selinux(8), telepathy_mission_control(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_msn_selinux.8 b/man/man8/telepathy_msn_selinux.8
+new file mode 100644
+index 0000000..aaa63f6
+--- /dev/null
++++ b/man/man8/telepathy_msn_selinux.8
+@@ -0,0 +1,117 @@
++.TH "telepathy_msn_selinux" "8" "telepathy_msn" "dwalsh at redhat.com" "telepathy_msn SELinux Policy documentation"
++.SH "NAME"
++telepathy_msn_selinux \- Security Enhanced Linux Policy for the telepathy_msn processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. staff_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run staff_t with the tightest access possible.
++Security-Enhanced Linux secures the telepathy_msn processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_msn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P allow_user_mysql_connect 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_msn_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P user_ping 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
-+
-+.EX
-+.B setsebool -P user_ttyfile_stat 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
-+
-+.EX
-+.B setsebool -P user_share_music 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux telepathy_msn policy is very flexible allowing users to setup their telepathy_msn processes in as secure a method as possible.
++.PP
++The following file types are defined for telepathy_msn:
+
-+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
+
+.EX
-+.B setsebool -P user_direct_dri 1
-+.EE
-+
+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
-+
-+.EX
-+.B setsebool -P user_rw_noexattrfile 1
++.B telepathy_msn_exec_t
+.EE
+
-+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
-+
-+.EX
-+.B setsebool -P user_tcp_server 1
-+.EE
++- Set files with the telepathy_msn_exec_t type, if you want to transition an executable to the telepathy_msn_t domain.
+
-+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++.br
++.TP 5
++Paths:
++/usr/libexec/telepathy-butterfly, /usr/libexec/telepathy-haze
+
+.EX
-+.B setsebool -P user_direct_mouse 1
++.PP
++.B telepathy_msn_tmp_t
+.EE
+
-+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++- Set files with the telepathy_msn_tmp_t type, if you want to store telepathy msn temporary files in the /tmp directories.
+
-+.EX
-+.B setsebool -P user_setrlimit 1
-+.EE
+
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
-+
-+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux telepathy_msn policy is very flexible allowing users to setup their telepathy_msn processes in as secure a method as possible.
++.PP
++The following process types are defined for telepathy_msn:
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B telepathy_msn_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH HOME_EXEC
-+
-+The SELinux user staff_u is able execute home content files.
-+
-+.SH TRANSITIONS
-+
-+Three things can happen when staff_t attempts to execute a program.
-+
-+\fB1.\fP SELinux Policy can deny staff_t from executing the program.
-+
-+.TP
-+
-+\fB2.\fP SELinux Policy can allow staff_t to execute the program in the current user type.
-+
-+Execute the following to see the types that the SELinux user staff_t can execute without transitioning:
-+
-+.B sesearch -A -s staff_t -c file -p execute_no_trans
++.SH "MANAGED FILES"
+
-+.TP
++The SELinux user type telepathy_msn_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+\fB3.\fP SELinux can allow staff_t to execute the program and transition to a new type.
++.br
++.B cache_home_t
+
-+Execute the following to see the types that the SELinux user staff_t can execute and transition:
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
+
-+.B $ sesearch -A -s staff_t -c process -p transition
++.br
++.B telepathy_msn_tmp_t
+
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
-+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/stapserver_selinux.8 b/man/man8/stapserver_selinux.8
++selinux(8), telepathy_msn(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_salut_selinux.8 b/man/man8/telepathy_salut_selinux.8
new file mode 100644
-index 0000000..385ff9b
+index 0000000..009b622
--- /dev/null
-+++ b/man/man8/stapserver_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "stapserver_selinux" "8" "stapserver" "dwalsh at redhat.com" "stapserver SELinux Policy documentation"
++++ b/man/man8/telepathy_salut_selinux.8
+@@ -0,0 +1,109 @@
++.TH "telepathy_salut_selinux" "8" "telepathy_salut" "dwalsh at redhat.com" "telepathy_salut SELinux Policy documentation"
+.SH "NAME"
-+stapserver_selinux \- Security Enhanced Linux Policy for the stapserver processes
++telepathy_salut_selinux \- Security Enhanced Linux Policy for the telepathy_salut processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the stapserver processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_salut processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the stapserver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_salut_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the stapserver_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_salut_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -50983,41 +85516,25 @@ index 0000000..385ff9b
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux stapserver policy is very flexible allowing users to setup their stapserver processes in as secure a method as possible.
++SELinux telepathy_salut policy is very flexible allowing users to setup their telepathy_salut processes in as secure a method as possible.
+.PP
-+The following file types are defined for stapserver:
-+
-+
-+.EX
-+.PP
-+.B stapserver_exec_t
-+.EE
-+
-+- Set files with the stapserver_exec_t type, if you want to transition an executable to the stapserver_t domain.
-+
-+
-+.EX
-+.PP
-+.B stapserver_log_t
-+.EE
-+
-+- Set files with the stapserver_log_t type, if you want to treat the data as stapserver log data, usually stored under the /var/log directory.
++The following file types are defined for telepathy_salut:
+
+
+.EX
+.PP
-+.B stapserver_var_lib_t
++.B telepathy_salut_exec_t
+.EE
+
-+- Set files with the stapserver_var_lib_t type, if you want to store the stapserver files under the /var/lib directory.
++- Set files with the telepathy_salut_exec_t type, if you want to transition an executable to the telepathy_salut_t domain.
+
+
+.EX
+.PP
-+.B stapserver_var_run_t
++.B telepathy_salut_tmp_t
+.EE
+
-+- Set files with the stapserver_var_run_t type, if you want to store the stapserver files under the /run directory.
++- Set files with the telepathy_salut_tmp_t type, if you want to store telepathy salut temporary files in the /tmp directories.
+
+
+.PP
@@ -51033,18 +85550,32 @@ index 0000000..385ff9b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux stapserver policy is very flexible allowing users to setup their stapserver processes in as secure a method as possible.
++SELinux telepathy_salut policy is very flexible allowing users to setup their telepathy_salut processes in as secure a method as possible.
+.PP
-+The following process types are defined for stapserver:
++The following process types are defined for telepathy_salut:
+
+.EX
-+.B stapserver_t
++.B telepathy_salut_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_salut_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -51060,38 +85591,38 @@ index 0000000..385ff9b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), stapserver(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/stunnel_selinux.8 b/man/man8/stunnel_selinux.8
++selinux(8), telepathy_salut(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_sofiasip_selinux.8 b/man/man8/telepathy_sofiasip_selinux.8
new file mode 100644
-index 0000000..70b6674
+index 0000000..2b6a402
--- /dev/null
-+++ b/man/man8/stunnel_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "stunnel_selinux" "8" "stunnel" "dwalsh at redhat.com" "stunnel SELinux Policy documentation"
++++ b/man/man8/telepathy_sofiasip_selinux.8
+@@ -0,0 +1,109 @@
++.TH "telepathy_sofiasip_selinux" "8" "telepathy_sofiasip" "dwalsh at redhat.com" "telepathy_sofiasip SELinux Policy documentation"
+.SH "NAME"
-+stunnel_selinux \- Security Enhanced Linux Policy for the stunnel processes
++telepathy_sofiasip_selinux \- Security Enhanced Linux Policy for the telepathy_sofiasip processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the stunnel processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_sofiasip processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the stunnel_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_sofiasip_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the stunnel_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_sofiasip_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -51100,45 +85631,25 @@ index 0000000..70b6674
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
++SELinux telepathy_sofiasip policy is very flexible allowing users to setup their telepathy_sofiasip processes in as secure a method as possible.
+.PP
-+The following file types are defined for stunnel:
-+
++The following file types are defined for telepathy_sofiasip:
+
-+.EX
-+.PP
-+.B stunnel_etc_t
-+.EE
-+
-+- Set files with the stunnel_etc_t type, if you want to store stunnel files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B stunnel_exec_t
-+.EE
-+
-+- Set files with the stunnel_exec_t type, if you want to transition an executable to the stunnel_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/stunnel, /usr/bin/stunnel
+
+.EX
+.PP
-+.B stunnel_tmp_t
++.B telepathy_sofiasip_exec_t
+.EE
+
-+- Set files with the stunnel_tmp_t type, if you want to store stunnel temporary files in the /tmp directories.
++- Set files with the telepathy_sofiasip_exec_t type, if you want to transition an executable to the telepathy_sofiasip_t domain.
+
+
+.EX
+.PP
-+.B stunnel_var_run_t
++.B telepathy_sofiasip_tmp_t
+.EE
+
-+- Set files with the stunnel_var_run_t type, if you want to store the stunnel files under the /run directory.
++- Set files with the telepathy_sofiasip_tmp_t type, if you want to store telepathy sofiasip temporary files in the /tmp directories.
+
+
+.PP
@@ -51148,43 +85659,38 @@ index 0000000..70b6674
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
-+.PP
-+The following port types are defined for stunnel:
-+
-+.EX
-+.TP 5
-+.B stunnel_port_t
-+.TP 10
-+.EE
-+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible.
++SELinux telepathy_sofiasip policy is very flexible allowing users to setup their telepathy_sofiasip processes in as secure a method as possible.
+.PP
-+The following process types are defined for stunnel:
++The following process types are defined for telepathy_sofiasip:
+
+.EX
-+.B stunnel_t
++.B telepathy_sofiasip_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_sofiasip_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -51195,46 +85701,43 @@ index 0000000..70b6674
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sulogin_selinux.8 b/man/man8/sulogin_selinux.8
++selinux(8), telepathy_sofiasip(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_stream_engine_selinux.8 b/man/man8/telepathy_stream_engine_selinux.8
new file mode 100644
-index 0000000..833aec1
+index 0000000..bc462b2
--- /dev/null
-+++ b/man/man8/sulogin_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "sulogin_selinux" "8" "sulogin" "dwalsh at redhat.com" "sulogin SELinux Policy documentation"
++++ b/man/man8/telepathy_stream_engine_selinux.8
+@@ -0,0 +1,109 @@
++.TH "telepathy_stream_engine_selinux" "8" "telepathy_stream_engine" "dwalsh at redhat.com" "telepathy_stream_engine SELinux Policy documentation"
+.SH "NAME"
-+sulogin_selinux \- Security Enhanced Linux Policy for the sulogin processes
++telepathy_stream_engine_selinux \- Security Enhanced Linux Policy for the telepathy_stream_engine processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sulogin processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_stream_engine processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sulogin_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_stream_engine_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sulogin_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the telepathy_stream_engine_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -51243,22 +85746,26 @@ index 0000000..833aec1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sulogin policy is very flexible allowing users to setup their sulogin processes in as secure a method as possible.
++SELinux telepathy_stream_engine policy is very flexible allowing users to setup their telepathy_stream_engine processes in as secure a method as possible.
+.PP
-+The following file types are defined for sulogin:
++The following file types are defined for telepathy_stream_engine:
+
+
+.EX
+.PP
-+.B sulogin_exec_t
++.B telepathy_stream_engine_exec_t
+.EE
+
-+- Set files with the sulogin_exec_t type, if you want to transition an executable to the sulogin_t domain.
++- Set files with the telepathy_stream_engine_exec_t type, if you want to transition an executable to the telepathy_stream_engine_t domain.
++
++
++.EX
++.PP
++.B telepathy_stream_engine_tmp_t
++.EE
++
++- Set files with the telepathy_stream_engine_tmp_t type, if you want to store telepathy stream engine temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -51273,18 +85780,32 @@ index 0000000..833aec1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sulogin policy is very flexible allowing users to setup their sulogin processes in as secure a method as possible.
++SELinux telepathy_stream_engine policy is very flexible allowing users to setup their telepathy_stream_engine processes in as secure a method as possible.
+.PP
-+The following process types are defined for sulogin:
++The following process types are defined for telepathy_stream_engine:
+
+.EX
-+.B sulogin_t
++.B telepathy_stream_engine_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_stream_engine_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -51300,100 +85821,74 @@ index 0000000..833aec1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/svc_selinux.8 b/man/man8/svc_selinux.8
++selinux(8), telepathy_stream_engine(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telepathy_sunshine_selinux.8 b/man/man8/telepathy_sunshine_selinux.8
new file mode 100644
-index 0000000..8829e0e
+index 0000000..1723c12
--- /dev/null
-+++ b/man/man8/svc_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "svc_selinux" "8" "svc" "dwalsh at redhat.com" "svc SELinux Policy documentation"
++++ b/man/man8/telepathy_sunshine_selinux.8
+@@ -0,0 +1,127 @@
++.TH "telepathy_sunshine_selinux" "8" "telepathy_sunshine" "dwalsh at redhat.com" "telepathy_sunshine SELinux Policy documentation"
+.SH "NAME"
-+svc_selinux \- Security Enhanced Linux Policy for the svc processes
++telepathy_sunshine_selinux \- Security Enhanced Linux Policy for the telepathy_sunshine processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the svc processes via flexible mandatory access
++Security-Enhanced Linux secures the telepathy_sunshine processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux svc policy is very flexible allowing users to setup their svc processes in as secure a method as possible.
-+.PP
-+The following file types are defined for svc:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_sunshine_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B svc_conf_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the svc_conf_t type, if you want to treat the files as svc configuration data, usually stored under the /etc directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/dnscache/env(/.*)?, /var/tinydns/env(/.*)?, /var/axfrdns/env(/.*)?, /var/service/.*/env(/.*)?
-+
-+.EX
+.PP
-+.B svc_log_t
-+.EE
-+
-+- Set files with the svc_log_t type, if you want to treat the data as svc log data, usually stored under the /var/log directory.
-+
++If you want to allow confined applications to run with kerberos for the telepathy_sunshine_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B svc_multilog_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the svc_multilog_exec_t type, if you want to transition an executable to the svc_multilog_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux telepathy_sunshine policy is very flexible allowing users to setup their telepathy_sunshine processes in as secure a method as possible.
++.PP
++The following file types are defined for telepathy_sunshine:
+
+
+.EX
+.PP
-+.B svc_run_exec_t
++.B telepathy_sunshine_exec_t
+.EE
+
-+- Set files with the svc_run_exec_t type, if you want to transition an executable to the svc_run_t domain.
++- Set files with the telepathy_sunshine_exec_t type, if you want to transition an executable to the telepathy_sunshine_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/tinydns/run, /var/dnscache/log/run, /var/qmail/supervise/.*/run, /var/axfrdns/log/run, /usr/bin/setuidgid, /usr/bin/fghack, /var/tinydns/log/run, /var/service/.*/log/run, /var/axfrdns/run, /var/qmail/supervise/.*/log/run, /usr/bin/envuidgid, /usr/bin/envdir, /var/dnscache/run, /usr/bin/softlimit, /var/service/.*/run.*, /usr/bin/pgrphack, /usr/bin/setlock
+
+.EX
+.PP
-+.B svc_start_exec_t
++.B telepathy_sunshine_home_t
+.EE
+
-+- Set files with the svc_start_exec_t type, if you want to transition an executable to the svc_start_t domain.
++- Set files with the telepathy_sunshine_home_t type, if you want to store telepathy sunshine files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/svok, /usr/bin/svscan, /usr/bin/svc, /usr/bin/svscanboot, /usr/bin/supervise
+
+.EX
+.PP
-+.B svc_svc_t
++.B telepathy_sunshine_tmp_t
+.EE
+
-+- Set files with the svc_svc_t type, if you want to treat the files as svc svc data.
++- Set files with the telepathy_sunshine_tmp_t type, if you want to store telepathy sunshine temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/service, /var/tinydns(/.*)?, /service/.*, /var/service/.*, /var/qmail/supervise(/.*)?, /var/dnscache(/.*)?, /var/axfrdns(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -51408,18 +85903,42 @@ index 0000000..8829e0e
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux svc policy is very flexible allowing users to setup their svc processes in as secure a method as possible.
++SELinux telepathy_sunshine policy is very flexible allowing users to setup their telepathy_sunshine processes in as secure a method as possible.
+.PP
-+The following process types are defined for svc:
++The following process types are defined for telepathy_sunshine:
+
+.EX
-+.B svc_multilog_t, svc_start_t, svc_run_t
++.B telepathy_sunshine_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type telepathy_sunshine_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cache_home_t
++
++ /root/\.cache(/.*)?
++.br
++ /home/[^/]*/\.nv(/.*)?
++.br
++ /home/[^/]*/\.cache(/.*)?
++.br
++
++.br
++.B telepathy_sunshine_home_t
++
++ /home/[^/]*/\.telepathy-sunshine(/.*)?
++.br
++
++.br
++.B telepathy_sunshine_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -51435,113 +85954,198 @@ index 0000000..8829e0e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), svc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/svnserve_selinux.8 b/man/man8/svnserve_selinux.8
++selinux(8), telepathy_sunshine(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/telnetd_selinux.8 b/man/man8/telnetd_selinux.8
new file mode 100644
-index 0000000..deeacd8
+index 0000000..d8f3577
--- /dev/null
-+++ b/man/man8/svnserve_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "svnserve_selinux" "8" "svnserve" "dwalsh at redhat.com" "svnserve SELinux Policy documentation"
++++ b/man/man8/telnetd_selinux.8
+@@ -0,0 +1,205 @@
++.TH "telnetd_selinux" "8" "telnetd" "dwalsh at redhat.com" "telnetd SELinux Policy documentation"
+.SH "NAME"
-+svnserve_selinux \- Security Enhanced Linux Policy for the svnserve processes
++telnetd_selinux \- Security Enhanced Linux Policy for the telnetd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the svnserve processes via flexible mandatory access
++Security-Enhanced Linux secures the telnetd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telnetd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the telnetd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux svnserve policy is very flexible allowing users to setup their svnserve processes in as secure a method as possible.
++SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
+.PP
-+The following file types are defined for svnserve:
++The following file types are defined for telnetd:
+
+
+.EX
+.PP
-+.B svnserve_content_t
++.B telnetd_exec_t
+.EE
+
-+- Set files with the svnserve_content_t type, if you want to treat the files as svnserve content.
++- Set files with the telnetd_exec_t type, if you want to transition an executable to the telnetd_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/lib/subversion/repo(/.*)?, /var/subversion/repo(/.*)?
++/usr/kerberos/sbin/telnetd, /usr/sbin/in\.telnetd
+
+.EX
+.PP
-+.B svnserve_exec_t
++.B telnetd_keytab_t
+.EE
+
-+- Set files with the svnserve_exec_t type, if you want to transition an executable to the svnserve_t domain.
++- Set files with the telnetd_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
+.EX
+.PP
-+.B svnserve_initrc_exec_t
++.B telnetd_tmp_t
+.EE
+
-+- Set files with the svnserve_initrc_exec_t type, if you want to transition an executable to the svnserve_initrc_t domain.
++- Set files with the telnetd_tmp_t type, if you want to store telnetd temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B svnserve_unit_file_t
++.B telnetd_var_run_t
+.EE
+
-+- Set files with the svnserve_unit_file_t type, if you want to treat the files as svnserve unit content.
++- Set files with the telnetd_var_run_t type, if you want to store the telnetd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
++.PP
++The following port types are defined for telnetd:
++
++.EX
++.TP 5
++.B telnetd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 23
++.EE
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
++.PP
++The following process types are defined for telnetd:
++
++.EX
++.B telnetd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "MANAGED FILES"
++
++The SELinux user type telnetd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B telnetd_tmp_t
++
+
+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/svnserve\.service, /lib/systemd/system/svnserve\.service
-+
-+.EX
-+.PP
-+.B svnserve_var_run_t
-+.EE
++.B telnetd_var_run_t
+
-+- Set files with the svnserve_var_run_t type, if you want to store the svnserve files under the /run directory.
+
+.br
-+.TP 5
-+Paths:
-+/var/run/svnserve(/.*)?, /var/run/svnserve.pid
++.B user_tmp_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /var/run/user(/.*)?
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux svnserve policy is very flexible allowing users to setup their svnserve processes in as secure a method as possible.
-+.PP
-+The following process types are defined for svnserve:
++.br
++.B wtmp_t
+
-+.EX
-+.B svnserve_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /var/log/wtmp.*
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -51553,43 +86157,72 @@ index 0000000..deeacd8
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), svnserve(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/swat_selinux.8 b/man/man8/swat_selinux.8
++selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tftpd_selinux.8 b/man/man8/tftpd_selinux.8
new file mode 100644
-index 0000000..e66b789
+index 0000000..92b31f8
--- /dev/null
-+++ b/man/man8/swat_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "swat_selinux" "8" "swat" "dwalsh at redhat.com" "swat SELinux Policy documentation"
++++ b/man/man8/tftpd_selinux.8
+@@ -0,0 +1,193 @@
++.TH "tftpd_selinux" "8" "tftpd" "dwalsh at redhat.com" "tftpd SELinux Policy documentation"
+.SH "NAME"
-+swat_selinux \- Security Enhanced Linux Policy for the swat processes
++tftpd_selinux \- Security Enhanced Linux Policy for the tftpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the swat processes via flexible mandatory access
++Security-Enhanced Linux secures the tftpd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the swat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tftpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the swat_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the tftpd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH SHARING FILES
++If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
++.TP
++Allow tftpd servers to read the /var/tftpd directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/tftpd(/.*)?"
++.br
++.B restorecon -F -R -v /var/tftpd
++.pp
++.TP
++Allow tftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_tftpdd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/tftpd/incoming(/.*)?"
++.br
++.B restorecon -F -R -v /var/tftpd/incoming
++
++
++.PP
++If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P tftp_anon_write 1
+.EE
+
+.SH FILE CONTEXTS
@@ -51598,35 +86231,59 @@ index 0000000..e66b789
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
++SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for swat:
++The following file types are defined for tftpd:
+
+
+.EX
+.PP
-+.B swat_exec_t
++.B tftpd_etc_t
+.EE
+
-+- Set files with the swat_exec_t type, if you want to transition an executable to the swat_t domain.
++- Set files with the tftpd_etc_t type, if you want to store tftpd files in the /etc directories.
+
+
+.EX
+.PP
-+.B swat_tmp_t
++.B tftpd_exec_t
+.EE
+
-+- Set files with the swat_tmp_t type, if you want to store swat temporary files in the /tmp directories.
++- Set files with the tftpd_exec_t type, if you want to transition an executable to the tftpd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/in\.tftpd, /usr/sbin/atftpd
+
+.EX
+.PP
-+.B swat_var_run_t
++.B tftpd_var_run_t
+.EE
+
-+- Set files with the swat_var_run_t type, if you want to store the swat files under the /run directory.
++- Set files with the tftpd_var_run_t type, if you want to store the tftpd files under the /run directory.
++
++
++.EX
++.PP
++.B tftpdir_rw_t
++.EE
++
++- Set files with the tftpdir_rw_t type, if you want to treat the files as tftpdir read/write content.
+
+
++.EX
++.PP
++.B tftpdir_t
++.EE
++
++- Set files with the tftpdir_t type, if you want to treat the files as tftpdir data.
++
++.br
++.TP 5
++Paths:
++/tftpboot/.*, /tftpboot
++
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
@@ -51643,19 +86300,19 @@ index 0000000..e66b789
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
++SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
+.PP
-+The following port types are defined for swat:
++The following port types are defined for tftpd:
+
+.EX
+.TP 5
-+.B swat_port_t
++.B tftp_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 901
++udp 69
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -51663,18 +86320,32 @@ index 0000000..e66b789
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible.
++SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for swat:
++The following process types are defined for tftpd:
+
+.EX
-+.B swat_t
++.B tftpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tftpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B tftpd_var_run_t
++
++
++.br
++.B tftpdir_rw_t
++
++ /var/lib/tftpboot(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -51693,306 +86364,177 @@ index 0000000..e66b789
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), swat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sysadm_selinux.8 b/man/man8/sysadm_selinux.8
++selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tgtd_selinux.8 b/man/man8/tgtd_selinux.8
new file mode 100644
-index 0000000..679f836
+index 0000000..3817e99
--- /dev/null
-+++ b/man/man8/sysadm_selinux.8
-@@ -0,0 +1,230 @@
-+.TH "sysadm_selinux" "8" "sysadm" "mgrepl at redhat.com" "sysadm SELinux Policy documentation"
++++ b/man/man8/tgtd_selinux.8
+@@ -0,0 +1,133 @@
++.TH "tgtd_selinux" "8" "tgtd" "dwalsh at redhat.com" "tgtd SELinux Policy documentation"
+.SH "NAME"
-+sysadm_u \- \fBGeneral system administration role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBsysadm_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBsysadm_r\fP. The
-+default role has a default type, \fBsysadm_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B sysadm_u:sysadm_r:sysadm_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
-+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
-+
-+You can list all Linux User to SELinux user mapping using:
-+
-+.B semanage login -l
-+
-+If you wanted to change the default user mapping to use the sysadm_u user, you would execute:
-+
-+.B semanage login -m -s sysadm_u __default__
-+
-+
-+If you want to map the one Linux user (joe) to the SELinux user sysadm, you would execute:
-+
-+.B $ semanage login -a -s sysadm_u joe
-+
-+
-+.SH USER DESCRIPTION
-+
-+The SELinux user sysadm_u is an admin user. It means that a mapped Linux user to this SELinux user is intended for administrative actions. Usually this is assigned to a root Linux user.
-+
-+.SH SUDO
-+
-+The SELinux user sysadm can execute sudo.
-+
-+You can set up sudo to allow sysadm to transition to an administrative domain:
-+
-+Add one or more of the following record to sudoers using visudo.
-+
-+
-+USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
-+.br
-+sudo will run COMMAND as sysadm_u:auditadm_r:auditadm_t:LEVEL
-+
-+USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
-+.br
-+sudo will run COMMAND as sysadm_u:secadm_r:secadm_t:LEVEL
-+
-+USERNAME ALL=(ALL) ROLE=staff_r TYPE=staff_t COMMAND
-+.br
-+sudo will run COMMAND as sysadm_u:staff_r:staff_t:LEVEL
-+
-+USERNAME ALL=(ALL) ROLE=user_r TYPE=user_t COMMAND
-+.br
-+sudo will run COMMAND as sysadm_u:user_r:user_t:LEVEL
-+
-+You might also need to add one or more of these new roles to your SELinux user record.
-+
-+List the SELinux roles your SELinux user can reach by executing:
-+
-+.B $ semanage user -l |grep selinux_name
-+
-+Modify the roles list and add sysadm_r to this list.
-+
-+.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
-+
-+For more details you can see semanage man page.
-+
-+
-+.SH X WINDOWS LOGIN
-+
-+The SELinux user sysadm_u is able to X Windows login.
-+
-+.SH TERMINAL LOGIN
-+
-+The SELinux user sysadm_u is able to terminal login.
-+
-+.SH NETWORK
-+
-+.TP
-+The SELinux user sysadm_u is able to listen on the following tcp ports.
-+
-+.B all ports with out defined types
-+
-+.TP
-+The SELinux user sysadm_u is able to listen on the following udp ports.
-+
-+.B ntp_port_t: 123
-+
-+.B all ports with out defined types
-+
-+.TP
-+The SELinux user sysadm_u is able to connect to the following tcp ports.
-+
-+.B all ports
++tgtd_selinux \- Security Enhanced Linux Policy for the tgtd processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sysadm_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sysadm_t with the tightest access possible.
++Security-Enhanced Linux secures the tgtd processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
-+
-+.EX
-+.B setsebool -P allow_user_mysql_connect 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
-+
-+.EX
-+.B setsebool -P user_ping 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux tgtd policy is very flexible allowing users to setup their tgtd processes in as secure a method as possible.
++.PP
++The following file types are defined for tgtd:
+
-+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
+
+.EX
-+.B setsebool -P user_ttyfile_stat 1
++.PP
++.B tgtd_exec_t
+.EE
+
-+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
++- Set files with the tgtd_exec_t type, if you want to transition an executable to the tgtd_t domain.
++
+
+.EX
-+.B setsebool -P user_share_music 1
++.PP
++.B tgtd_initrc_exec_t
+.EE
+
-+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++- Set files with the tgtd_initrc_exec_t type, if you want to transition an executable to the tgtd_initrc_t domain.
++
+
+.EX
-+.B setsebool -P user_direct_dri 1
++.PP
++.B tgtd_tmp_t
+.EE
+
-+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++- Set files with the tgtd_tmp_t type, if you want to store tgtd temporary files in the /tmp directories.
++
+
+.EX
-+.B setsebool -P user_rw_noexattrfile 1
++.PP
++.B tgtd_tmpfs_t
+.EE
+
-+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++- Set files with the tgtd_tmpfs_t type, if you want to store tgtd files on a tmpfs file system.
++
+
+.EX
-+.B setsebool -P user_tcp_server 1
++.PP
++.B tgtd_var_lib_t
+.EE
+
-+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++- Set files with the tgtd_var_lib_t type, if you want to store the tgtd files under the /var/lib directory.
++
+
+.EX
-+.B setsebool -P user_direct_mouse 1
++.PP
++.B tgtd_var_run_t
+.EE
+
-+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++- Set files with the tgtd_var_run_t type, if you want to store the tgtd files under the /run directory.
+
-+.EX
-+.B setsebool -P user_setrlimit 1
-+.EE
+
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
-+
-+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux tgtd policy is very flexible allowing users to setup their tgtd processes in as secure a method as possible.
++.PP
++The following process types are defined for tgtd:
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B tgtd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH HOME_EXEC
-+
-+The SELinux user sysadm_u is able execute home content files.
-+
-+.SH TRANSITIONS
-+
-+Three things can happen when sysadm_t attempts to execute a program.
-+
-+\fB1.\fP SELinux Policy can deny sysadm_t from executing the program.
-+
-+.TP
-+
-+\fB2.\fP SELinux Policy can allow sysadm_t to execute the program in the current user type.
++.SH "MANAGED FILES"
+
-+Execute the following to see the types that the SELinux user sysadm_t can execute without transitioning:
++The SELinux user type tgtd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B sesearch -A -s sysadm_t -c file -p execute_no_trans
++.br
++.B tgtd_tmpfs_t
+
-+.TP
+
-+\fB3.\fP SELinux can allow sysadm_t to execute the program and transition to a new type.
++.br
++.B tgtd_var_lib_t
+
-+Execute the following to see the types that the SELinux user sysadm_t can execute and transition:
++ /var/lib/tgtd(/.*)?
++.br
+
-+.B $ sesearch -A -s sysadm_t -c process -p transition
++.br
++.B tgtd_var_run_t
+
++ /var/run/tgtd.*
++.br
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
-+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/syslogd_selinux.8 b/man/man8/syslogd_selinux.8
++selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/thumb_selinux.8 b/man/man8/thumb_selinux.8
new file mode 100644
-index 0000000..838078a
+index 0000000..493c0e0
--- /dev/null
-+++ b/man/man8/syslogd_selinux.8
-@@ -0,0 +1,195 @@
-+.TH "syslogd_selinux" "8" "syslogd" "dwalsh at redhat.com" "syslogd SELinux Policy documentation"
++++ b/man/man8/thumb_selinux.8
+@@ -0,0 +1,161 @@
++.TH "thumb_selinux" "8" "thumb" "dwalsh at redhat.com" "thumb SELinux Policy documentation"
+.SH "NAME"
-+syslogd_selinux \- Security Enhanced Linux Policy for the syslogd processes
++thumb_selinux \- Security Enhanced Linux Policy for the thumb processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the syslogd processes via flexible mandatory access
++Security-Enhanced Linux secures the thumb processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. syslogd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run syslogd with the tightest access possible.
-+
-+
-+.PP
-+If you want to determine whether Polipo session daemon can send syslog messages, you must turn on the polipo_session_send_syslog_msg boolean.
-+
-+.EX
-+.B setsebool -P polipo_session_send_syslog_msg 1
-+.EE
-+
-+.PP
-+If you want to allow syslogd the ability to read/write terminals, you must turn on the logging_syslogd_use_tty boolean.
-+
-+.EX
-+.B setsebool -P logging_syslogd_use_tty 1
-+.EE
-+
-+.PP
-+If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
-+
-+.EX
-+.B setsebool -P logging_syslogd_can_sendmail 1
-+.EE
-+
-+.PP
-+If you want to determine whether Git session daemons can send syslog messages, you must turn on the git_session_send_syslog_msg boolean.
-+
-+.EX
-+.B setsebool -P git_session_send_syslog_msg 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the syslogd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the thumb_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the syslogd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the thumb_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -52001,62 +86543,46 @@ index 0000000..838078a
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
++SELinux thumb policy is very flexible allowing users to setup their thumb processes in as secure a method as possible.
+.PP
-+The following file types are defined for syslogd:
++The following file types are defined for thumb:
+
+
+.EX
+.PP
-+.B syslogd_exec_t
++.B thumb_exec_t
+.EE
+
-+- Set files with the syslogd_exec_t type, if you want to transition an executable to the syslogd_t domain.
++- Set files with the thumb_exec_t type, if you want to transition an executable to the thumb_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/sbin/metalog, /usr/lib/systemd/systemd-journald, /usr/sbin/syslogd, /usr/sbin/minilogd, /sbin/rsyslogd, /usr/lib/systemd/systemd-kmsg-syslogd, /sbin/syslogd, /sbin/syslog-ng, /sbin/minilogd
-+
-+.EX
-+.PP
-+.B syslogd_initrc_exec_t
-+.EE
-+
-+- Set files with the syslogd_initrc_exec_t type, if you want to transition an executable to the syslogd_initrc_t domain.
-+
++/usr/bin/whaaw-thumbnailer, /usr/lib/tumbler[^/]*/tumblerd, /usr/bin/raw-thumbnailer, /usr/bin/shotwell-video-thumbnailer, /usr/bin/evince-thumbnailer, /usr/bin/[^/]*thumbnailer, /usr/bin/ffmpegthumbnailer, /usr/bin/gsf-office-thumbnailer, /usr/bin/totem-video-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/gnome-[^/]*-thumbnailer(.sh)?
+
+.EX
+.PP
-+.B syslogd_tmp_t
++.B thumb_home_t
+.EE
+
-+- Set files with the syslogd_tmp_t type, if you want to store syslogd temporary files in the /tmp directories.
++- Set files with the thumb_home_t type, if you want to store thumb files in the users home directory.
+
+
+.EX
+.PP
-+.B syslogd_var_lib_t
++.B thumb_tmp_t
+.EE
+
-+- Set files with the syslogd_var_lib_t type, if you want to store the syslogd files under the /var/lib directory.
++- Set files with the thumb_tmp_t type, if you want to store thumb temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/syslog-ng.persist, /var/lib/r?syslog(/.*)?, /var/lib/syslog-ng(/.*)?
+
+.EX
+.PP
-+.B syslogd_var_run_t
++.B thumb_tmpfs_t
+.EE
+
-+- Set files with the syslogd_var_run_t type, if you want to store the syslogd files under the /run directory.
++- Set files with the thumb_tmpfs_t type, if you want to store thumb files on a tmpfs file system.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/syslogd\.pid, /var/log/syslog-ng(/.*)?, /var/run/syslog-ng(/.*)?, /var/run/metalog\.pid, /var/run/log(/.*)?, /var/run/syslog-ng.ctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52065,48 +86591,69 @@ index 0000000..838078a
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
++Policy governs the access confined processes have to files.
++SELinux thumb policy is very flexible allowing users to setup their thumb processes in as secure a method as possible.
+.PP
-+The following port types are defined for syslogd:
++The following process types are defined for thumb:
+
+.EX
-+.TP 5
-+.B syslogd_port_t
-+.TP 10
++.B thumb_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+Default Defined Ports:
-+tcp 6514
-+.EE
-+udp 514,6514
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for syslogd:
++The SELinux user type thumb_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B gstreamer_home_t
++
++ /var/run/user/[^/]*/\.orc(/.*)?
++.br
++ /root/\.gstreamer-.*
++.br
++ /home/[^/]*/\.orc(/.*)?
++.br
++ /home/[^/]*/\.gstreamer-.*
++.br
++ /home/[^/]*/\.grl-bookmarks
++.br
++ /home/[^/]*/\.grl-bookmarks
++.br
++ /home/[^/]*/\.grl-metadata-store
++.br
+
-+.EX
-+.B syslogd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B thumb_home_t
++
++ /home/[^/]*/.cache/thumbnails(/.*)?
++.br
++ /home/[^/]*/\.thumbnails(/.*)?
++.br
++ /home/[^/]*/missfont\.log.*
++.br
++
++.br
++.B thumb_tmp_t
++
++
++.br
++.B thumb_tmpfs_t
++
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -52118,51 +86665,43 @@ index 0000000..838078a
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), syslogd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/sysstat_selinux.8 b/man/man8/sysstat_selinux.8
++selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tmpreaper_selinux.8 b/man/man8/tmpreaper_selinux.8
new file mode 100644
-index 0000000..752b8da
+index 0000000..4a2c44b
--- /dev/null
-+++ b/man/man8/sysstat_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "sysstat_selinux" "8" "sysstat" "dwalsh at redhat.com" "sysstat SELinux Policy documentation"
++++ b/man/man8/tmpreaper_selinux.8
+@@ -0,0 +1,127 @@
++.TH "tmpreaper_selinux" "8" "tmpreaper" "dwalsh at redhat.com" "tmpreaper SELinux Policy documentation"
+.SH "NAME"
-+sysstat_selinux \- Security Enhanced Linux Policy for the sysstat processes
++tmpreaper_selinux \- Security Enhanced Linux Policy for the tmpreaper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sysstat processes via flexible mandatory access
++Security-Enhanced Linux secures the tmpreaper processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sysstat_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tmpreaper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sysstat_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the tmpreaper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -52171,34 +86710,22 @@ index 0000000..752b8da
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux sysstat policy is very flexible allowing users to setup their sysstat processes in as secure a method as possible.
++SELinux tmpreaper policy is very flexible allowing users to setup their tmpreaper processes in as secure a method as possible.
+.PP
-+The following file types are defined for sysstat:
-+
-+
-+.EX
-+.PP
-+.B sysstat_exec_t
-+.EE
-+
-+- Set files with the sysstat_exec_t type, if you want to transition an executable to the sysstat_t domain.
++The following file types are defined for tmpreaper:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/sa/sa.*, /usr/lib/sysstat/sa.*, /usr/lib/atsar/atsa.*
+
+.EX
+.PP
-+.B sysstat_log_t
++.B tmpreaper_exec_t
+.EE
+
-+- Set files with the sysstat_log_t type, if you want to treat the data as sysstat log data, usually stored under the /var/log directory.
++- Set files with the tmpreaper_exec_t type, if you want to transition an executable to the tmpreaper_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/log/sysstat(/.*)?, /var/log/sa(/.*)?, /var/log/atsar(/.*)?
++/usr/sbin/tmpwatch, /usr/sbin/tmpreaper
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52213,18 +86740,54 @@ index 0000000..752b8da
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux sysstat policy is very flexible allowing users to setup their sysstat processes in as secure a method as possible.
++SELinux tmpreaper policy is very flexible allowing users to setup their tmpreaper processes in as secure a method as possible.
+.PP
-+The following process types are defined for sysstat:
++The following process types are defined for tmpreaper:
+
+.EX
-+.B sysstat_t
++.B tmpreaper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tmpreaper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B amavis_spool_t
++
++ /var/spool/amavisd(/.*)?
++.br
++
++.br
++.B kismet_log_t
++
++ /var/log/kismet(/.*)?
++.br
++
++.br
++.B print_spool_t
++
++ /var/spool/lpd(/.*)?
++.br
++ /var/spool/cups(/.*)?
++.br
++ /var/spool/cups-pdf(/.*)?
++.br
++
++.br
++.B rpm_var_cache_t
++
++ /var/cache/yum(/.*)?
++.br
++ /var/spool/up2date(/.*)?
++.br
++ /var/cache/PackageKit(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -52240,316 +86803,283 @@ index 0000000..752b8da
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/system_selinux.8 b/man/man8/system_selinux.8
++selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tomcat_selinux.8 b/man/man8/tomcat_selinux.8
new file mode 100644
-index 0000000..6ad303f
+index 0000000..139155c
--- /dev/null
-+++ b/man/man8/system_selinux.8
-@@ -0,0 +1,350 @@
-+.TH "system_selinux" "8" "system" "dwalsh at redhat.com" "system SELinux Policy documentation"
++++ b/man/man8/tomcat_selinux.8
+@@ -0,0 +1,153 @@
++.TH "tomcat_selinux" "8" "tomcat" "dwalsh at redhat.com" "tomcat SELinux Policy documentation"
+.SH "NAME"
-+system_selinux \- Security Enhanced Linux Policy for the system processes
++tomcat_selinux \- Security Enhanced Linux Policy for the tomcat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the system processes via flexible mandatory access
++Security-Enhanced Linux secures the tomcat processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. system policy is extremely flexible and has several booleans that allow you to manipulate the policy and run system with the tightest access possible.
-+
-+
-+.PP
-+If you want to determine whether Git system daemon can access cifs file systems, you must turn on the git_system_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P git_system_use_cifs 1
-+.EE
-+
-+.PP
-+If you want to determine whether Git system daemon can search home directories, you must turn on the git_system_enable_homedirs boolean.
-+
-+.EX
-+.B setsebool -P git_system_enable_homedirs 1
-+.EE
-+
-+.PP
-+If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P git_system_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
-+
-+.EX
-+.B setsebool -P clamscan_can_scan_system 1
-+.EE
-+
-+.PP
-+If you want to enable support for systemd as the init program, you must turn on the init_systemd boolean.
-+
-+.EX
-+.B setsebool -P init_systemd 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the system_cronjob_t, systemd_notify_t, systemd_logind_t, system_dbusd_t, systemd_passwd_agent_t, systemd_logger_t, systemd_tmpfiles_t, system_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the system_cronjob_t, systemd_notify_t, systemd_logind_t, system_dbusd_t, systemd_passwd_agent_t, systemd_logger_t, systemd_tmpfiles_t, system_mail_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux system policy is very flexible allowing users to setup their system processes in as secure a method as possible.
++SELinux tomcat policy is very flexible allowing users to setup their tomcat processes in as secure a method as possible.
+.PP
-+The following file types are defined for system:
++The following file types are defined for tomcat:
+
+
+.EX
+.PP
-+.B system_conf_t
++.B tomcat_cache_t
+.EE
+
-+- Set files with the system_conf_t type, if you want to treat the files as system configuration data, usually stored under the /etc directory.
++- Set files with the tomcat_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysctl\.conf(\.old)?, /etc/sysconfig/ipvsadm.*, /etc/sysconfig/ebtables.*, /etc/sysconfig/ip6?tables.*, /etc/sysconfig/system-config-firewall.*
+
+.EX
+.PP
-+.B system_cron_spool_t
++.B tomcat_exec_t
+.EE
+
-+- Set files with the system_cron_spool_t type, if you want to store the system cron files under the /var/spool directory.
++- Set files with the tomcat_exec_t type, if you want to transition an executable to the tomcat_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/crontab, /var/spool/anacron(/.*)?, /etc/cron\.d(/.*)?, /var/spool/fcron/systab\.orig, /var/spool/fcron/new\.systab, /var/spool/fcron/systab
+
+.EX
+.PP
-+.B system_cronjob_lock_t
++.B tomcat_log_t
+.EE
+
-+- Set files with the system_cronjob_lock_t type, if you want to treat the files as system cronjob lock data, stored under the /var/lock directory
++- Set files with the tomcat_log_t type, if you want to treat the data as tomcat log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B system_cronjob_tmp_t
++.B tomcat_tmp_t
+.EE
+
-+- Set files with the system_cronjob_tmp_t type, if you want to store system cronjob temporary files in the /tmp directories.
++- Set files with the tomcat_tmp_t type, if you want to store tomcat temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B system_cronjob_var_lib_t
++.B tomcat_unit_file_t
+.EE
+
-+- Set files with the system_cronjob_var_lib_t type, if you want to store the system cronjob files under the /var/lib directory.
++- Set files with the tomcat_unit_file_t type, if you want to treat the files as tomcat unit content.
+
+
+.EX
+.PP
-+.B system_cronjob_var_run_t
++.B tomcat_var_lib_t
+.EE
+
-+- Set files with the system_cronjob_var_run_t type, if you want to store the system cronjob files under the /run directory.
++- Set files with the tomcat_var_lib_t type, if you want to store the tomcat files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B system_dbusd_tmp_t
++.B tomcat_var_run_t
+.EE
+
-+- Set files with the system_dbusd_tmp_t type, if you want to store system dbusd temporary files in the /tmp directories.
++- Set files with the tomcat_var_run_t type, if you want to store the tomcat files under the /run directory.
+
+
-+.EX
+.PP
-+.B system_dbusd_var_lib_t
-+.EE
-+
-+- Set files with the system_dbusd_var_lib_t type, if you want to store the system dbusd files under the /var/lib directory.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux tomcat policy is very flexible allowing users to setup their tomcat processes in as secure a method as possible.
++.PP
++The following process types are defined for tomcat:
+
+.EX
-+.PP
-+.B system_dbusd_var_run_t
++.B tomcat_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the system_dbusd_var_run_t type, if you want to store the system dbusd files under the /run directory.
++.SH "MANAGED FILES"
++
++The SELinux user type tomcat_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/run/dbus(/.*)?, /var/run/dbus(/.*)?
++.B tomcat_cache_t
+
-+.EX
-+.PP
-+.B system_mail_tmp_t
-+.EE
++ /var/cache/tomcat6?(/.*)?
++.br
+
-+- Set files with the system_mail_tmp_t type, if you want to store system mail temporary files in the /tmp directories.
++.br
++.B tomcat_log_t
+
++ /var/log/tomcat6?(/.*)?
++.br
+
-+.EX
-+.PP
-+.B system_map_t
-+.EE
++.br
++.B tomcat_tmp_t
+
-+- Set files with the system_map_t type, if you want to treat the files as system map data.
+
+.br
-+.TP 5
-+Paths:
-+/boot/System\.map(-.*)?, /boot/efi(/.*)?/System\.map(-.*)?
++.B tomcat_var_lib_t
+
-+.EX
-+.PP
-+.B system_munin_plugin_exec_t
-+.EE
++ /var/lib/tomcat6?(/.*)?
++.br
+
-+- Set files with the system_munin_plugin_exec_t type, if you want to transition an executable to the system_munin_plugin_t domain.
++.br
++.B tomcat_var_run_t
+
++ /var/run/tomcat6?\.pid
+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/swap, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/load, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/users, /usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/open_files
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B system_munin_plugin_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the system_munin_plugin_tmp_t type, if you want to store system munin plugin temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B systemd_logger_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), tomcat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tor_selinux.8 b/man/man8/tor_selinux.8
+new file mode 100644
+index 0000000..be9fcf4
+--- /dev/null
++++ b/man/man8/tor_selinux.8
+@@ -0,0 +1,219 @@
++.TH "tor_selinux" "8" "tor" "dwalsh at redhat.com" "tor SELinux Policy documentation"
++.SH "NAME"
++tor_selinux \- Security Enhanced Linux Policy for the tor processes
++.SH "DESCRIPTION"
+
-+- Set files with the systemd_logger_exec_t type, if you want to transition an executable to the systemd_logger_t domain.
++Security-Enhanced Linux secures the tor processes via flexible mandatory access
++control.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. tor policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tor with the tightest access possible.
+
+
-+.EX
+.PP
-+.B systemd_logind_exec_t
++If you want to allow tor daemon to bind tcp sockets to all unreserved ports, you must turn on the tor_bind_all_unreserved_ports boolean.
++
++.EX
++.B setsebool -P tor_bind_all_unreserved_ports 1
+.EE
+
-+- Set files with the systemd_logind_exec_t type, if you want to transition an executable to the systemd_logind_t domain.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tor_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B systemd_logind_sessions_t
++If you want to allow confined applications to run with kerberos for the tor_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the systemd_logind_sessions_t type, if you want to treat the files as systemd logind sessions data.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
++.PP
++The following file types are defined for tor:
+
+
+.EX
+.PP
-+.B systemd_logind_var_run_t
++.B tor_etc_t
+.EE
+
-+- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory.
++- Set files with the tor_etc_t type, if you want to store tor files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nologin, /var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)?
+
+.EX
+.PP
-+.B systemd_notify_exec_t
++.B tor_exec_t
+.EE
+
-+- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain.
++- Set files with the tor_exec_t type, if you want to transition an executable to the tor_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/systemd-notify, /bin/systemd-notify
++/usr/sbin/tor, /usr/bin/tor
+
+.EX
+.PP
-+.B systemd_passwd_agent_exec_t
++.B tor_initrc_exec_t
+.EE
+
-+- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain.
++- Set files with the tor_initrc_exec_t type, if you want to transition an executable to the tor_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent
+
+.EX
+.PP
-+.B systemd_passwd_var_run_t
++.B tor_unit_file_t
+.EE
+
-+- Set files with the systemd_passwd_var_run_t type, if you want to store the systemd passwd files under the /run directory.
++- Set files with the tor_unit_file_t type, if you want to treat the files as tor unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/systemd/ask-password(/.*)?, /var/run/systemd/ask-password-block(/.*)?
+
+.EX
+.PP
-+.B systemd_systemctl_exec_t
++.B tor_var_lib_t
+.EE
+
-+- Set files with the systemd_systemctl_exec_t type, if you want to transition an executable to the systemd_systemctl_t domain.
++- Set files with the tor_var_lib_t type, if you want to store the tor files under the /var/lib directory.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/systemctl, /bin/systemctl
++/var/lib/tor(/.*)?, /var/lib/tor-data(/.*)?
+
+.EX
+.PP
-+.B systemd_tmpfiles_exec_t
++.B tor_var_log_t
+.EE
+
-+- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain.
++- Set files with the tor_var_log_t type, if you want to treat the data as tor var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
+
+.EX
+.PP
-+.B systemd_unit_file_t
++.B tor_var_run_t
+.EE
+
-+- Set files with the systemd_unit_file_t type, if you want to treat the files as systemd unit content.
++- Set files with the tor_var_run_t type, if you want to store the tor files under the /run directory.
+
+
+.PP
@@ -52559,24 +87089,82 @@ index 0000000..6ad303f
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
++.PP
++The following port types are defined for tor:
++
++.EX
++.TP 5
++.B tor_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 6969,9001,9030,9051
++.EE
++
++.EX
++.TP 5
++.B tor_socks_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 9050
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux system policy is very flexible allowing users to setup their system processes in as secure a method as possible.
++SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
+.PP
-+The following process types are defined for system:
++The following process types are defined for tor:
+
+.EX
-+.B system_munin_plugin_t, systemd_logger_t, systemd_logind_t, system_cronjob_t, systemd_notify_t, system_mail_t, systemd_passwd_agent_t, system_dbusd_t, systemd_tmpfiles_t
++.B tor_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tor_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B tor_var_lib_t
++
++ /var/lib/tor(/.*)?
++.br
++ /var/lib/tor-data(/.*)?
++.br
++
++.br
++.B tor_var_log_t
++
++ /var/log/tor(/.*)?
++.br
++
++.br
++.B tor_var_run_t
++
++ /var/run/tor(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -52587,6 +87175,9 @@ index 0000000..6ad303f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -52595,79 +87186,40 @@ index 0000000..6ad303f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), system(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tor(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
-diff --git a/man/man8/systemd_selinux.8 b/man/man8/systemd_selinux.8
+diff --git a/man/man8/traceroute_selinux.8 b/man/man8/traceroute_selinux.8
new file mode 100644
-index 0000000..daf7004
+index 0000000..cd79def
--- /dev/null
-+++ b/man/man8/systemd_selinux.8
-@@ -0,0 +1,226 @@
-+.TH "systemd_selinux" "8" "systemd" "dwalsh at redhat.com" "systemd SELinux Policy documentation"
++++ b/man/man8/traceroute_selinux.8
+@@ -0,0 +1,121 @@
++.TH "traceroute_selinux" "8" "traceroute" "dwalsh at redhat.com" "traceroute SELinux Policy documentation"
+.SH "NAME"
-+systemd_selinux \- Security Enhanced Linux Policy for the systemd processes
++traceroute_selinux \- Security Enhanced Linux Policy for the traceroute processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the systemd processes via flexible mandatory access
++Security-Enhanced Linux secures the traceroute processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. systemd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run systemd with the tightest access possible.
-+
-+
-+.PP
-+If you want to determine whether Git system daemon can access cifs file systems, you must turn on the git_system_use_cifs boolean.
-+
-+.EX
-+.B setsebool -P git_system_use_cifs 1
-+.EE
-+
-+.PP
-+If you want to determine whether Git system daemon can search home directories, you must turn on the git_system_enable_homedirs boolean.
-+
-+.EX
-+.B setsebool -P git_system_enable_homedirs 1
-+.EE
-+
-+.PP
-+If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P git_system_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
-+
-+.EX
-+.B setsebool -P clamscan_can_scan_system 1
-+.EE
-+
-+.PP
-+If you want to enable support for systemd as the init program, you must turn on the init_systemd boolean.
-+
-+.EX
-+.B setsebool -P init_systemd 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the system_cronjob_t, systemd_notify_t, systemd_logind_t, system_dbusd_t, systemd_passwd_agent_t, systemd_logger_t, systemd_tmpfiles_t, system_mail_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the traceroute_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the system_cronjob_t, systemd_notify_t, systemd_logind_t, system_dbusd_t, systemd_passwd_agent_t, systemd_logger_t, systemd_tmpfiles_t, system_mail_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the traceroute_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -52676,114 +87228,22 @@ index 0000000..daf7004
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux systemd policy is very flexible allowing users to setup their systemd processes in as secure a method as possible.
++SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
+.PP
-+The following file types are defined for systemd:
-+
-+
-+.EX
-+.PP
-+.B systemd_logger_exec_t
-+.EE
-+
-+- Set files with the systemd_logger_exec_t type, if you want to transition an executable to the systemd_logger_t domain.
-+
-+
-+.EX
-+.PP
-+.B systemd_logind_exec_t
-+.EE
-+
-+- Set files with the systemd_logind_exec_t type, if you want to transition an executable to the systemd_logind_t domain.
-+
-+
-+.EX
-+.PP
-+.B systemd_logind_sessions_t
-+.EE
-+
-+- Set files with the systemd_logind_sessions_t type, if you want to treat the files as systemd logind sessions data.
-+
-+
-+.EX
-+.PP
-+.B systemd_logind_var_run_t
-+.EE
-+
-+- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nologin, /var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)?
-+
-+.EX
-+.PP
-+.B systemd_notify_exec_t
-+.EE
-+
-+- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemd-notify, /bin/systemd-notify
-+
-+.EX
-+.PP
-+.B systemd_passwd_agent_exec_t
-+.EE
-+
-+- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent
-+
-+.EX
-+.PP
-+.B systemd_passwd_var_run_t
-+.EE
-+
-+- Set files with the systemd_passwd_var_run_t type, if you want to store the systemd passwd files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/systemd/ask-password(/.*)?, /var/run/systemd/ask-password-block(/.*)?
-+
-+.EX
-+.PP
-+.B systemd_systemctl_exec_t
-+.EE
-+
-+- Set files with the systemd_systemctl_exec_t type, if you want to transition an executable to the systemd_systemctl_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemctl, /bin/systemctl
-+
-+.EX
-+.PP
-+.B systemd_tmpfiles_exec_t
-+.EE
-+
-+- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain.
++The following file types are defined for traceroute:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
+
+.EX
+.PP
-+.B systemd_unit_file_t
++.B traceroute_exec_t
+.EE
+
-+- Set files with the systemd_unit_file_t type, if you want to treat the files as systemd unit content.
++- Set files with the traceroute_exec_t type, if you want to transition an executable to the traceroute_t domain.
+
++.br
++.TP 5
++Paths:
++/bin/tracepath.*, /usr/sbin/mtr, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.*, /usr/bin/mtr
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52792,24 +87252,51 @@ index 0000000..daf7004
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
++.PP
++The following port types are defined for traceroute:
++
++.EX
++.TP 5
++.B traceroute_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++udp 64000-64010
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux systemd policy is very flexible allowing users to setup their systemd processes in as secure a method as possible.
++SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
+.PP
-+The following process types are defined for systemd:
++The following process types are defined for traceroute:
+
+.EX
-+.B system_munin_plugin_t, systemd_logger_t, systemd_logind_t, system_cronjob_t, systemd_notify_t, system_mail_t, systemd_passwd_agent_t, system_dbusd_t, systemd_tmpfiles_t
++.B traceroute_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type traceroute_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -52820,87 +87307,114 @@ index 0000000..daf7004
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++.B semanage port
++can also be used to manipulate the port definitions
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), systemd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/tcpd_selinux.8 b/man/man8/tcpd_selinux.8
++selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tuned_selinux.8 b/man/man8/tuned_selinux.8
new file mode 100644
-index 0000000..0f29f20
+index 0000000..3d7fc19
--- /dev/null
-+++ b/man/man8/tcpd_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "tcpd_selinux" "8" "tcpd" "dwalsh at redhat.com" "tcpd SELinux Policy documentation"
++++ b/man/man8/tuned_selinux.8
+@@ -0,0 +1,167 @@
++.TH "tuned_selinux" "8" "tuned" "dwalsh at redhat.com" "tuned SELinux Policy documentation"
+.SH "NAME"
-+tcpd_selinux \- Security Enhanced Linux Policy for the tcpd processes
++tuned_selinux \- Security Enhanced Linux Policy for the tuned processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tcpd processes via flexible mandatory access
++Security-Enhanced Linux secures the tuned processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. tcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tcpd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tuned_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean.
++If you want to allow confined applications to run with kerberos for the tuned_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P daemons_use_tcp_wrapper 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux tuned policy is very flexible allowing users to setup their tuned processes in as secure a method as possible.
++.PP
++The following file types are defined for tuned:
++
++
++.EX
+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++.B tuned_etc_t
++.EE
++
++- Set files with the tuned_etc_t type, if you want to store tuned files in the /etc directories.
++
+
+.EX
-+.B setsebool -P user_tcp_server 1
++.PP
++.B tuned_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the tuned_exec_t type, if you want to transition an executable to the tuned_t domain.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B tuned_initrc_exec_t
++.EE
++
++- Set files with the tuned_initrc_exec_t type, if you want to transition an executable to the tuned_initrc_t domain.
++
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tcpd policy is very flexible allowing users to setup their tcpd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tcpd:
++.B tuned_log_t
++.EE
++
++- Set files with the tuned_log_t type, if you want to treat the data as tuned log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/tuned\.log.*, /var/log/tuned(/.*)?
+
+.EX
+.PP
-+.B tcpd_exec_t
++.B tuned_rw_etc_t
+.EE
+
-+- Set files with the tcpd_exec_t type, if you want to transition an executable to the tcpd_t domain.
++- Set files with the tuned_rw_etc_t type, if you want to store tuned rw files in the /etc directories.
+
+
+.EX
+.PP
-+.B tcpd_tmp_t
++.B tuned_var_run_t
+.EE
+
-+- Set files with the tcpd_tmp_t type, if you want to store tcpd temporary files in the /tmp directories.
++- Set files with the tuned_var_run_t type, if you want to store the tuned files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/tuned(/.*)?, /var/run/tuned\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52915,18 +87429,50 @@ index 0000000..0f29f20
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tcpd policy is very flexible allowing users to setup their tcpd processes in as secure a method as possible.
++SELinux tuned policy is very flexible allowing users to setup their tuned processes in as secure a method as possible.
+.PP
-+The following process types are defined for tcpd:
++The following process types are defined for tuned:
+
+.EX
-+.B tcpd_t
++.B tuned_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tuned_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B tuned_log_t
++
++ /var/log/tuned(/.*)?
++.br
++ /var/log/tuned\.log.*
++.br
++
++.br
++.B tuned_rw_etc_t
++
++ /etc/tuned/active_profile
++.br
++
++.br
++.B tuned_var_run_t
++
++ /var/run/tuned(/.*)?
++.br
++ /var/run/tuned\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -52937,83 +87483,72 @@ index 0000000..0f29f20
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tcpd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/tcsd_selinux.8 b/man/man8/tcsd_selinux.8
++selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/tvtime_selinux.8 b/man/man8/tvtime_selinux.8
new file mode 100644
-index 0000000..e16b7a1
+index 0000000..e927877
--- /dev/null
-+++ b/man/man8/tcsd_selinux.8
++++ b/man/man8/tvtime_selinux.8
@@ -0,0 +1,129 @@
-+.TH "tcsd_selinux" "8" "tcsd" "dwalsh at redhat.com" "tcsd SELinux Policy documentation"
++.TH "tvtime_selinux" "8" "tvtime" "dwalsh at redhat.com" "tvtime SELinux Policy documentation"
+.SH "NAME"
-+tcsd_selinux \- Security Enhanced Linux Policy for the tcsd processes
++tvtime_selinux \- Security Enhanced Linux Policy for the tvtime processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tcsd processes via flexible mandatory access
++Security-Enhanced Linux secures the tvtime processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tcsd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the tcsd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
++SELinux tvtime policy is very flexible allowing users to setup their tvtime processes in as secure a method as possible.
+.PP
-+The following file types are defined for tcsd:
++The following file types are defined for tvtime:
+
+
+.EX
+.PP
-+.B tcsd_exec_t
++.B tvtime_exec_t
+.EE
+
-+- Set files with the tcsd_exec_t type, if you want to transition an executable to the tcsd_t domain.
++- Set files with the tvtime_exec_t type, if you want to transition an executable to the tvtime_t domain.
+
+
+.EX
+.PP
-+.B tcsd_initrc_exec_t
++.B tvtime_home_t
+.EE
+
-+- Set files with the tcsd_initrc_exec_t type, if you want to transition an executable to the tcsd_initrc_t domain.
++- Set files with the tvtime_home_t type, if you want to store tvtime files in the users home directory.
+
+
+.EX
+.PP
-+.B tcsd_var_lib_t
++.B tvtime_tmp_t
+.EE
+
-+- Set files with the tcsd_var_lib_t type, if you want to store the tcsd files under the /var/lib directory.
++- Set files with the tvtime_tmp_t type, if you want to store tvtime temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B tvtime_tmpfs_t
++.EE
++
++- Set files with the tvtime_tmpfs_t type, if you want to store tvtime files on a tmpfs file system.
+
+
+.PP
@@ -53023,47 +87558,56 @@ index 0000000..e16b7a1
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for tcsd:
-+
-+.EX
-+.TP 5
-+.B tcs_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 30003
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible.
++SELinux tvtime policy is very flexible allowing users to setup their tvtime processes in as secure a method as possible.
+.PP
-+The following process types are defined for tcsd:
++The following process types are defined for tvtime:
+
+.EX
-+.B tcsd_t
++.B tvtime_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type tvtime_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B tvtime_home_t
++
++
++.br
++.B tvtime_tmp_t
++
++
++.br
++.B tvtime_tmpfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -53074,64 +87618,43 @@ index 0000000..e16b7a1
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/telepathy_selinux.8 b/man/man8/telepathy_selinux.8
++selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/udev_selinux.8 b/man/man8/udev_selinux.8
new file mode 100644
-index 0000000..aca274f
+index 0000000..ff99256
--- /dev/null
-+++ b/man/man8/telepathy_selinux.8
-@@ -0,0 +1,321 @@
-+.TH "telepathy_selinux" "8" "telepathy" "dwalsh at redhat.com" "telepathy SELinux Policy documentation"
++++ b/man/man8/udev_selinux.8
+@@ -0,0 +1,323 @@
++.TH "udev_selinux" "8" "udev" "dwalsh at redhat.com" "udev SELinux Policy documentation"
+.SH "NAME"
-+telepathy_selinux \- Security Enhanced Linux Policy for the telepathy processes
++udev_selinux \- Security Enhanced Linux Policy for the udev processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the telepathy processes via flexible mandatory access
++Security-Enhanced Linux secures the udev processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. telepathy policy is extremely flexible and has several booleans that allow you to manipulate the policy and run telepathy with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
-+
-+.EX
-+.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
-+.EE
-+
-+.PP
-+If you want to allow the Telepathy connection managers to connect to any network port, you must turn on the telepathy_connect_all_ports boolean.
-+
-+.EX
-+.B setsebool -P telepathy_connect_all_ports 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telepathy_mission_control_t, telepathy_logger_t, telepathy_salut_t, telepathy_gabble_t, telepathy_idle_t, telepathy_sunshine_t, telepathy_stream_engine_t, telepathy_sofiasip_t, telepathy_msn_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the udev_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the telepathy_mission_control_t, telepathy_logger_t, telepathy_salut_t, telepathy_gabble_t, telepathy_idle_t, telepathy_sunshine_t, telepathy_stream_engine_t, telepathy_sofiasip_t, telepathy_msn_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the udev_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -53140,229 +87663,501 @@ index 0000000..aca274f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux telepathy policy is very flexible allowing users to setup their telepathy processes in as secure a method as possible.
++SELinux udev policy is very flexible allowing users to setup their udev processes in as secure a method as possible.
+.PP
-+The following file types are defined for telepathy:
++The following file types are defined for udev:
+
+
+.EX
+.PP
-+.B telepathy_cache_home_t
++.B udev_etc_t
+.EE
+
-+- Set files with the telepathy_cache_home_t type, if you want to store telepathy cache files in the users home directory.
++- Set files with the udev_etc_t type, if you want to store udev files in the /etc directories.
+
+
+.EX
+.PP
-+.B telepathy_data_home_t
++.B udev_exec_t
+.EE
+
-+- Set files with the telepathy_data_home_t type, if you want to store telepathy data files in the users home directory.
++- Set files with the udev_exec_t type, if you want to transition an executable to the udev_t domain.
+
++.br
++.TP 5
++Paths:
++/lib/udev/udevd, /usr/bin/udevinfo, /sbin/udevd, /sbin/udev, /usr/sbin/wait_for_sysfs, /sbin/udevsend, /usr/sbin/udevadm, /usr/bin/udevadm, /usr/sbin/start_udev, /usr/sbin/udev, /usr/sbin/udevsend, /sbin/start_udev, /sbin/udevstart, /bin/udevadm, /sbin/wait_for_sysfs, /lib/udev/udev-acl, /sbin/udevadm, /usr/sbin/udevd, /usr/lib/systemd/systemd-udevd, /usr/sbin/udevstart, /usr/lib/udev/udev-acl, /usr/lib/udev/udevd
+
+.EX
+.PP
-+.B telepathy_gabble_cache_home_t
++.B udev_helper_exec_t
+.EE
+
-+- Set files with the telepathy_gabble_cache_home_t type, if you want to store telepathy gabble cache files in the users home directory.
++- Set files with the udev_helper_exec_t type, if you want to transition an executable to the udev_helper_t domain.
+
++.br
++.TP 5
++Paths:
++/etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*, /etc/dev\.d/.+
+
+.EX
+.PP
-+.B telepathy_gabble_exec_t
++.B udev_rules_t
+.EE
+
-+- Set files with the telepathy_gabble_exec_t type, if you want to transition an executable to the telepathy_gabble_t domain.
++- Set files with the udev_rules_t type, if you want to treat the files as udev rules data.
+
+
+.EX
+.PP
-+.B telepathy_gabble_tmp_t
++.B udev_var_run_t
+.EE
+
-+- Set files with the telepathy_gabble_tmp_t type, if you want to store telepathy gabble temporary files in the /tmp directories.
++- Set files with the udev_var_run_t type, if you want to store the udev files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/udev(/.*)?, /var/run/PackageKit/udev(/.*)?, /dev/\.udevdb, /dev/\.udev(/.*)?, /dev/udev\.tbl, /var/run/libgpod(/.*)?
+
-+.EX
+.PP
-+.B telepathy_idle_exec_t
-+.EE
-+
-+- Set files with the telepathy_idle_exec_t type, if you want to transition an executable to the telepathy_idle_t domain.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux udev policy is very flexible allowing users to setup their udev processes in as secure a method as possible.
++.PP
++The following process types are defined for udev:
+
+.EX
-+.PP
-+.B telepathy_idle_tmp_t
++.B udev_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the telepathy_idle_tmp_t type, if you want to store telepathy idle temporary files in the /tmp directories.
++.SH "MANAGED FILES"
+
++The SELinux user type udev_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B telepathy_logger_cache_home_t
-+.EE
++.br
++.B anon_inodefs_t
+
-+- Set files with the telepathy_logger_cache_home_t type, if you want to store telepathy logger cache files in the users home directory.
+
++.br
++.B device_t
+
-+.EX
-+.PP
-+.B telepathy_logger_data_home_t
-+.EE
++ /dev/.*
++.br
++ /lib/udev/devices(/.*)?
++.br
++ /usr/lib/udev/devices(/.*)?
++.br
++ /dev
++.br
++ /etc/udev/devices
++.br
++ /var/named/chroot/dev
++.br
++ /var/spool/postfix/dev
++.br
+
-+- Set files with the telepathy_logger_data_home_t type, if you want to store telepathy logger data files in the users home directory.
++.br
++.B dhcp_etc_t
+
++ /etc/dhcpc.*
++.br
++ /etc/dhcp3(/.*)?
++.br
++ /etc/dhcpd(6)?\.conf
++.br
++ /etc/dhcp3?/dhclient.*
++.br
++ /etc/dhclient.*conf
++.br
++ /etc/dhcp/dhcpd(6)?\.conf
++.br
++ /etc/dhclient-script
++.br
+
-+.EX
++.br
++.B etc_t
++
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B udev_exec_t
++
++ /sbin/udev
++.br
++ /sbin/udevd
++.br
++ /bin/udevadm
++.br
++ /sbin/udevadm
++.br
++ /sbin/udevsend
++.br
++ /usr/sbin/udev
++.br
++ /lib/udev/udevd
++.br
++ /sbin/udevstart
++.br
++ /usr/sbin/udevd
++.br
++ /sbin/start_udev
++.br
++ /usr/bin/udevadm
++.br
++ /usr/bin/udevinfo
++.br
++ /usr/sbin/udevadm
++.br
++ /lib/udev/udev-acl
++.br
++ /usr/sbin/udevsend
++.br
++ /usr/sbin/udevstart
++.br
++ /usr/lib/udev/udevd
++.br
++ /sbin/wait_for_sysfs
++.br
++ /usr/sbin/start_udev
++.br
++ /usr/lib/udev/udev-acl
++.br
++ /usr/sbin/wait_for_sysfs
++.br
++ /usr/lib/systemd/systemd-udevd
++.br
++
++.br
++.B udev_rules_t
++
++ /etc/udev/rules.d(/.*)?
++.br
++
++.br
++.B udev_var_run_t
++
++ /dev/\.udev(/.*)?
++.br
++ /var/run/udev(/.*)?
++.br
++ /var/run/libgpod(/.*)?
++.br
++ /var/run/PackageKit/udev(/.*)?
++.br
++ /dev/\.udevdb
++.br
++ /dev/udev\.tbl
++.br
++
++.br
++.B xend_var_log_t
++
++ /var/log/xen(/.*)?
++.br
++ /var/log/xend\.log.*
++.br
++ /var/log/xend-debug\.log.*
++.br
++ /var/log/xen-hotplug\.log.*
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B telepathy_logger_exec_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the telepathy_logger_exec_t type, if you want to transition an executable to the telepathy_logger_t domain.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), udev(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ulogd_selinux.8 b/man/man8/ulogd_selinux.8
+new file mode 100644
+index 0000000..120df48
+--- /dev/null
++++ b/man/man8/ulogd_selinux.8
+@@ -0,0 +1,115 @@
++.TH "ulogd_selinux" "8" "ulogd" "dwalsh at redhat.com" "ulogd SELinux Policy documentation"
++.SH "NAME"
++ulogd_selinux \- Security Enhanced Linux Policy for the ulogd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the ulogd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ulogd policy is very flexible allowing users to setup their ulogd processes in as secure a method as possible.
++.PP
++The following file types are defined for ulogd:
+
+
+.EX
+.PP
-+.B telepathy_logger_tmp_t
++.B ulogd_etc_t
+.EE
+
-+- Set files with the telepathy_logger_tmp_t type, if you want to store telepathy logger temporary files in the /tmp directories.
++- Set files with the ulogd_etc_t type, if you want to store ulogd files in the /etc directories.
+
+
+.EX
+.PP
-+.B telepathy_mission_control_cache_home_t
++.B ulogd_exec_t
+.EE
+
-+- Set files with the telepathy_mission_control_cache_home_t type, if you want to store telepathy mission control cache files in the users home directory.
++- Set files with the ulogd_exec_t type, if you want to transition an executable to the ulogd_t domain.
+
+
+.EX
+.PP
-+.B telepathy_mission_control_data_home_t
++.B ulogd_initrc_exec_t
+.EE
+
-+- Set files with the telepathy_mission_control_data_home_t type, if you want to store telepathy mission control data files in the users home directory.
++- Set files with the ulogd_initrc_exec_t type, if you want to transition an executable to the ulogd_initrc_t domain.
+
+
+.EX
+.PP
-+.B telepathy_mission_control_exec_t
++.B ulogd_modules_t
+.EE
+
-+- Set files with the telepathy_mission_control_exec_t type, if you want to transition an executable to the telepathy_mission_control_t domain.
++- Set files with the ulogd_modules_t type, if you want to treat the files as ulogd modules.
+
+
+.EX
+.PP
-+.B telepathy_mission_control_home_t
++.B ulogd_var_log_t
+.EE
+
-+- Set files with the telepathy_mission_control_home_t type, if you want to store telepathy mission control files in the users home directory.
++- Set files with the ulogd_var_log_t type, if you want to treat the data as ulogd var log data, usually stored under the /var/log directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux ulogd policy is very flexible allowing users to setup their ulogd processes in as secure a method as possible.
++.PP
++The following process types are defined for ulogd:
+
+.EX
-+.PP
-+.B telepathy_mission_control_tmp_t
++.B ulogd_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the telepathy_mission_control_tmp_t type, if you want to store telepathy mission control temporary files in the /tmp directories.
-+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B telepathy_msn_exec_t
-+.EE
++The SELinux user type ulogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the telepathy_msn_exec_t type, if you want to transition an executable to the telepathy_msn_t domain.
++.br
++.B ulogd_var_log_t
+
++ /var/log/ulogd(/.*)?
+.br
-+.TP 5
-+Paths:
-+/usr/libexec/telepathy-butterfly, /usr/libexec/telepathy-haze
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B telepathy_msn_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the telepathy_msn_tmp_t type, if you want to store telepathy msn temporary files in the /tmp directories.
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B telepathy_salut_exec_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/uml_selinux.8 b/man/man8/uml_selinux.8
+new file mode 100644
+index 0000000..6cbcd1b
+--- /dev/null
++++ b/man/man8/uml_selinux.8
+@@ -0,0 +1,140 @@
++.TH "uml_selinux" "8" "uml" "dwalsh at redhat.com" "uml SELinux Policy documentation"
++.SH "NAME"
++uml_selinux \- Security Enhanced Linux Policy for the uml processes
++.SH "DESCRIPTION"
+
-+- Set files with the telepathy_salut_exec_t type, if you want to transition an executable to the telepathy_salut_t domain.
++Security-Enhanced Linux secures the uml processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B telepathy_salut_tmp_t
-+.EE
-+
-+- Set files with the telepathy_salut_tmp_t type, if you want to store telepathy salut temporary files in the /tmp directories.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux uml policy is very flexible allowing users to setup their uml processes in as secure a method as possible.
++.PP
++The following file types are defined for uml:
+
+
+.EX
+.PP
-+.B telepathy_sofiasip_exec_t
++.B uml_exec_t
+.EE
+
-+- Set files with the telepathy_sofiasip_exec_t type, if you want to transition an executable to the telepathy_sofiasip_t domain.
++- Set files with the uml_exec_t type, if you want to transition an executable to the uml_t domain.
+
+
+.EX
+.PP
-+.B telepathy_sofiasip_tmp_t
++.B uml_ro_t
+.EE
+
-+- Set files with the telepathy_sofiasip_tmp_t type, if you want to store telepathy sofiasip temporary files in the /tmp directories.
++- Set files with the uml_ro_t type, if you want to treat the files as uml read/only content.
+
+
+.EX
+.PP
-+.B telepathy_stream_engine_exec_t
++.B uml_rw_t
+.EE
+
-+- Set files with the telepathy_stream_engine_exec_t type, if you want to transition an executable to the telepathy_stream_engine_t domain.
++- Set files with the uml_rw_t type, if you want to treat the files as uml read/write content.
+
+
+.EX
+.PP
-+.B telepathy_stream_engine_tmp_t
++.B uml_switch_exec_t
+.EE
+
-+- Set files with the telepathy_stream_engine_tmp_t type, if you want to store telepathy stream engine temporary files in the /tmp directories.
++- Set files with the uml_switch_exec_t type, if you want to transition an executable to the uml_switch_t domain.
+
+
+.EX
+.PP
-+.B telepathy_sunshine_exec_t
++.B uml_switch_var_run_t
+.EE
+
-+- Set files with the telepathy_sunshine_exec_t type, if you want to transition an executable to the telepathy_sunshine_t domain.
++- Set files with the uml_switch_var_run_t type, if you want to store the uml switch files under the /run directory.
+
+
+.EX
+.PP
-+.B telepathy_sunshine_home_t
++.B uml_tmp_t
+.EE
+
-+- Set files with the telepathy_sunshine_home_t type, if you want to store telepathy sunshine files in the users home directory.
++- Set files with the uml_tmp_t type, if you want to store uml temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B telepathy_sunshine_tmp_t
++.B uml_tmpfs_t
+.EE
+
-+- Set files with the telepathy_sunshine_tmp_t type, if you want to store telepathy sunshine temporary files in the /tmp directories.
++- Set files with the uml_tmpfs_t type, if you want to store uml files on a tmpfs file system.
+
+
+.PP
@@ -53378,18 +88173,36 @@ index 0000000..aca274f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux telepathy policy is very flexible allowing users to setup their telepathy processes in as secure a method as possible.
++SELinux uml policy is very flexible allowing users to setup their uml processes in as secure a method as possible.
+.PP
-+The following process types are defined for telepathy:
++The following process types are defined for uml:
+
+.EX
-+.B telepathy_gabble_t, telepathy_sofiasip_t, telepathy_idle_t, telepathy_mission_control_t, telepathy_salut_t, telepathy_sunshine_t, telepathy_logger_t, telepathy_stream_engine_t, telepathy_msn_t
++.B uml_switch_t, uml_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type uml_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B uml_rw_t
++
++ /home/[^/]*/\.uml(/.*)?
++.br
++
++.br
++.B uml_tmp_t
++
++
++.br
++.B uml_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -53400,95 +88213,58 @@ index 0000000..aca274f
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), uml(8), semanage(8), restorecon(8), chcon(1)
++, uml_switch_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/telnetd_selinux.8 b/man/man8/telnetd_selinux.8
+diff --git a/man/man8/uml_switch_selinux.8 b/man/man8/uml_switch_selinux.8
new file mode 100644
-index 0000000..053c28a
+index 0000000..d69f677
--- /dev/null
-+++ b/man/man8/telnetd_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "telnetd_selinux" "8" "telnetd" "dwalsh at redhat.com" "telnetd SELinux Policy documentation"
++++ b/man/man8/uml_switch_selinux.8
+@@ -0,0 +1,92 @@
++.TH "uml_switch_selinux" "8" "uml_switch" "dwalsh at redhat.com" "uml_switch SELinux Policy documentation"
+.SH "NAME"
-+telnetd_selinux \- Security Enhanced Linux Policy for the telnetd processes
++uml_switch_selinux \- Security Enhanced Linux Policy for the uml_switch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the telnetd processes via flexible mandatory access
++Security-Enhanced Linux secures the uml_switch processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the telnetd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the telnetd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
++SELinux uml_switch policy is very flexible allowing users to setup their uml_switch processes in as secure a method as possible.
+.PP
-+The following file types are defined for telnetd:
-+
-+
-+.EX
-+.PP
-+.B telnetd_exec_t
-+.EE
-+
-+- Set files with the telnetd_exec_t type, if you want to transition an executable to the telnetd_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/kerberos/sbin/telnetd, /usr/sbin/in\.telnetd
-+
-+.EX
-+.PP
-+.B telnetd_keytab_t
-+.EE
-+
-+- Set files with the telnetd_keytab_t type, if you want to treat the files as kerberos keytab files.
++The following file types are defined for uml_switch:
+
+
+.EX
+.PP
-+.B telnetd_tmp_t
++.B uml_switch_exec_t
+.EE
+
-+- Set files with the telnetd_tmp_t type, if you want to store telnetd temporary files in the /tmp directories.
++- Set files with the uml_switch_exec_t type, if you want to transition an executable to the uml_switch_t domain.
+
+
+.EX
+.PP
-+.B telnetd_var_run_t
++.B uml_switch_var_run_t
+.EE
+
-+- Set files with the telnetd_var_run_t type, if you want to store the telnetd files under the /run directory.
++- Set files with the uml_switch_var_run_t type, if you want to store the uml switch files under the /run directory.
+
+
+.PP
@@ -53498,47 +88274,34 @@ index 0000000..053c28a
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for telnetd:
-+
-+.EX
-+.TP 5
-+.B telnetd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 23
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible.
++SELinux uml_switch policy is very flexible allowing users to setup their uml_switch processes in as secure a method as possible.
+.PP
-+The following process types are defined for telnetd:
++The following process types are defined for uml_switch:
+
+.EX
-+.B telnetd_t
++.B uml_switch_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type uml_switch_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B uml_switch_var_run_t
++
++ /var/run/uml-utilities(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -53549,132 +88312,191 @@ index 0000000..053c28a
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tftpd_selinux.8 b/man/man8/tftpd_selinux.8
++selinux(8), uml_switch(8), semanage(8), restorecon(8), chcon(1)
++, uml_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/unconfined_selinux.8 b/man/man8/unconfined_selinux.8
new file mode 100644
-index 0000000..a3dee82
+index 0000000..11631ab
--- /dev/null
-+++ b/man/man8/tftpd_selinux.8
-@@ -0,0 +1,179 @@
-+.TH "tftpd_selinux" "8" "tftpd" "dwalsh at redhat.com" "tftpd SELinux Policy documentation"
++++ b/man/man8/unconfined_selinux.8
+@@ -0,0 +1,121 @@
++.TH "unconfined_selinux" "8" "unconfined" "mgrepl at redhat.com" "unconfined SELinux Policy documentation"
+.SH "NAME"
-+tftpd_selinux \- Security Enhanced Linux Policy for the tftpd processes
-+.SH "DESCRIPTION"
++unconfined_r \- \fBUnconfiend user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the tftpd processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
++
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
++
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
++
++The default type for the unconfined_r role is unconfined_t.
++
++The
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r unconfined_r -t unconfined_t
++
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to unconfined_r by adding a similar line to the /etc/sudoers file.
++
++USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
++
++.br
++sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
++
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach unconfined_r role.
++
++Execute the following to see all of the assigned SELinux roles:
++
++.B semanage user -l
++
++You need to add unconfined_r to the staff_u user. You could setup the staff_u user to be able to use the unconfined_r role with a command like:
++
++.B $ semanage user -m -R 'staff_r system_r unconfined_r' staff_u
++
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. unconfined policy is extremely flexible and has several booleans that allow you to manipulate the policy and run unconfined with the tightest access possible.
+
-+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tftpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow database admins to execute DML statement, you must turn on the sepgsql_unconfined_dbadm boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P sepgsql_unconfined_dbadm 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the tftpd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P unconfined_mozilla_plugin_transition 1
+.EE
+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
-+.TP
-+Allow tftpd servers to read the /var/tftpd directory by adding the public_content_t file type to the directory and by restoring the file type.
-+.PP
-+.B
-+semanage fcontext -a -t public_content_t "/var/tftpd(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/tftpd
-+.pp
-+.TP
-+Allow tftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_tftpdd_anon_write boolean to be set.
+.PP
-+.B
-+semanage fcontext -a -t public_content_rw_t "/var/tftpd/incoming(/.*)?"
-+.br
-+.B restorecon -F -R -v /var/tftpd/incoming
++If you want to allow a user to login as an unconfined domain, you must turn on the unconfined_login boolean.
+
++.EX
++.B setsebool -P unconfined_login 1
++.EE
+
+.PP
-+If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
-+.B setsebool -P tftp_anon_write 1
++.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tftpd:
-+
++If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
+
+.EX
-+.PP
-+.B tftpd_etc_t
++.B setsebool -P samba_run_unconfined 1
+.EE
+
-+- Set files with the tftpd_etc_t type, if you want to store tftpd files in the /etc directories.
-+
++.PP
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
+
+.EX
-+.PP
-+.B tftpd_exec_t
++.B setsebool -P unconfined_mplayer 1
+.EE
+
-+- Set files with the tftpd_exec_t type, if you want to transition an executable to the tftpd_t domain.
++.SH "MANAGED FILES"
++
++The SELinux user type unconfined_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.tftpd, /usr/sbin/atftpd
++.B file_type
+
-+.EX
-+.PP
-+.B tftpd_var_run_t
-+.EE
++ all files on the system
++.br
+
-+- Set files with the tftpd_var_run_t type, if you want to store the tftpd files under the /run directory.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
+
-+.EX
+.PP
-+.B tftpdir_rw_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the tftpdir_rw_t type, if you want to treat the files as tftpdir read/write content.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), unconfined(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/update_modules_selinux.8 b/man/man8/update_modules_selinux.8
+new file mode 100644
+index 0000000..4603438
+--- /dev/null
++++ b/man/man8/update_modules_selinux.8
+@@ -0,0 +1,113 @@
++.TH "update_modules_selinux" "8" "update_modules" "dwalsh at redhat.com" "update_modules SELinux Policy documentation"
++.SH "NAME"
++update_modules_selinux \- Security Enhanced Linux Policy for the update_modules processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the update_modules processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux update_modules policy is very flexible allowing users to setup their update_modules processes in as secure a method as possible.
++.PP
++The following file types are defined for update_modules:
+
+
+.EX
+.PP
-+.B tftpdir_t
++.B update_modules_exec_t
+.EE
+
-+- Set files with the tftpdir_t type, if you want to treat the files as tftpdir data.
++- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain.
+
+.br
+.TP 5
+Paths:
-+/tftpboot/.*, /tftpboot
++/usr/sbin/modules-update, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf, /usr/sbin/update-modules
++
++.EX
++.PP
++.B update_modules_tmp_t
++.EE
++
++- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -53683,47 +88505,52 @@ index 0000000..a3dee82
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for tftpd:
-+
-+.EX
-+.TP 5
-+.B tftp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 69
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible.
++SELinux update_modules policy is very flexible allowing users to setup their update_modules processes in as secure a method as possible.
+.PP
-+The following process types are defined for tftpd:
++The following process types are defined for update_modules:
+
+.EX
-+.B tftpd_t
++.B update_modules_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type update_modules_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B modules_conf_t
++
++ /etc/modprobe\.d(/.*)?
++.br
++ /etc/modules\.conf.*
++.br
++ /etc/modprobe\.conf.*
++.br
++ /lib/modules/modprobe\.conf
++.br
++ /usr/lib/modules/modprobe\.conf
++.br
++
++.br
++.B modules_dep_t
++
++ /lib/modules/[^/]+/modules\..+
++.br
++
++.br
++.B update_modules_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -53734,117 +88561,156 @@ index 0000000..a3dee82
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tgtd_selinux.8 b/man/man8/tgtd_selinux.8
++selinux(8), update_modules(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8
new file mode 100644
-index 0000000..6882c89
+index 0000000..25a41bc
--- /dev/null
-+++ b/man/man8/tgtd_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "tgtd_selinux" "8" "tgtd" "dwalsh at redhat.com" "tgtd SELinux Policy documentation"
++++ b/man/man8/updfstab_selinux.8
+@@ -0,0 +1,155 @@
++.TH "updfstab_selinux" "8" "updfstab" "dwalsh at redhat.com" "updfstab SELinux Policy documentation"
+.SH "NAME"
-+tgtd_selinux \- Security Enhanced Linux Policy for the tgtd processes
++updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tgtd processes via flexible mandatory access
++Security-Enhanced Linux secures the updfstab processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tgtd policy is very flexible allowing users to setup their tgtd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tgtd:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the updfstab_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B tgtd_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the tgtd_exec_t type, if you want to transition an executable to the tgtd_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the updfstab_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B tgtd_initrc_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the tgtd_initrc_exec_t type, if you want to transition an executable to the tgtd_initrc_t domain.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
++.PP
++The following file types are defined for updfstab:
+
+
+.EX
+.PP
-+.B tgtd_tmp_t
++.B updfstab_exec_t
+.EE
+
-+- Set files with the tgtd_tmp_t type, if you want to store tgtd temporary files in the /tmp directories.
++- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/updfstab, /usr/sbin/fstab-sync
+
-+.EX
+.PP
-+.B tgtd_tmpfs_t
-+.EE
-+
-+- Set files with the tgtd_tmpfs_t type, if you want to store tgtd files on a tmpfs file system.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
++.PP
++The following process types are defined for updfstab:
+
+.EX
-+.PP
-+.B tgtd_var_lib_t
++.B updfstab_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the tgtd_var_lib_t type, if you want to store the tgtd files under the /var/lib directory.
++.SH "MANAGED FILES"
+
++The SELinux user type updfstab_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B tgtd_var_run_t
-+.EE
++.br
++.B etc_t
+
-+- Set files with the tgtd_var_run_t type, if you want to store the tgtd files under the /run directory.
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
+
++.br
++.B mnt_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /mnt(/[^/]*)
++.br
++ /mnt(/[^/]*)?
++.br
++ /rhev(/[^/]*)?
++.br
++ /media(/[^/]*)
++.br
++ /media(/[^/]*)?
++.br
++ /media/\.hal-.*
++.br
++ /var/run/media(/[^/]*)?
++.br
++ /net
++.br
++ /afs
++.br
++ /rhev
++.br
++ /misc
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux tgtd policy is very flexible allowing users to setup their tgtd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for tgtd:
++.br
++.B security_t
+
-+.EX
-+.B tgtd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /selinux
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -53861,23 +88727,39 @@ index 0000000..6882c89
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/thin_selinux.8 b/man/man8/thin_selinux.8
++selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8
new file mode 100644
-index 0000000..c7f6423
+index 0000000..d56a2c4
--- /dev/null
-+++ b/man/man8/thin_selinux.8
-@@ -0,0 +1,79 @@
-+.TH "thin_selinux" "8" "thin" "dwalsh at redhat.com" "thin SELinux Policy documentation"
++++ b/man/man8/updpwd_selinux.8
+@@ -0,0 +1,157 @@
++.TH "updpwd_selinux" "8" "updpwd" "dwalsh at redhat.com" "updpwd SELinux Policy documentation"
+.SH "NAME"
-+thin_selinux \- Security Enhanced Linux Policy for the thin processes
++updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes
+.SH "DESCRIPTION"
+
++Security-Enhanced Linux secures the updpwd processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the updpwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
+
++.PP
++If you want to allow confined applications to run with kerberos for the updpwd_t, you must turn on the kerberos_enabled boolean.
+
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -53885,29 +88767,25 @@ index 0000000..c7f6423
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux thin policy is very flexible allowing users to setup their thin processes in as secure a method as possible.
++SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
+.PP
-+The following file types are defined for thin:
-+
-+
-+.EX
-+.PP
-+.B thin_exec_t
-+.EE
-+
-+- Set files with the thin_exec_t type, if you want to transition an executable to the thin_t domain.
++The following file types are defined for updpwd:
+
+
+.EX
+.PP
-+.B thin_var_run_t
++.B updpwd_exec_t
+.EE
+
-+- Set files with the thin_var_run_t type, if you want to store the thin files under the /run directory.
++- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain.
+
++.br
++.TP 5
++Paths:
++/sbin/unix_update, /usr/sbin/unix_update
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -53919,18 +88797,84 @@ index 0000000..c7f6423
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux thin policy is very flexible allowing users to setup their thin processes in as secure a method as possible.
++SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
+.PP
-+The following process types are defined for thin:
++The following process types are defined for updpwd:
+
+.EX
-+.B thin_t
++.B updpwd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type updpwd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B etc_t
++
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
++
++.br
++.B passwd_file_t
++
++ /etc/group[-\+]?
++.br
++ /etc/passwd[-\+]?
++.br
++ /etc/ptmptmp
++.br
++ /etc/passwd\.OLD
++.br
++
++.br
++.B shadow_t
++
++ /etc/shadow.*
++.br
++ /etc/gshadow.*
++.br
++ /var/db/shadow.*
++.br
++ /etc/passwd\.adjunct.*
++.br
++ /etc/\.pwd\.lock
++.br
++ /etc/group\.lock
++.br
++ /etc/passwd\.lock
++.br
++ /etc/security/opasswd
++.br
++ /etc/security/opasswd\.old
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -53946,78 +88890,48 @@ index 0000000..c7f6423
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), thin(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/thumb_selinux.8 b/man/man8/thumb_selinux.8
++selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8
new file mode 100644
-index 0000000..99425cf
+index 0000000..d1f54d5
--- /dev/null
-+++ b/man/man8/thumb_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "thumb_selinux" "8" "thumb" "dwalsh at redhat.com" "thumb SELinux Policy documentation"
++++ b/man/man8/usbmodules_selinux.8
+@@ -0,0 +1,85 @@
++.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh at redhat.com" "usbmodules SELinux Policy documentation"
+.SH "NAME"
-+thumb_selinux \- Security Enhanced Linux Policy for the thumb processes
++usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the thumb processes via flexible mandatory access
++Security-Enhanced Linux secures the usbmodules processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the thumb_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the thumb_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux thumb policy is very flexible allowing users to setup their thumb processes in as secure a method as possible.
++SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
+.PP
-+The following file types are defined for thumb:
++The following file types are defined for usbmodules:
+
+
+.EX
+.PP
-+.B thumb_exec_t
++.B usbmodules_exec_t
+.EE
+
-+- Set files with the thumb_exec_t type, if you want to transition an executable to the thumb_t domain.
++- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/whaaw-thumbnailer, /usr/lib/tumbler[^/]*/tumblerd, /usr/bin/raw-thumbnailer, /usr/bin/evince-thumbnailer, /usr/bin/[^/]*thumbnailer, /usr/bin/ffmpegthumbnailer, /usr/bin/shotwell-video-thumbnailer, /usr/bin/gsf-office-thumbnailer, /usr/bin/totem-video-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/gnome-[^/]*-thumbnailer(.sh)?
-+
-+.EX
-+.PP
-+.B thumb_home_t
-+.EE
-+
-+- Set files with the thumb_home_t type, if you want to store thumb files in the users home directory.
-+
-+
-+.EX
-+.PP
-+.B thumb_tmp_t
-+.EE
-+
-+- Set files with the thumb_tmp_t type, if you want to store thumb temporary files in the /tmp directories.
-+
++/usr/sbin/usbmodules, /sbin/usbmodules
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54032,18 +88946,26 @@ index 0000000..99425cf
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux thumb policy is very flexible allowing users to setup their thumb processes in as secure a method as possible.
++SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
+.PP
-+The following process types are defined for thumb:
++The following process types are defined for usbmodules:
+
+.EX
-+.B thumb_t
++.B usbmodules_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type usbmodules_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B usbfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54059,38 +88981,38 @@ index 0000000..99425cf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tmpreaper_selinux.8 b/man/man8/tmpreaper_selinux.8
++selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8
new file mode 100644
-index 0000000..5dbbf85
+index 0000000..d031d76
--- /dev/null
-+++ b/man/man8/tmpreaper_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "tmpreaper_selinux" "8" "tmpreaper" "dwalsh at redhat.com" "tmpreaper SELinux Policy documentation"
++++ b/man/man8/usbmuxd_selinux.8
+@@ -0,0 +1,105 @@
++.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh at redhat.com" "usbmuxd SELinux Policy documentation"
+.SH "NAME"
-+tmpreaper_selinux \- Security Enhanced Linux Policy for the tmpreaper processes
++usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tmpreaper processes via flexible mandatory access
++Security-Enhanced Linux secures the usbmuxd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tmpreaper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the usbmuxd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the tmpreaper_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the usbmuxd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -54099,22 +89021,26 @@ index 0000000..5dbbf85
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux tmpreaper policy is very flexible allowing users to setup their tmpreaper processes in as secure a method as possible.
++SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
+.PP
-+The following file types are defined for tmpreaper:
++The following file types are defined for usbmuxd:
+
+
+.EX
+.PP
-+.B tmpreaper_exec_t
++.B usbmuxd_exec_t
+.EE
+
-+- Set files with the tmpreaper_exec_t type, if you want to transition an executable to the tmpreaper_t domain.
++- Set files with the usbmuxd_exec_t type, if you want to transition an executable to the usbmuxd_t domain.
++
++
++.EX
++.PP
++.B usbmuxd_var_run_t
++.EE
++
++- Set files with the usbmuxd_var_run_t type, if you want to store the usbmuxd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/tmpwatch, /usr/sbin/tmpreaper
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54129,18 +89055,28 @@ index 0000000..5dbbf85
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tmpreaper policy is very flexible allowing users to setup their tmpreaper processes in as secure a method as possible.
++SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
+.PP
-+The following process types are defined for tmpreaper:
++The following process types are defined for usbmuxd:
+
+.EX
-+.B tmpreaper_t
++.B usbmuxd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type usbmuxd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B usbmuxd_var_run_t
++
++ /var/run/usbmuxd.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54156,311 +89092,536 @@ index 0000000..5dbbf85
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tomcat_selinux.8 b/man/man8/tomcat_selinux.8
++selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/user_selinux.8 b/man/man8/user_selinux.8
new file mode 100644
-index 0000000..0d35133
+index 0000000..0e0a3ae
--- /dev/null
-+++ b/man/man8/tomcat_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "tomcat_selinux" "8" "tomcat" "dwalsh at redhat.com" "tomcat SELinux Policy documentation"
++++ b/man/man8/user_selinux.8
+@@ -0,0 +1,544 @@
++.TH "user_selinux" "8" "user" "mgrepl at redhat.com" "user SELinux Policy documentation"
+.SH "NAME"
-+tomcat_selinux \- Security Enhanced Linux Policy for the tomcat processes
-+.SH "DESCRIPTION"
++user_u \- \fBGeneric unprivileged user\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the tomcat processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH NSSWITCH DOMAIN
++\fBuser_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBuser_r\fP. The
++default role has a default type, \fBuser_t\fP, associated with it.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tomcat policy is very flexible allowing users to setup their tomcat processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tomcat:
++The SELinux user will usually login to a system with a context that looks like:
++
++.B user_u:user_r:user_t:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the user_u user, you would execute:
++
++.B semanage login -m -s user_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user user, you would execute:
++
++.B $ semanage login -a -s user_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user user_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++.SH X WINDOWS LOGIN
++
++The SELinux user user_u is able to X Windows login.
++
++.SH NETWORK
++
++.TP
++The SELinux user user_u is able to listen on the following tcp ports.
++
++.B xserver_port_t: 6000-6020
++
++.TP
++The SELinux user user_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.TP
++The SELinux user user_u is able to listen on the following udp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user user_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. user policy is extremely flexible and has several booleans that allow you to manipulate the policy and run user with the tightest access possible.
+
+
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
+.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
+.PP
-+.B tomcat_cache_t
++If you want to allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execheap boolean.
++
++.EX
++.B setsebool -P selinuxuser_execheap 1
+.EE
+
-+- Set files with the tomcat_cache_t type, if you want to store the files under the /var/cache directory.
++.PP
++If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must turn on the selinuxuser_execmod boolean.
++
++.EX
++.B setsebool -P selinuxuser_execmod 1
++.EE
+
++.PP
++If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
+
+.EX
++.B setsebool -P exim_read_user_files 1
++.EE
++
+.PP
-+.B tomcat_exec_t
++If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
++
++.EX
++.B setsebool -P pppd_for_user 1
+.EE
+
-+- Set files with the tomcat_exec_t type, if you want to transition an executable to the tomcat_t domain.
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
+
++.PP
++If you want to determine whether calling user domains can execute Git daemon in the git_session_t domain, you must turn on the git_session_users boolean.
+
+.EX
++.B setsebool -P git_session_users 1
++.EE
++
+.PP
-+.B tomcat_log_t
++If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P dbadm_manage_user_files 1
+.EE
+
-+- Set files with the tomcat_log_t type, if you want to treat the data as tomcat log data, usually stored under the /var/log directory.
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
+
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
+
+.EX
++.B setsebool -P user_share_music 1
++.EE
++
+.PP
-+.B tomcat_tmp_t
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
+.EE
+
-+- Set files with the tomcat_tmp_t type, if you want to store tomcat temporary files in the /tmp directories.
++.PP
++If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
+
++.EX
++.B setsebool -P unprivuser_use_svirt 1
++.EE
++
++.PP
++If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.
+
+.EX
++.B setsebool -P selinuxuser_execstack 1
++.EE
++
+.PP
-+.B tomcat_unit_file_t
++If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
++
++.EX
++.B setsebool -P webadm_read_user_files 1
+.EE
+
-+- Set files with the tomcat_unit_file_t type, if you want to treat the files as tomcat unit content.
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
+
++.PP
++If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
+
+.EX
++.B setsebool -P httpd_read_user_content 1
++.EE
++
+.PP
-+.B tomcat_var_lib_t
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
+.EE
+
-+- Set files with the tomcat_var_lib_t type, if you want to store the tomcat files under the /var/lib directory.
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
+
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the user_postgresql_connect boolean.
+
+.EX
++.B setsebool -P user_postgresql_connect 1
++.EE
++
+.PP
-+.B tomcat_var_run_t
++If you want to allow exim to create, read, write, and delete unprivileged user files, you must turn on the exim_manage_user_files boolean.
++
++.EX
++.B setsebool -P exim_manage_user_files 1
+.EE
+
-+- Set files with the tomcat_var_run_t type, if you want to store the tomcat files under the /run directory.
++.PP
++If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
+
++.EX
++.B setsebool -P dbadm_read_user_files 1
++.EE
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
++
++.EX
++.B setsebool -P polipo_session_users 1
++.EE
++
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux tomcat policy is very flexible allowing users to setup their tomcat processes in as secure a method as possible.
-+.PP
-+The following process types are defined for tomcat:
++If you want to allow users to connect to the local mysql server, you must turn on the user_mysql_connect boolean.
+
+.EX
-+.B tomcat_t
++.B setsebool -P user_mysql_connect 1
+.EE
++
+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P webadm_manage_user_files 1
++.EE
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++If you want to allow unprivileged users to execute DDL statement, you must turn on the sepgsql_enable_users_ddl boolean.
++
++.EX
++.B setsebool -P sepgsql_enable_users_ddl 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user user_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when user_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny user_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow user_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user user_t can execute without transitioning:
++
++.B sesearch -A -s user_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow user_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user user_t can execute and transition:
++
++.B $ sesearch -A -s user_t -c process -p transition
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type user_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B bluetooth_helper_tmp_t
++
++
++.br
++.B bluetooth_helper_tmpfs_t
++
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B chrome_sandbox_tmpfs_t
++
++
++.br
++.B games_data_t
++
++ /var/games(/.*)?
++.br
++ /var/lib/games(/.*)?
++.br
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B gpg_agent_tmp_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++ /home/[^/]*/\.gnupg/log-socket
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), tomcat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tor_selinux.8 b/man/man8/tor_selinux.8
-new file mode 100644
-index 0000000..fee5733
---- /dev/null
-+++ b/man/man8/tor_selinux.8
-@@ -0,0 +1,195 @@
-+.TH "tor_selinux" "8" "tor" "dwalsh at redhat.com" "tor SELinux Policy documentation"
-+.SH "NAME"
-+tor_selinux \- Security Enhanced Linux Policy for the tor processes
-+.SH "DESCRIPTION"
++.br
++.B httpd_user_content_t
+
-+Security-Enhanced Linux secures the tor processes via flexible mandatory access
-+control.
++ /home/[^/]*/((www)|(web)|(public_html))(/.+)?
++.br
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. tor policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tor with the tightest access possible.
++.br
++.B httpd_user_htaccess_t
+
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/\.htaccess
++.br
+
-+.PP
-+If you want to allow tor daemon to bind tcp sockets to all unreserved ports, you must turn on the tor_bind_all_unreserved_ports boolean.
++.br
++.B httpd_user_ra_content_t
+
-+.EX
-+.B setsebool -P tor_bind_all_unreserved_ports 1
-+.EE
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/logs(/.*)?
++.br
+
-+.SH NSSWITCH DOMAIN
++.br
++.B httpd_user_rw_content_t
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tor_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.br
++.B httpd_user_script_exec_t
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the tor_t, you must turn on the kerberos_enabled boolean.
++ /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?
++.br
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.br
++.B iceauth_home_t
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tor:
++ /root/\.DCOP.*
++.br
++ /root/\.ICEauthority.*
++.br
++ /home/[^/]*/\.DCOP.*
++.br
++ /home/[^/]*/\.ICEauthority.*
++.br
+
++.br
++.B mail_spool_t
+
-+.EX
-+.PP
-+.B tor_etc_t
-+.EE
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
+
-+- Set files with the tor_etc_t type, if you want to store tor files in the /etc directories.
++.br
++.B mqueue_spool_t
+
++ /var/spool/(client)?mqueue(/.*)?
++.br
++ /var/spool/mqueue\.in(/.*)?
++.br
+
-+.EX
-+.PP
-+.B tor_exec_t
-+.EE
++.br
++.B nfsd_rw_t
+
-+- Set files with the tor_exec_t type, if you want to transition an executable to the tor_t domain.
+
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/tor, /usr/bin/tor
++.B noxattrfs
+
-+.EX
-+.PP
-+.B tor_initrc_exec_t
-+.EE
++ all files on file systems which do not support extended attributes
++.br
+
-+- Set files with the tor_initrc_exec_t type, if you want to transition an executable to the tor_initrc_t domain.
++.br
++.B sandbox_file_t
+
+
-+.EX
-+.PP
-+.B tor_unit_file_t
-+.EE
++.br
++.B sandbox_tmpfs_type
+
-+- Set files with the tor_unit_file_t type, if you want to treat the files as tor unit content.
++ all sandbox content in tmpfs file systems
++.br
+
++.br
++.B screen_home_t
+
-+.EX
-+.PP
-+.B tor_var_lib_t
-+.EE
++ /root/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screen(/.*)?
++.br
++ /home/[^/]*/\.screenrc
++.br
+
-+- Set files with the tor_var_lib_t type, if you want to store the tor files under the /var/lib directory.
++.br
++.B security_t
+
++ /selinux
+.br
-+.TP 5
-+Paths:
-+/var/lib/tor(/.*)?, /var/lib/tor-data(/.*)?
+
-+.EX
-+.PP
-+.B tor_var_log_t
-+.EE
++.br
++.B usbfs_t
+
-+- Set files with the tor_var_log_t type, if you want to treat the data as tor var log data, usually stored under the /var/log directory.
+
++.br
++.B user_fonts_cache_t
+
-+.EX
-+.PP
-+.B tor_var_run_t
-+.EE
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
-+- Set files with the tor_var_run_t type, if you want to store the tor files under the /run directory.
++.br
++.B user_fonts_t
++
++ /root/\.fonts(/.*)?
++.br
++ /tmp/\.font-unix(/.*)?
++.br
++ /home/[^/]*/\.fonts(/.*)?
++.br
+
++.br
++.B user_home_type
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ all user home files
++.br
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
++.br
++.B user_tmp_type
+
-+.B semanage port -l
++ all user tmp files
++.br
+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
-+.PP
-+The following port types are defined for tor:
++.br
++.B user_tmpfs_type
+
-+.EX
-+.TP 5
-+.B tor_port_t
-+.TP 10
-+.EE
++ all user content in tmpfs file systems
++.br
+
++.br
++.B xauth_home_t
+
-+Default Defined Ports:
-+tcp 6969,9001,9030,9051
-+.EE
++ /root/\.xauth.*
++.br
++ /root/\.Xauth.*
++.br
++ /root/\.serverauth.*
++.br
++ /root/\.Xauthority.*
++.br
++ /var/lib/pqsql/\.xauth.*
++.br
++ /var/lib/pqsql/\.Xauthority.*
++.br
++ /var/lib/nxserver/home/\.xauth.*
++.br
++ /var/lib/nxserver/home/\.Xauthority.*
++.br
++ /home/[^/]*/\.xauth.*
++.br
++ /home/[^/]*/\.Xauth.*
++.br
++ /home/[^/]*/\.serverauth.*
++.br
++ /home/[^/]*/\.Xauthority.*
++.br
+
-+.EX
-+.TP 5
-+.B tor_socks_port_t
-+.TP 10
-+.EE
++.br
++.B xdm_tmp_t
+
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
+
-+Default Defined Ports:
-+tcp 9050
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible.
-+.PP
-+The following process types are defined for tor:
++.br
++.B xserver_tmpfs_t
+
-+.EX
-+.B tor_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -54472,9 +89633,6 @@ index 0000000..fee5733
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -54483,40 +89641,40 @@ index 0000000..fee5733
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tor(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), user(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), useradd_selinux(8), usernetctl_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/traceroute_selinux.8 b/man/man8/traceroute_selinux.8
+diff --git a/man/man8/useradd_selinux.8 b/man/man8/useradd_selinux.8
new file mode 100644
-index 0000000..480158c
+index 0000000..87d7066
--- /dev/null
-+++ b/man/man8/traceroute_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "traceroute_selinux" "8" "traceroute" "dwalsh at redhat.com" "traceroute SELinux Policy documentation"
++++ b/man/man8/useradd_selinux.8
+@@ -0,0 +1,298 @@
++.TH "useradd_selinux" "8" "useradd" "dwalsh at redhat.com" "useradd SELinux Policy documentation"
+.SH "NAME"
-+traceroute_selinux \- Security Enhanced Linux Policy for the traceroute processes
++useradd_selinux \- Security Enhanced Linux Policy for the useradd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the traceroute processes via flexible mandatory access
++Security-Enhanced Linux secures the useradd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the traceroute_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the useradd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the traceroute_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the useradd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -54525,22 +89683,22 @@ index 0000000..480158c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
++SELinux useradd policy is very flexible allowing users to setup their useradd processes in as secure a method as possible.
+.PP
-+The following file types are defined for traceroute:
++The following file types are defined for useradd:
+
+
+.EX
+.PP
-+.B traceroute_exec_t
++.B useradd_exec_t
+.EE
+
-+- Set files with the traceroute_exec_t type, if you want to transition an executable to the traceroute_t domain.
++- Set files with the useradd_exec_t type, if you want to transition an executable to the useradd_t domain.
+
+.br
+.TP 5
+Paths:
-+/bin/tracepath.*, /usr/sbin/mtr, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.*, /usr/bin/mtr
++/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel, /usr/sbin/newusers
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54549,47 +89707,230 @@ index 0000000..480158c
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
-+.PP
-+The following port types are defined for traceroute:
-+
-+.EX
-+.TP 5
-+.B traceroute_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+udp 64000-64010
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible.
++SELinux useradd policy is very flexible allowing users to setup their useradd processes in as secure a method as possible.
+.PP
-+The following process types are defined for traceroute:
++The following process types are defined for useradd:
+
+.EX
-+.B traceroute_t
++.B useradd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type useradd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B default_context_t
++
++ /etc/selinux/([^/]*/)?contexts(/.*)?
++.br
++ /root/\.default_contexts
++.br
++
++.br
++.B etc_t
++
++ /etc/.*
++.br
++ /var/db/.*\.db
++.br
++ /usr/etc(/.*)?
++.br
++ /var/ftp/etc(/.*)?
++.br
++ /var/lib/stickshift/.limits.d(/.*)?
++.br
++ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
++.br
++ /var/named/chroot/etc(/.*)?
++.br
++ /etc/ipsec\.d/examples(/.*)?
++.br
++ /var/spool/postfix/etc(/.*)?
++.br
++ /etc
++.br
++ /etc/localtime
++.br
++ /etc/cups/client\.conf
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B file_context_t
++
++ /etc/selinux/([^/]*/)?contexts/files(/.*)?
++.br
++
++.br
++.B httpd_user_content_type
++
++
++.br
++.B httpd_user_script_exec_type
++
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B lastlog_t
++
++ /var/log/lastlog
++.br
++
++.br
++.B mail_spool_t
++
++ /var/mail(/.*)?
++.br
++ /var/spool/imap(/.*)?
++.br
++ /var/spool/mail(/.*)?
++.br
++
++.br
++.B passwd_file_t
++
++ /etc/group[-\+]?
++.br
++ /etc/passwd[-\+]?
++.br
++ /etc/ptmptmp
++.br
++ /etc/passwd\.OLD
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B selinux_config_t
++
++ /etc/selinux(/.*)?
++.br
++ /etc/selinux/([^/]*/)?seusers
++.br
++ /etc/selinux/([^/]*/)?users(/.*)?
++.br
++ /etc/selinux/([^/]*/)?setrans\.conf
++.br
++
++.br
++.B selinux_login_config_t
++
++ /etc/selinux/([^/]*/)?logins(/.*)?
++.br
++
++.br
++.B semanage_read_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK
++.br
++
++.br
++.B semanage_store_t
++
++ /etc/selinux/([^/]*/)?policy(/.*)?
++.br
++ /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?
++.br
++ /etc/share/selinux/mls(/.*)?
++.br
++ /etc/share/selinux/targeted(/.*)?
++.br
++
++.br
++.B semanage_tmp_t
++
++
++.br
++.B semanage_trans_lock_t
++
++ /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK
++.br
++
++.br
++.B shadow_t
++
++ /etc/shadow.*
++.br
++ /etc/gshadow.*
++.br
++ /var/db/shadow.*
++.br
++ /etc/passwd\.adjunct.*
++.br
++ /etc/\.pwd\.lock
++.br
++ /etc/group\.lock
++.br
++ /etc/passwd\.lock
++.br
++ /etc/security/opasswd
++.br
++ /etc/security/opasswd\.old
++.br
++
++.br
++.B stapserver_var_lib_t
++
++ /var/lib/stap-server(/.*)?
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54600,46 +89941,45 @@ index 0000000..480158c
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tuned_selinux.8 b/man/man8/tuned_selinux.8
++selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1)
++, user_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/usernetctl_selinux.8 b/man/man8/usernetctl_selinux.8
new file mode 100644
-index 0000000..fa0b060
+index 0000000..271e8a0
--- /dev/null
-+++ b/man/man8/tuned_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "tuned_selinux" "8" "tuned" "dwalsh at redhat.com" "tuned SELinux Policy documentation"
++++ b/man/man8/usernetctl_selinux.8
+@@ -0,0 +1,92 @@
++.TH "usernetctl_selinux" "8" "usernetctl" "dwalsh at redhat.com" "usernetctl SELinux Policy documentation"
+.SH "NAME"
-+tuned_selinux \- Security Enhanced Linux Policy for the tuned processes
++usernetctl_selinux \- Security Enhanced Linux Policy for the usernetctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tuned processes via flexible mandatory access
++Security-Enhanced Linux secures the usernetctl processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the tuned_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the usernetctl_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the tuned_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the usernetctl_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -54648,66 +89988,18 @@ index 0000000..fa0b060
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux tuned policy is very flexible allowing users to setup their tuned processes in as secure a method as possible.
++SELinux usernetctl policy is very flexible allowing users to setup their usernetctl processes in as secure a method as possible.
+.PP
-+The following file types are defined for tuned:
-+
-+
-+.EX
-+.PP
-+.B tuned_etc_t
-+.EE
-+
-+- Set files with the tuned_etc_t type, if you want to store tuned files in the /etc directories.
-+
-+
-+.EX
-+.PP
-+.B tuned_exec_t
-+.EE
-+
-+- Set files with the tuned_exec_t type, if you want to transition an executable to the tuned_t domain.
-+
-+
-+.EX
-+.PP
-+.B tuned_initrc_exec_t
-+.EE
-+
-+- Set files with the tuned_initrc_exec_t type, if you want to transition an executable to the tuned_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B tuned_log_t
-+.EE
-+
-+- Set files with the tuned_log_t type, if you want to treat the data as tuned log data, usually stored under the /var/log directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/log/tuned\.log.*, /var/log/tuned(/.*)?
-+
-+.EX
-+.PP
-+.B tuned_rw_etc_t
-+.EE
-+
-+- Set files with the tuned_rw_etc_t type, if you want to store tuned rw files in the /etc directories.
++The following file types are defined for usernetctl:
+
+
+.EX
+.PP
-+.B tuned_var_run_t
++.B usernetctl_exec_t
+.EE
+
-+- Set files with the tuned_var_run_t type, if you want to store the tuned files under the /run directory.
++- Set files with the usernetctl_exec_t type, if you want to transition an executable to the usernetctl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/tuned(/.*)?, /var/run/tuned\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54722,18 +90014,22 @@ index 0000000..fa0b060
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tuned policy is very flexible allowing users to setup their tuned processes in as secure a method as possible.
++SELinux usernetctl policy is very flexible allowing users to setup their usernetctl processes in as secure a method as possible.
+.PP
-+The following process types are defined for tuned:
++The following process types are defined for usernetctl:
+
+.EX
-+.B tuned_t
++.B usernetctl_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type usernetctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54749,67 +90045,59 @@ index 0000000..fa0b060
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/tvtime_selinux.8 b/man/man8/tvtime_selinux.8
++selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1)
++, user_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/utempter_selinux.8 b/man/man8/utempter_selinux.8
new file mode 100644
-index 0000000..99e344a
+index 0000000..dad2308
--- /dev/null
-+++ b/man/man8/tvtime_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "tvtime_selinux" "8" "tvtime" "dwalsh at redhat.com" "tvtime SELinux Policy documentation"
++++ b/man/man8/utempter_selinux.8
+@@ -0,0 +1,115 @@
++.TH "utempter_selinux" "8" "utempter" "dwalsh at redhat.com" "utempter SELinux Policy documentation"
+.SH "NAME"
-+tvtime_selinux \- Security Enhanced Linux Policy for the tvtime processes
++utempter_selinux \- Security Enhanced Linux Policy for the utempter processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tvtime processes via flexible mandatory access
++Security-Enhanced Linux secures the utempter processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux tvtime policy is very flexible allowing users to setup their tvtime processes in as secure a method as possible.
-+.PP
-+The following file types are defined for tvtime:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the utempter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B tvtime_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the tvtime_exec_t type, if you want to transition an executable to the tvtime_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the utempter_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B tvtime_home_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the tvtime_home_t type, if you want to store tvtime files in the users home directory.
-+
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B tvtime_tmp_t
-+.EE
-+
-+- Set files with the tvtime_tmp_t type, if you want to store tvtime temporary files in the /tmp directories.
++Policy governs the access confined processes have to these files.
++SELinux utempter policy is very flexible allowing users to setup their utempter processes in as secure a method as possible.
++.PP
++The following file types are defined for utempter:
+
+
+.EX
+.PP
-+.B tvtime_tmpfs_t
++.B utempter_exec_t
+.EE
+
-+- Set files with the tvtime_tmpfs_t type, if you want to store tvtime files on a tmpfs file system.
++- Set files with the utempter_exec_t type, if you want to transition an executable to the utempter_t domain.
+
+
+.PP
@@ -54825,18 +90113,46 @@ index 0000000..99e344a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux tvtime policy is very flexible allowing users to setup their tvtime processes in as secure a method as possible.
++SELinux utempter policy is very flexible allowing users to setup their utempter processes in as secure a method as possible.
+.PP
-+The following process types are defined for tvtime:
++The following process types are defined for utempter:
+
+.EX
-+.B tvtime_t
++.B utempter_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type utempter_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B initrc_var_run_t
++
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B wtmp_t
++
++ /var/log/wtmp.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54852,38 +90168,38 @@ index 0000000..99e344a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/udev_selinux.8 b/man/man8/udev_selinux.8
++selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/uucpd_selinux.8 b/man/man8/uucpd_selinux.8
new file mode 100644
-index 0000000..5d64458
+index 0000000..d51eadc
--- /dev/null
-+++ b/man/man8/udev_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "udev_selinux" "8" "udev" "dwalsh at redhat.com" "udev SELinux Policy documentation"
++++ b/man/man8/uucpd_selinux.8
+@@ -0,0 +1,209 @@
++.TH "uucpd_selinux" "8" "uucpd" "dwalsh at redhat.com" "uucpd SELinux Policy documentation"
+.SH "NAME"
-+udev_selinux \- Security Enhanced Linux Policy for the udev processes
++uucpd_selinux \- Security Enhanced Linux Policy for the uucpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the udev processes via flexible mandatory access
++Security-Enhanced Linux secures the uucpd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the udev_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the uucpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the udev_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the uucpd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -54892,62 +90208,78 @@ index 0000000..5d64458
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux udev policy is very flexible allowing users to setup their udev processes in as secure a method as possible.
++SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
+.PP
-+The following file types are defined for udev:
++The following file types are defined for uucpd:
+
+
+.EX
+.PP
-+.B udev_etc_t
++.B uucpd_exec_t
+.EE
+
-+- Set files with the udev_etc_t type, if you want to store udev files in the /etc directories.
++- Set files with the uucpd_exec_t type, if you want to transition an executable to the uucpd_t domain.
+
+
+.EX
+.PP
-+.B udev_exec_t
++.B uucpd_lock_t
+.EE
+
-+- Set files with the udev_exec_t type, if you want to transition an executable to the udev_t domain.
++- Set files with the uucpd_lock_t type, if you want to treat the files as uucpd lock data, stored under the /var/lock directory
+
-+.br
-+.TP 5
-+Paths:
-+/lib/udev/udevd, /usr/bin/udevinfo, /sbin/udevd, /sbin/udev, /usr/sbin/wait_for_sysfs, /sbin/udevsend, /usr/sbin/udevadm, /usr/bin/udevadm, /usr/sbin/start_udev, /usr/sbin/udev, /usr/sbin/udevsend, /sbin/start_udev, /sbin/udevstart, /bin/udevadm, /sbin/wait_for_sysfs, /lib/udev/udev-acl, /sbin/udevadm, /usr/sbin/udevd, /usr/lib/systemd/systemd-udevd, /usr/sbin/udevstart, /usr/lib/udev/udev-acl, /usr/lib/udev/udevd
+
+.EX
+.PP
-+.B udev_helper_exec_t
++.B uucpd_log_t
+.EE
+
-+- Set files with the udev_helper_exec_t type, if you want to transition an executable to the udev_helper_t domain.
++- Set files with the uucpd_log_t type, if you want to treat the data as uucpd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*, /etc/dev\.d/.+
+
+.EX
+.PP
-+.B udev_rules_t
++.B uucpd_ro_t
+.EE
+
-+- Set files with the udev_rules_t type, if you want to treat the files as udev rules data.
++- Set files with the uucpd_ro_t type, if you want to treat the files as uucpd read/only content.
+
+
+.EX
+.PP
-+.B udev_var_run_t
++.B uucpd_rw_t
+.EE
+
-+- Set files with the udev_var_run_t type, if you want to store the udev files under the /run directory.
++- Set files with the uucpd_rw_t type, if you want to treat the files as uucpd read/write content.
++
++
++.EX
++.PP
++.B uucpd_spool_t
++.EE
++
++- Set files with the uucpd_spool_t type, if you want to store the uucpd files under the /var/spool directory.
+
+.br
+.TP 5
+Paths:
-+/var/run/udev(/.*)?, /dev/\.udevdb, /var/run/PackageKit/udev(/.*)?, /dev/\.udev(/.*)?, /dev/udev\.tbl, /var/run/libgpod(/.*)?
++/var/spool/uucppublic(/.*)?, /var/spool/uucp(/.*)?
++
++.EX
++.PP
++.B uucpd_tmp_t
++.EE
++
++- Set files with the uucpd_tmp_t type, if you want to store uucpd temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B uucpd_var_run_t
++.EE
++
++- Set files with the uucpd_var_run_t type, if you want to store the uucpd files under the /run directory.
++
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54956,24 +90288,83 @@ index 0000000..5d64458
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
++.PP
++The following port types are defined for uucpd:
++
++.EX
++.TP 5
++.B uucpd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 540
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux udev policy is very flexible allowing users to setup their udev processes in as secure a method as possible.
++SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
+.PP
-+The following process types are defined for udev:
++The following process types are defined for uucpd:
+
+.EX
-+.B udev_t
++.B uucpd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type uucpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B uucpd_lock_t
++
++ /var/lock/uucp(/.*)?
++.br
++
++.br
++.B uucpd_log_t
++
++ /var/log/uucp(/.*)?
++.br
++
++.br
++.B uucpd_rw_t
++
++
++.br
++.B uucpd_spool_t
++
++ /var/spool/uucp(/.*)?
++.br
++ /var/spool/uucppublic(/.*)?
++.br
++
++.br
++.B uucpd_tmp_t
++
++
++.br
++.B uucpd_var_run_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -54984,27 +90375,30 @@ index 0000000..5d64458
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), udev(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ulogd_selinux.8 b/man/man8/ulogd_selinux.8
++selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/uuidd_selinux.8 b/man/man8/uuidd_selinux.8
new file mode 100644
-index 0000000..996fdd3
+index 0000000..8706629
--- /dev/null
-+++ b/man/man8/ulogd_selinux.8
-@@ -0,0 +1,105 @@
-+.TH "ulogd_selinux" "8" "ulogd" "dwalsh at redhat.com" "ulogd SELinux Policy documentation"
++++ b/man/man8/uuidd_selinux.8
+@@ -0,0 +1,113 @@
++.TH "uuidd_selinux" "8" "uuidd" "dwalsh at redhat.com" "uuidd SELinux Policy documentation"
+.SH "NAME"
-+ulogd_selinux \- Security Enhanced Linux Policy for the ulogd processes
++uuidd_selinux \- Security Enhanced Linux Policy for the uuidd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ulogd processes via flexible mandatory access
++Security-Enhanced Linux secures the uuidd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -55015,49 +90409,41 @@ index 0000000..996fdd3
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ulogd policy is very flexible allowing users to setup their ulogd processes in as secure a method as possible.
++SELinux uuidd policy is very flexible allowing users to setup their uuidd processes in as secure a method as possible.
+.PP
-+The following file types are defined for ulogd:
-+
-+
-+.EX
-+.PP
-+.B ulogd_etc_t
-+.EE
-+
-+- Set files with the ulogd_etc_t type, if you want to store ulogd files in the /etc directories.
++The following file types are defined for uuidd:
+
+
+.EX
+.PP
-+.B ulogd_exec_t
++.B uuidd_exec_t
+.EE
+
-+- Set files with the ulogd_exec_t type, if you want to transition an executable to the ulogd_t domain.
++- Set files with the uuidd_exec_t type, if you want to transition an executable to the uuidd_t domain.
+
+
+.EX
+.PP
-+.B ulogd_initrc_exec_t
++.B uuidd_initrc_exec_t
+.EE
+
-+- Set files with the ulogd_initrc_exec_t type, if you want to transition an executable to the ulogd_initrc_t domain.
++- Set files with the uuidd_initrc_exec_t type, if you want to transition an executable to the uuidd_initrc_t domain.
+
+
+.EX
+.PP
-+.B ulogd_modules_t
++.B uuidd_var_lib_t
+.EE
+
-+- Set files with the ulogd_modules_t type, if you want to treat the files as ulogd modules.
++- Set files with the uuidd_var_lib_t type, if you want to store the uuidd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B ulogd_var_log_t
++.B uuidd_var_run_t
+.EE
+
-+- Set files with the ulogd_var_log_t type, if you want to treat the data as ulogd var log data, usually stored under the /var/log directory.
++- Set files with the uuidd_var_run_t type, if you want to store the uuidd files under the /run directory.
+
+
+.PP
@@ -55073,18 +90459,34 @@ index 0000000..996fdd3
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ulogd policy is very flexible allowing users to setup their ulogd processes in as secure a method as possible.
++SELinux uuidd policy is very flexible allowing users to setup their uuidd processes in as secure a method as possible.
+.PP
-+The following process types are defined for ulogd:
++The following process types are defined for uuidd:
+
+.EX
-+.B ulogd_t
++.B uuidd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type uuidd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B uuidd_var_lib_t
++
++ /var/lib/libuuid(/.*)?
++.br
++
++.br
++.B uuidd_var_run_t
++
++ /var/run/uuidd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55100,91 +90502,57 @@ index 0000000..996fdd3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/uml_selinux.8 b/man/man8/uml_selinux.8
++selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/uux_selinux.8 b/man/man8/uux_selinux.8
new file mode 100644
-index 0000000..f128c0a
+index 0000000..76d3bb6
--- /dev/null
-+++ b/man/man8/uml_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "uml_selinux" "8" "uml" "dwalsh at redhat.com" "uml SELinux Policy documentation"
++++ b/man/man8/uux_selinux.8
+@@ -0,0 +1,103 @@
++.TH "uux_selinux" "8" "uux" "dwalsh at redhat.com" "uux SELinux Policy documentation"
+.SH "NAME"
-+uml_selinux \- Security Enhanced Linux Policy for the uml processes
++uux_selinux \- Security Enhanced Linux Policy for the uux processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uml processes via flexible mandatory access
++Security-Enhanced Linux secures the uux processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux uml policy is very flexible allowing users to setup their uml processes in as secure a method as possible.
-+.PP
-+The following file types are defined for uml:
-+
-+
-+.EX
+.PP
-+.B uml_exec_t
-+.EE
-+
-+- Set files with the uml_exec_t type, if you want to transition an executable to the uml_t domain.
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the uux_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B uml_ro_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the uml_ro_t type, if you want to treat the files as uml read/only content.
-+
-+
-+.EX
+.PP
-+.B uml_rw_t
-+.EE
-+
-+- Set files with the uml_rw_t type, if you want to treat the files as uml read/write content.
-+
++If you want to allow confined applications to run with kerberos for the uux_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B uml_switch_exec_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the uml_switch_exec_t type, if you want to transition an executable to the uml_switch_t domain.
-+
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B uml_switch_var_run_t
-+.EE
-+
-+- Set files with the uml_switch_var_run_t type, if you want to store the uml switch files under the /run directory.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B uml_tmp_t
-+.EE
-+
-+- Set files with the uml_tmp_t type, if you want to store uml temporary files in the /tmp directories.
++Policy governs the access confined processes have to these files.
++SELinux uux policy is very flexible allowing users to setup their uux processes in as secure a method as possible.
++.PP
++The following file types are defined for uux:
+
+
+.EX
+.PP
-+.B uml_tmpfs_t
++.B uux_exec_t
+.EE
+
-+- Set files with the uml_tmpfs_t type, if you want to store uml files on a tmpfs file system.
++- Set files with the uux_exec_t type, if you want to transition an executable to the uux_t domain.
+
+
+.PP
@@ -55200,18 +90568,34 @@ index 0000000..f128c0a
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux uml policy is very flexible allowing users to setup their uml processes in as secure a method as possible.
++SELinux uux policy is very flexible allowing users to setup their uux processes in as secure a method as possible.
+.PP
-+The following process types are defined for uml:
++The following process types are defined for uux:
+
+.EX
-+.B uml_switch_t, uml_t
++.B uux_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type uux_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B uucpd_spool_t
++
++ /var/spool/uucp(/.*)?
++.br
++ /var/spool/uucppublic(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55227,108 +90611,109 @@ index 0000000..f128c0a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), uml(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/unconfined_selinux.8 b/man/man8/unconfined_selinux.8
++selinux(8), uux(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/varnishd_selinux.8 b/man/man8/varnishd_selinux.8
new file mode 100644
-index 0000000..1f8a4a7
+index 0000000..7fe4d73
--- /dev/null
-+++ b/man/man8/unconfined_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "unconfined_selinux" "8" "unconfined" "dwalsh at redhat.com" "unconfined SELinux Policy documentation"
++++ b/man/man8/varnishd_selinux.8
+@@ -0,0 +1,188 @@
++.TH "varnishd_selinux" "8" "varnishd" "dwalsh at redhat.com" "varnishd SELinux Policy documentation"
+.SH "NAME"
-+unconfined_selinux \- Security Enhanced Linux Policy for the unconfined processes
++varnishd_selinux \- Security Enhanced Linux Policy for the varnishd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the unconfined processes via flexible mandatory access
++Security-Enhanced Linux secures the varnishd processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. unconfined policy is extremely flexible and has several booleans that allow you to manipulate the policy and run unconfined with the tightest access possible.
++SELinux policy is customizable based on least access required. varnishd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run varnishd with the tightest access possible.
+
+
+.PP
-+If you want to allow database admins to execute DML statement, you must turn on the sepgsql_unconfined_dbadm boolean.
++If you want to allow varnishd to connect to all ports, not just HTTP, you must turn on the varnishd_connect_any boolean.
+
+.EX
-+.B setsebool -P sepgsql_unconfined_dbadm 1
++.B setsebool -P varnishd_connect_any 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.PP
-+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the varnishd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P unconfined_mozilla_plugin_transition 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow a user to login as an unconfined domain, you must turn on the unconfined_login boolean.
++If you want to allow confined applications to run with kerberos for the varnishd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P unconfined_login 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
++.PP
++The following file types are defined for varnishd:
++
+
+.EX
-+.B setsebool -P unconfined_chrome_sandbox_transition 1
++.PP
++.B varnishd_etc_t
+.EE
+
-+.PP
-+If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
++- Set files with the varnishd_etc_t type, if you want to store varnishd files in the /etc directories.
++
+
+.EX
-+.B setsebool -P samba_run_unconfined 1
++.PP
++.B varnishd_exec_t
+.EE
+
-+.PP
-+If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
++- Set files with the varnishd_exec_t type, if you want to transition an executable to the varnishd_t domain.
++
+
+.EX
-+.B setsebool -P unconfined_mplayer 1
++.PP
++.B varnishd_initrc_exec_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the varnishd_initrc_exec_t type, if you want to transition an executable to the varnishd_initrc_t domain.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the unconfined_dbusd_t, unconfined_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B varnishd_tmp_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the unconfined_dbusd_t, unconfined_t, you must turn on the kerberos_enabled boolean.
++- Set files with the varnishd_tmp_t type, if you want to store varnishd temporary files in the /tmp directories.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B varnishd_var_lib_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux unconfined policy is very flexible allowing users to setup their unconfined processes in as secure a method as possible.
-+.PP
-+The following file types are defined for unconfined:
++- Set files with the varnishd_var_lib_t type, if you want to store the varnishd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B unconfined_exec_t
++.B varnishd_var_run_t
+.EE
+
-+- Set files with the unconfined_exec_t type, if you want to transition an executable to the unconfined_t domain.
++- Set files with the varnishd_var_run_t type, if you want to store the varnishd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/xrdp, /usr/sbin/xrdp-sesman, /usr/bin/vncserver
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -55337,24 +90722,67 @@ index 0000000..1f8a4a7
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
++.PP
++The following port types are defined for varnishd:
++
++.EX
++.TP 5
++.B varnishd_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 6081-6082
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux unconfined policy is very flexible allowing users to setup their unconfined processes in as secure a method as possible.
++SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
+.PP
-+The following process types are defined for unconfined:
++The following process types are defined for varnishd:
+
+.EX
-+.B unconfined_cronjob_t, unconfined_dbusd_t, unconfined_t
++.B varnishd_t, varnishlog_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type varnishd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B varnishd_tmp_t
++
++
++.br
++.B varnishd_var_lib_t
++
++ /var/lib/varnish(/.*)?
++.br
++
++.br
++.B varnishd_var_run_t
++
++ /var/run/varnish\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55365,6 +90793,9 @@ index 0000000..1f8a4a7
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -55373,24 +90804,24 @@ index 0000000..1f8a4a7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), unconfined(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), varnishd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), varnishlog_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/update_selinux.8 b/man/man8/update_selinux.8
+diff --git a/man/man8/varnishlog_selinux.8 b/man/man8/varnishlog_selinux.8
new file mode 100644
-index 0000000..709a167
+index 0000000..1a54002
--- /dev/null
-+++ b/man/man8/update_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "update_selinux" "8" "update" "dwalsh at redhat.com" "update SELinux Policy documentation"
++++ b/man/man8/varnishlog_selinux.8
+@@ -0,0 +1,127 @@
++.TH "varnishlog_selinux" "8" "varnishlog" "dwalsh at redhat.com" "varnishlog SELinux Policy documentation"
+.SH "NAME"
-+update_selinux \- Security Enhanced Linux Policy for the update processes
++varnishlog_selinux \- Security Enhanced Linux Policy for the varnishlog processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the update processes via flexible mandatory access
++Security-Enhanced Linux secures the varnishlog processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -55401,127 +90832,54 @@ index 0000000..709a167
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
++SELinux varnishlog policy is very flexible allowing users to setup their varnishlog processes in as secure a method as possible.
+.PP
-+The following file types are defined for update:
++The following file types are defined for varnishlog:
+
+
+.EX
+.PP
-+.B update_modules_exec_t
++.B varnishlog_exec_t
+.EE
+
-+- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain.
++- Set files with the varnishlog_exec_t type, if you want to transition an executable to the varnishlog_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/modules-update, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf, /usr/sbin/update-modules
++/usr/bin/varnisncsa, /usr/bin/varnishlog
+
+.EX
+.PP
-+.B update_modules_tmp_t
-+.EE
-+
-+- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
-+.PP
-+The following process types are defined for update:
-+
-+.EX
-+.B update_modules_t
++.B varnishlog_initrc_exec_t
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), update(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8
-new file mode 100644
-index 0000000..fea0af1
---- /dev/null
-+++ b/man/man8/updfstab_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "updfstab_selinux" "8" "updfstab" "dwalsh at redhat.com" "updfstab SELinux Policy documentation"
-+.SH "NAME"
-+updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the updfstab processes via flexible mandatory access
-+control.
+
-+.SH NSSWITCH DOMAIN
++- Set files with the varnishlog_initrc_exec_t type, if you want to transition an executable to the varnishlog_initrc_t domain.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the updfstab_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.TP 5
++Paths:
++/etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
+.PP
-+If you want to allow confined applications to run with kerberos for the updfstab_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
++.B varnishlog_log_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
-+.PP
-+The following file types are defined for updfstab:
++- Set files with the varnishlog_log_t type, if you want to treat the data as varnishlog log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B updfstab_exec_t
++.B varnishlog_var_run_t
+.EE
+
-+- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain.
++- Set files with the varnishlog_var_run_t type, if you want to store the varnishlog files under the /run directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/updfstab, /usr/sbin/fstab-sync
++/var/run/varnishncsa\.pid, /var/run/varnishlog\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -55536,18 +90894,36 @@ index 0000000..fea0af1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
++SELinux varnishlog policy is very flexible allowing users to setup their varnishlog processes in as secure a method as possible.
+.PP
-+The following process types are defined for updfstab:
++The following process types are defined for varnishlog:
+
+.EX
-+.B updfstab_t
++.B varnishlog_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type varnishlog_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B varnishlog_log_t
++
++ /var/log/varnish(/.*)?
++.br
++
++.br
++.B varnishlog_var_run_t
++
++ /var/run/varnishlog\.pid
++.br
++ /var/run/varnishncsa\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55563,62 +90939,55 @@ index 0000000..fea0af1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8
++selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/vbetool_selinux.8 b/man/man8/vbetool_selinux.8
new file mode 100644
-index 0000000..48588e9
+index 0000000..3d8e16e
--- /dev/null
-+++ b/man/man8/updpwd_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "updpwd_selinux" "8" "updpwd" "dwalsh at redhat.com" "updpwd SELinux Policy documentation"
++++ b/man/man8/vbetool_selinux.8
+@@ -0,0 +1,104 @@
++.TH "vbetool_selinux" "8" "vbetool" "dwalsh at redhat.com" "vbetool SELinux Policy documentation"
+.SH "NAME"
-+updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes
++vbetool_selinux \- Security Enhanced Linux Policy for the vbetool processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the updpwd processes via flexible mandatory access
++Security-Enhanced Linux secures the vbetool processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
-+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the updpwd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. vbetool policy is extremely flexible and has several booleans that allow you to manipulate the policy and run vbetool with the tightest access possible.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the updpwd_t, you must turn on the kerberos_enabled boolean.
++If you want to ignore vbetool mmap_zero errors, you must turn on the vbetool_mmap_zero_ignore boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P vbetool_mmap_zero_ignore 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
++SELinux vbetool policy is very flexible allowing users to setup their vbetool processes in as secure a method as possible.
+.PP
-+The following file types are defined for updpwd:
++The following file types are defined for vbetool:
+
+
+.EX
+.PP
-+.B updpwd_exec_t
++.B vbetool_exec_t
+.EE
+
-+- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain.
++- Set files with the vbetool_exec_t type, if you want to transition an executable to the vbetool_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/unix_update, /usr/sbin/unix_update
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -55633,18 +91002,34 @@ index 0000000..48588e9
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
++SELinux vbetool policy is very flexible allowing users to setup their vbetool processes in as secure a method as possible.
+.PP
-+The following process types are defined for updpwd:
++The following process types are defined for vbetool:
+
+.EX
-+.B updpwd_t
++.B vbetool_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vbetool_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mtrr_device_t
++
++ /dev/cpu/mtrr
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55655,27 +91040,32 @@ index 0000000..48588e9
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8
++selinux(8), vbetool(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/vdagent_selinux.8 b/man/man8/vdagent_selinux.8
new file mode 100644
-index 0000000..7a8990c
+index 0000000..0f174eb
--- /dev/null
-+++ b/man/man8/usbmodules_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh at redhat.com" "usbmodules SELinux Policy documentation"
++++ b/man/man8/vdagent_selinux.8
+@@ -0,0 +1,117 @@
++.TH "vdagent_selinux" "8" "vdagent" "dwalsh at redhat.com" "vdagent SELinux Policy documentation"
+.SH "NAME"
-+usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes
++vdagent_selinux \- Security Enhanced Linux Policy for the vdagent processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the usbmodules processes via flexible mandatory access
++Security-Enhanced Linux secures the vdagent processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -55686,22 +91076,42 @@ index 0000000..7a8990c
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
++SELinux vdagent policy is very flexible allowing users to setup their vdagent processes in as secure a method as possible.
+.PP
-+The following file types are defined for usbmodules:
++The following file types are defined for vdagent:
+
+
+.EX
+.PP
-+.B usbmodules_exec_t
++.B vdagent_exec_t
+.EE
+
-+- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain.
++- Set files with the vdagent_exec_t type, if you want to transition an executable to the vdagent_t domain.
++
++
++.EX
++.PP
++.B vdagent_log_t
++.EE
++
++- Set files with the vdagent_log_t type, if you want to treat the data as vdagent log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/usbmodules, /sbin/usbmodules
++/var/log/spice-vdagentd\.log.*, /var/log/spice-vdagentd(/.*)?
++
++.EX
++.PP
++.B vdagent_var_run_t
++.EE
++
++- Set files with the vdagent_var_run_t type, if you want to store the vdagent files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/spice-vdagentd\.pid, /var/run/spice-vdagentd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -55716,18 +91126,38 @@ index 0000000..7a8990c
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
++SELinux vdagent policy is very flexible allowing users to setup their vdagent processes in as secure a method as possible.
+.PP
-+The following process types are defined for usbmodules:
++The following process types are defined for vdagent:
+
+.EX
-+.B usbmodules_t
++.B vdagent_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vdagent_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B vdagent_log_t
++
++ /var/log/spice-vdagentd(/.*)?
++.br
++ /var/log/spice-vdagentd\.log.*
++.br
++
++.br
++.B vdagent_var_run_t
++
++ /var/run/spice-vdagentd(/.*)?
++.br
++ /var/run/spice-vdagentd\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55743,38 +91173,38 @@ index 0000000..7a8990c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8
++selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/vhostmd_selinux.8 b/man/man8/vhostmd_selinux.8
new file mode 100644
-index 0000000..2e76cd8
+index 0000000..4a4c83a
--- /dev/null
-+++ b/man/man8/usbmuxd_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh at redhat.com" "usbmuxd SELinux Policy documentation"
++++ b/man/man8/vhostmd_selinux.8
+@@ -0,0 +1,139 @@
++.TH "vhostmd_selinux" "8" "vhostmd" "dwalsh at redhat.com" "vhostmd SELinux Policy documentation"
+.SH "NAME"
-+usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes
++vhostmd_selinux \- Security Enhanced Linux Policy for the vhostmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the usbmuxd processes via flexible mandatory access
++Security-Enhanced Linux secures the vhostmd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the usbmuxd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vhostmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the usbmuxd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the vhostmd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -55783,25 +91213,41 @@ index 0000000..2e76cd8
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
++SELinux vhostmd policy is very flexible allowing users to setup their vhostmd processes in as secure a method as possible.
+.PP
-+The following file types are defined for usbmuxd:
++The following file types are defined for vhostmd:
+
+
+.EX
+.PP
-+.B usbmuxd_exec_t
++.B vhostmd_exec_t
+.EE
+
-+- Set files with the usbmuxd_exec_t type, if you want to transition an executable to the usbmuxd_t domain.
++- Set files with the vhostmd_exec_t type, if you want to transition an executable to the vhostmd_t domain.
+
+
+.EX
+.PP
-+.B usbmuxd_var_run_t
++.B vhostmd_initrc_exec_t
+.EE
+
-+- Set files with the usbmuxd_var_run_t type, if you want to store the usbmuxd files under the /run directory.
++- Set files with the vhostmd_initrc_exec_t type, if you want to transition an executable to the vhostmd_initrc_t domain.
++
++
++.EX
++.PP
++.B vhostmd_tmpfs_t
++.EE
++
++- Set files with the vhostmd_tmpfs_t type, if you want to store vhostmd files on a tmpfs file system.
++
++
++.EX
++.PP
++.B vhostmd_var_run_t
++.EE
++
++- Set files with the vhostmd_var_run_t type, if you want to store the vhostmd files under the /run directory.
+
+
+.PP
@@ -55817,18 +91263,46 @@ index 0000000..2e76cd8
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
++SELinux vhostmd policy is very flexible allowing users to setup their vhostmd processes in as secure a method as possible.
+.PP
-+The following process types are defined for usbmuxd:
++The following process types are defined for vhostmd:
+
+.EX
-+.B usbmuxd_t
++.B vhostmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vhostmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B vhostmd_tmpfs_t
++
++
++.br
++.B vhostmd_var_run_t
++
++ /var/run/vhostmd.pid
++.br
++
++.br
++.B virt_content_t
++
++ /var/lib/vdsm(/.*)?
++.br
++ /var/lib/oz/isos(/.*)?
++.br
++ /var/lib/libvirt/boot(/.*)?
++.br
++ /var/lib/libvirt/isos(/.*)?
++.br
++ /home/[^/]*/VirtualMachines/isos(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -55844,262 +91318,217 @@ index 0000000..2e76cd8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/user_selinux.8 b/man/man8/user_selinux.8
++selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/virsh_selinux.8 b/man/man8/virsh_selinux.8
new file mode 100644
-index 0000000..a2082e9
+index 0000000..721ad06
--- /dev/null
-+++ b/man/man8/user_selinux.8
-@@ -0,0 +1,194 @@
-+.TH "user_selinux" "8" "user" "mgrepl at redhat.com" "user SELinux Policy documentation"
++++ b/man/man8/virsh_selinux.8
+@@ -0,0 +1,167 @@
++.TH "virsh_selinux" "8" "virsh" "dwalsh at redhat.com" "virsh SELinux Policy documentation"
+.SH "NAME"
-+user_u \- \fBGeneric unprivileged user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBuser_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBuser_r\fP. The
-+default role has a default type, \fBuser_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B user_u:user_r:user_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
-+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
-+
-+You can list all Linux User to SELinux user mapping using:
-+
-+.B semanage login -l
-+
-+If you wanted to change the default user mapping to use the user_u user, you would execute:
-+
-+.B semanage login -m -s user_u __default__
-+
-+
-+If you want to map the one Linux user (joe) to the SELinux user user, you would execute:
-+
-+.B $ semanage login -a -s user_u joe
-+
-+
-+.SH USER DESCRIPTION
-+
-+The SELinux user user_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
-+
-+.SH SUDO
-+
-+The SELinux type user_t is not allowed to execute sudo.
-+
-+.SH X WINDOWS LOGIN
-+
-+The SELinux user user_u is able to X Windows login.
-+
-+.SH TERMINAL LOGIN
-+
-+The SELinux user user_u is able to terminal login.
-+
-+.SH NETWORK
-+
-+.TP
-+The SELinux user user_u is able to listen on the following tcp ports.
-+
-+.B xserver_port_t: 6000-6020
-+
-+.TP
-+The SELinux user user_u is able to listen on the following udp ports.
-+
-+.B all ports with out defined types
-+
-+.TP
-+The SELinux user user_u is able to connect to the following tcp ports.
-+
-+.B all ports
++virsh_selinux \- Security Enhanced Linux Policy for the virsh processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. user_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run user_t with the tightest access possible.
++Security-Enhanced Linux secures the virsh processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virsh_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P allow_user_mysql_connect 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++If you want to allow confined applications to run with kerberos for the virsh_ssh_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P user_ping 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
-+
-+.EX
-+.B setsebool -P user_ttyfile_stat 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
-+
-+.EX
-+.B setsebool -P user_share_music 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux virsh policy is very flexible allowing users to setup their virsh processes in as secure a method as possible.
++.PP
++The following file types are defined for virsh:
+
-+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
+
+.EX
-+.B setsebool -P user_direct_dri 1
-+.EE
-+
+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
-+
-+.EX
-+.B setsebool -P user_rw_noexattrfile 1
++.B virsh_exec_t
+.EE
+
-+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++- Set files with the virsh_exec_t type, if you want to transition an executable to the virsh_t domain.
+
-+.EX
-+.B setsebool -P user_tcp_server 1
-+.EE
++.br
++.TP 5
++Paths:
++/usr/bin/virt-sandbox-service.*, /usr/bin/virsh, /usr/sbin/fence_virtd
+
+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
-+
-+.EX
-+.B setsebool -P user_direct_mouse 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
-+
-+.EX
-+.B setsebool -P user_setrlimit 1
-+.EE
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++Policy governs the access confined processes have to files.
++SELinux virsh policy is very flexible allowing users to setup their virsh processes in as secure a method as possible.
++.PP
++The following process types are defined for virsh:
+
+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
++.B virsh_ssh_t, virsh_t
+.EE
-+
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.EX
-+.B setsebool -P user_dmesg 1
-+.EE
++.SH "MANAGED FILES"
+
-+.SH HOME_EXEC
++The SELinux user type virsh_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+The SELinux user user_u is able execute home content files.
++.br
++.B ssh_home_t
+
-+.SH TRANSITIONS
++ /root/\.ssh(/.*)?
++.br
++ /var/lib/amanda/\.ssh(/.*)?
++.br
++ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
++.br
++ /var/lib/gitolite/\.ssh(/.*)?
++.br
++ /var/lib/nocpulse/\.ssh(/.*)?
++.br
++ /var/lib/gitolite3/\.ssh(/.*)?
++.br
++ /root/\.shosts
++.br
++ /home/[^/]*/\.ssh(/.*)?
++.br
++ /home/[^/]*/\.shosts
++.br
+
-+Three things can happen when user_t attempts to execute a program.
++.br
++.B svirt_lxc_file_t
+
-+\fB1.\fP SELinux Policy can deny user_t from executing the program.
+
-+.TP
++.br
++.B vhostmd_tmpfs_t
+
-+\fB2.\fP SELinux Policy can allow user_t to execute the program in the current user type.
+
-+Execute the following to see the types that the SELinux user user_t can execute without transitioning:
++.br
++.B virt_etc_rw_t
+
-+.B sesearch -A -s user_t -c file -p execute_no_trans
++ /etc/xen/.*/.*
++.br
++ /etc/xen/[^/]*
++.br
++ /etc/libvirt/.*/.*
++.br
++ /etc/libvirt/[^/]*
++.br
+
-+.TP
++.br
++.B virt_etc_t
+
-+\fB3.\fP SELinux can allow user_t to execute the program and transition to a new type.
++ /etc/xen/[^/]*
++.br
++ /etc/libvirt/[^/]*
++.br
++ /etc/xen
++.br
++ /etc/libvirt
++.br
+
-+Execute the following to see the types that the SELinux user user_t can execute and transition:
++.br
++.B virt_image_type
+
-+.B $ sesearch -A -s user_t -c process -p transition
++ all virtual image files
++.br
+
++.br
++.B virt_lxc_var_run_t
+
-+.SH "COMMANDS"
++ /var/run/libvirt/lxc(/.*)?
++.br
++ /var/run/libvirt-sandbox(/.*)?
++.br
++
++.br
++.B xenfs_t
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/useradd_selinux.8 b/man/man8/useradd_selinux.8
++selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/virt_bridgehelper_selinux.8 b/man/man8/virt_bridgehelper_selinux.8
new file mode 100644
-index 0000000..6e4f849
+index 0000000..d31c983
--- /dev/null
-+++ b/man/man8/useradd_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "useradd_selinux" "8" "useradd" "dwalsh at redhat.com" "useradd SELinux Policy documentation"
++++ b/man/man8/virt_bridgehelper_selinux.8
+@@ -0,0 +1,89 @@
++.TH "virt_bridgehelper_selinux" "8" "virt_bridgehelper" "dwalsh at redhat.com" "virt_bridgehelper SELinux Policy documentation"
+.SH "NAME"
-+useradd_selinux \- Security Enhanced Linux Policy for the useradd processes
++virt_bridgehelper_selinux \- Security Enhanced Linux Policy for the virt_bridgehelper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the useradd processes via flexible mandatory access
++Security-Enhanced Linux secures the virt_bridgehelper processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the useradd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the useradd_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux useradd policy is very flexible allowing users to setup their useradd processes in as secure a method as possible.
++SELinux virt_bridgehelper policy is very flexible allowing users to setup their virt_bridgehelper processes in as secure a method as possible.
+.PP
-+The following file types are defined for useradd:
++The following file types are defined for virt_bridgehelper:
+
+
+.EX
+.PP
-+.B useradd_exec_t
++.B virt_bridgehelper_exec_t
+.EE
+
-+- Set files with the useradd_exec_t type, if you want to transition an executable to the useradd_t domain.
++- Set files with the virt_bridgehelper_exec_t type, if you want to transition an executable to the virt_bridgehelper_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel, /usr/sbin/newusers
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -56114,18 +91543,34 @@ index 0000000..6e4f849
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux useradd policy is very flexible allowing users to setup their useradd processes in as secure a method as possible.
++SELinux virt_bridgehelper policy is very flexible allowing users to setup their virt_bridgehelper processes in as secure a method as possible.
+.PP
-+The following process types are defined for useradd:
++The following process types are defined for virt_bridgehelper:
+
+.EX
-+.B useradd_t
++.B virt_bridgehelper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type virt_bridgehelper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B svirt_home_t
++
++ /home/[^/]*/\.libvirt/qemu(/.*)?
++.br
++ /home/[^/]*/\.cache/libvirt/qemu(/.*)?
++.br
++ /home/[^/]*/\.config/libvirt/qemu(/.*)?
++.br
++ /home/[^/]*/\.local/share/gnome-boxes/images(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56141,57 +91586,43 @@ index 0000000..6e4f849
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/usernetctl_selinux.8 b/man/man8/usernetctl_selinux.8
++selinux(8), virt_bridgehelper(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/virt_qmf_selinux.8 b/man/man8/virt_qmf_selinux.8
new file mode 100644
-index 0000000..8d70cce
+index 0000000..f87e064
--- /dev/null
-+++ b/man/man8/usernetctl_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "usernetctl_selinux" "8" "usernetctl" "dwalsh at redhat.com" "usernetctl SELinux Policy documentation"
++++ b/man/man8/virt_qmf_selinux.8
+@@ -0,0 +1,77 @@
++.TH "virt_qmf_selinux" "8" "virt_qmf" "dwalsh at redhat.com" "virt_qmf SELinux Policy documentation"
+.SH "NAME"
-+usernetctl_selinux \- Security Enhanced Linux Policy for the usernetctl processes
++virt_qmf_selinux \- Security Enhanced Linux Policy for the virt_qmf processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the usernetctl processes via flexible mandatory access
++Security-Enhanced Linux secures the virt_qmf processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the usernetctl_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
-+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
-+
-+.PP
-+If you want to allow confined applications to run with kerberos for the usernetctl_t, you must turn on the kerberos_enabled boolean.
-+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
-+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux usernetctl policy is very flexible allowing users to setup their usernetctl processes in as secure a method as possible.
++SELinux virt_qmf policy is very flexible allowing users to setup their virt_qmf processes in as secure a method as possible.
+.PP
-+The following file types are defined for usernetctl:
++The following file types are defined for virt_qmf:
+
+
+.EX
+.PP
-+.B usernetctl_exec_t
++.B virt_qmf_exec_t
+.EE
+
-+- Set files with the usernetctl_exec_t type, if you want to transition an executable to the usernetctl_t domain.
++- Set files with the virt_qmf_exec_t type, if you want to transition an executable to the virt_qmf_t domain.
+
+
+.PP
@@ -56207,18 +91638,22 @@ index 0000000..8d70cce
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux usernetctl policy is very flexible allowing users to setup their usernetctl processes in as secure a method as possible.
++SELinux virt_qmf policy is very flexible allowing users to setup their virt_qmf processes in as secure a method as possible.
+.PP
-+The following process types are defined for usernetctl:
++The following process types are defined for virt_qmf:
+
+.EX
-+.B usernetctl_t
++.B virt_qmf_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type virt_qmf_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56234,38 +91669,38 @@ index 0000000..8d70cce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/utempter_selinux.8 b/man/man8/utempter_selinux.8
++selinux(8), virt_qmf(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/virtd_lxc_selinux.8 b/man/man8/virtd_lxc_selinux.8
new file mode 100644
-index 0000000..1016d5f
---- /dev/null
-+++ b/man/man8/utempter_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "utempter_selinux" "8" "utempter" "dwalsh at redhat.com" "utempter SELinux Policy documentation"
+index 0000000..c0fe284
+--- /dev/null
++++ b/man/man8/virtd_lxc_selinux.8
+@@ -0,0 +1,132 @@
++.TH "virtd_lxc_selinux" "8" "virtd_lxc" "dwalsh at redhat.com" "virtd_lxc SELinux Policy documentation"
+.SH "NAME"
-+utempter_selinux \- Security Enhanced Linux Policy for the utempter processes
++virtd_lxc_selinux \- Security Enhanced Linux Policy for the virtd_lxc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the utempter processes via flexible mandatory access
++Security-Enhanced Linux secures the virtd_lxc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the utempter_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virtd_lxc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the utempter_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the virtd_lxc_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -56274,17 +91709,17 @@ index 0000000..1016d5f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux utempter policy is very flexible allowing users to setup their utempter processes in as secure a method as possible.
++SELinux virtd_lxc policy is very flexible allowing users to setup their virtd_lxc processes in as secure a method as possible.
+.PP
-+The following file types are defined for utempter:
++The following file types are defined for virtd_lxc:
+
+
+.EX
+.PP
-+.B utempter_exec_t
++.B virtd_lxc_exec_t
+.EE
+
-+- Set files with the utempter_exec_t type, if you want to transition an executable to the utempter_t domain.
++- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain.
+
+
+.PP
@@ -56300,18 +91735,62 @@ index 0000000..1016d5f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux utempter policy is very flexible allowing users to setup their utempter processes in as secure a method as possible.
++SELinux virtd_lxc policy is very flexible allowing users to setup their virtd_lxc processes in as secure a method as possible.
+.PP
-+The following process types are defined for utempter:
++The following process types are defined for virtd_lxc:
+
+.EX
-+.B utempter_t
++.B virtd_lxc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type virtd_lxc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B svirt_lxc_file_t
++
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B virt_image_t
++
++ /var/lib/libvirt/images(/.*)?
++.br
++ /var/lib/imagefactory/images(/.*)?
++.br
++
++.br
++.B virt_lxc_var_run_t
++
++ /var/run/libvirt/lxc(/.*)?
++.br
++ /var/run/libvirt-sandbox(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56327,117 +91806,168 @@ index 0000000..1016d5f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/uucpd_selinux.8 b/man/man8/uucpd_selinux.8
++selinux(8), virtd_lxc(8), semanage(8), restorecon(8), chcon(1)
++, virtd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/virtd_selinux.8 b/man/man8/virtd_selinux.8
new file mode 100644
-index 0000000..7f7f531
+index 0000000..7ccb20c
--- /dev/null
-+++ b/man/man8/uucpd_selinux.8
-@@ -0,0 +1,173 @@
-+.TH "uucpd_selinux" "8" "uucpd" "dwalsh at redhat.com" "uucpd SELinux Policy documentation"
++++ b/man/man8/virtd_selinux.8
+@@ -0,0 +1,425 @@
++.TH "virtd_selinux" "8" "virtd" "dwalsh at redhat.com" "virtd SELinux Policy documentation"
+.SH "NAME"
-+uucpd_selinux \- Security Enhanced Linux Policy for the uucpd processes
++virtd_selinux \- Security Enhanced Linux Policy for the virtd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uucpd processes via flexible mandatory access
++Security-Enhanced Linux secures the virtd processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. virtd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run virtd with the tightest access possible.
++
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the uucpd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P staff_use_svirt 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the uucpd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P virt_use_nfs 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for uucpd:
-+
++If you want to allow confined virtual guests to use serial/parallel communication ports, you must turn on the virt_use_comm boolean.
+
+.EX
-+.PP
-+.B uucpd_exec_t
++.B setsebool -P virt_use_comm 1
+.EE
+
-+- Set files with the uucpd_exec_t type, if you want to transition an executable to the uucpd_t domain.
-+
++.PP
++If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
+
+.EX
++.B setsebool -P virt_use_xserver 1
++.EE
++
+.PP
-+.B uucpd_lock_t
++If you want to allow confined virtual guests to manage device configuration, (pci), you must turn on the virt_use_sysfs boolean.
++
++.EX
++.B setsebool -P virt_use_sysfs 1
+.EE
+
-+- Set files with the uucpd_lock_t type, if you want to treat the files as uucpd lock data, stored under the /var/lock directory
++.PP
++If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
++
++.EX
++.B setsebool -P unprivuser_use_svirt 1
++.EE
+
++.PP
++If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
+
+.EX
++.B setsebool -P virt_use_sanlock 1
++.EE
++
+.PP
-+.B uucpd_log_t
++If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
++
++.EX
++.B setsebool -P virt_use_execmem 1
+.EE
+
-+- Set files with the uucpd_log_t type, if you want to treat the data as uucpd log data, usually stored under the /var/log directory.
++.PP
++If you want to allow confined virtual guests to read fuse files, you must turn on the virt_use_fusefs boolean.
++
++.EX
++.B setsebool -P virt_use_fusefs 1
++.EE
+
++.PP
++If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
+
+.EX
++.B setsebool -P virt_use_usb 1
++.EE
++
+.PP
-+.B uucpd_ro_t
++If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
++
++.EX
++.B setsebool -P virt_use_samba 1
+.EE
+
-+- Set files with the uucpd_ro_t type, if you want to treat the files as uucpd read/only content.
++.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virtd_t, virtd_lxc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
+.PP
-+.B uucpd_rw_t
++If you want to allow confined applications to run with kerberos for the virtd_t, virtd_lxc_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the uucpd_rw_t type, if you want to treat the files as uucpd read/write content.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
++.PP
++The following file types are defined for virtd:
+
+
+.EX
+.PP
-+.B uucpd_spool_t
++.B virtd_exec_t
+.EE
+
-+- Set files with the uucpd_spool_t type, if you want to store the uucpd files under the /var/spool directory.
++- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/spool/uucppublic(/.*)?, /var/spool/uucp(/.*)?
++/usr/sbin/condor_vm-gahp, /usr/bin/imagefactory, /usr/bin/vios-proxy-host, /usr/bin/imgfac\.py, /usr/bin/vios-proxy-guest, /usr/bin/nova-compute, /usr/sbin/libvirtd
+
+.EX
+.PP
-+.B uucpd_tmp_t
++.B virtd_initrc_exec_t
+.EE
+
-+- Set files with the uucpd_tmp_t type, if you want to store uucpd temporary files in the /tmp directories.
++- Set files with the virtd_initrc_exec_t type, if you want to transition an executable to the virtd_initrc_t domain.
+
+
+.EX
+.PP
-+.B uucpd_var_run_t
++.B virtd_keytab_t
+.EE
+
-+- Set files with the uucpd_var_run_t type, if you want to store the uucpd files under the /run directory.
++- Set files with the virtd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
++.B virtd_lxc_exec_t
++.EE
++
++- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain.
+
+
+.PP
@@ -56456,19 +91986,32 @@ index 0000000..7f7f531
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
++SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
+.PP
-+The following port types are defined for uucpd:
++The following port types are defined for virtd:
+
+.EX
+.TP 5
-+.B uucpd_port_t
++.B virt_migration_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 540
++tcp 49152-49216
++.EE
++
++.EX
++.TP 5
++.B virt_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 16509,16514
++.EE
++udp 16509,16514
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -56476,18 +92019,204 @@ index 0000000..7f7f531
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible.
++SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
+.PP
-+The following process types are defined for uucpd:
++The following process types are defined for virtd:
+
+.EX
-+.B uucpd_t
++.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type virtd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B cgroup_t
++
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B dnsmasq_var_run_t
++
++ /var/run/libvirt/network(/.*)?
++.br
++ /var/run/dnsmasq\.pid
++.br
++
++.br
++.B hugetlbfs_t
++
++ /dev/hugepages
++.br
++ /lib/udev/devices/hugepages
++.br
++ /usr/lib/udev/devices/hugepages
++.br
++
++.br
++.B modules_conf_t
++
++ /etc/modprobe\.d(/.*)?
++.br
++ /etc/modules\.conf.*
++.br
++ /etc/modprobe\.conf.*
++.br
++ /lib/modules/modprobe\.conf
++.br
++ /usr/lib/modules/modprobe\.conf
++.br
++
++.br
++.B mtrr_device_t
++
++ /dev/cpu/mtrr
++.br
++
++.br
++.B qemu_var_run_t
++
++ /var/lib/libvirt/qemu(/.*)?
++.br
++ /var/run/libvirt/qemu(/.*)?
++.br
++
++.br
++.B security_t
++
++ /selinux
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B system_conf_t
++
++ /etc/sysctl\.conf(\.old)?
++.br
++ /etc/sysconfig/ip6?tables.*
++.br
++ /etc/sysconfig/ipvsadm.*
++.br
++ /etc/sysconfig/ebtables.*
++.br
++ /etc/sysconfig/system-config-firewall.*
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B virt_cache_t
++
++ /var/cache/oz(/.*)?
++.br
++ /var/cache/libvirt(/.*)?
++.br
++
++.br
++.B virt_etc_rw_t
++
++ /etc/xen/.*/.*
++.br
++ /etc/xen/[^/]*
++.br
++ /etc/libvirt/.*/.*
++.br
++ /etc/libvirt/[^/]*
++.br
++
++.br
++.B virt_home_t
++
++ /var/run/user/[^/]*/libguestfs(/.*)?
++.br
++ /home/[^/]*/\.libvirt(/.*)?
++.br
++ /home/[^/]*/\.virtinst(/.*)?
++.br
++ /home/[^/]*/\.cache/libvirt(/.*)?
++.br
++ /home/[^/]*/\.config/libvirt(/.*)?
++.br
++ /home/[^/]*/VirtualMachines(/.*)?
++.br
++ /home/[^/]*/\.cache/gnome-boxes(/.*)?
++.br
++
++.br
++.B virt_image_type
++
++ all virtual image files
++.br
++
++.br
++.B virt_lock_t
++
++
++.br
++.B virt_log_t
++
++ /var/log/log(/.*)?
++.br
++ /var/log/vdsm(/.*)?
++.br
++ /var/log/libvirt(/.*)?
++.br
++
++.br
++.B virt_lxc_var_run_t
++
++ /var/run/libvirt/lxc(/.*)?
++.br
++ /var/run/libvirt-sandbox(/.*)?
++.br
++
++.br
++.B virt_tmp_t
++
++
++.br
++.B virt_var_lib_t
++
++ /var/lib/oz(/.*)?
++.br
++ /var/lib/libvirt(/.*)?
++.br
++
++.br
++.B virt_var_run_t
++
++ /var/vdsm(/.*)?
++.br
++ /var/run/vdsm(/.*)?
++.br
++ /var/run/libvirt(/.*)?
++.br
++ /var/run/libguestfs(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56501,72 +92230,67 @@ index 0000000..7f7f531
+.B semanage port
+can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/uuidd_selinux.8 b/man/man8/uuidd_selinux.8
++selinux(8), virtd(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), virt_bridgehelper_selinux(8), virt_qmf_selinux(8), virtd_lxc_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/vlock_selinux.8 b/man/man8/vlock_selinux.8
new file mode 100644
-index 0000000..6a802e0
+index 0000000..2322b2f
--- /dev/null
-+++ b/man/man8/uuidd_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "uuidd_selinux" "8" "uuidd" "dwalsh at redhat.com" "uuidd SELinux Policy documentation"
++++ b/man/man8/vlock_selinux.8
+@@ -0,0 +1,117 @@
++.TH "vlock_selinux" "8" "vlock" "dwalsh at redhat.com" "vlock SELinux Policy documentation"
+.SH "NAME"
-+uuidd_selinux \- Security Enhanced Linux Policy for the uuidd processes
++vlock_selinux \- Security Enhanced Linux Policy for the vlock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uuidd processes via flexible mandatory access
++Security-Enhanced Linux secures the vlock processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux uuidd policy is very flexible allowing users to setup their uuidd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for uuidd:
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vlock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B uuidd_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the uuidd_exec_t type, if you want to transition an executable to the uuidd_t domain.
-+
-+
-+.EX
+.PP
-+.B uuidd_initrc_exec_t
-+.EE
-+
-+- Set files with the uuidd_initrc_exec_t type, if you want to transition an executable to the uuidd_initrc_t domain.
-+
++If you want to allow confined applications to run with kerberos for the vlock_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B uuidd_var_lib_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the uuidd_var_lib_t type, if you want to store the uuidd files under the /var/lib directory.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux vlock policy is very flexible allowing users to setup their vlock processes in as secure a method as possible.
++.PP
++The following file types are defined for vlock:
+
+
+.EX
+.PP
-+.B uuidd_var_run_t
++.B vlock_exec_t
+.EE
+
-+- Set files with the uuidd_var_run_t type, if you want to store the uuidd files under the /run directory.
++- Set files with the vlock_exec_t type, if you want to transition an executable to the vlock_t domain.
+
+
+.PP
@@ -56582,18 +92306,48 @@ index 0000000..6a802e0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux uuidd policy is very flexible allowing users to setup their uuidd processes in as secure a method as possible.
++SELinux vlock policy is very flexible allowing users to setup their vlock processes in as secure a method as possible.
+.PP
-+The following process types are defined for uuidd:
++The following process types are defined for vlock:
+
+.EX
-+.B uuidd_t
++.B vlock_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vlock_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56609,57 +92363,63 @@ index 0000000..6a802e0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/uux_selinux.8 b/man/man8/uux_selinux.8
++selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/vmware_host_selinux.8 b/man/man8/vmware_host_selinux.8
new file mode 100644
-index 0000000..94f9b00
+index 0000000..bc7c63c
--- /dev/null
-+++ b/man/man8/uux_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "uux_selinux" "8" "uux" "dwalsh at redhat.com" "uux SELinux Policy documentation"
++++ b/man/man8/vmware_host_selinux.8
+@@ -0,0 +1,130 @@
++.TH "vmware_host_selinux" "8" "vmware_host" "dwalsh at redhat.com" "vmware_host SELinux Policy documentation"
+.SH "NAME"
-+uux_selinux \- Security Enhanced Linux Policy for the uux processes
++vmware_host_selinux \- Security Enhanced Linux Policy for the vmware_host processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uux processes via flexible mandatory access
++Security-Enhanced Linux secures the vmware_host processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the uux_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux vmware_host policy is very flexible allowing users to setup their vmware_host processes in as secure a method as possible.
++.PP
++The following file types are defined for vmware_host:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B vmware_host_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the uux_t, you must turn on the kerberos_enabled boolean.
++- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/vmware-smbpasswd\.bin, /usr/lib/vmware/bin/vmware-vmx, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B vmware_host_pid_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux uux policy is very flexible allowing users to setup their uux processes in as secure a method as possible.
-+.PP
-+The following file types are defined for uux:
++- Set files with the vmware_host_pid_t type, if you want to store the vmware host files under the /run directory.
+
+
+.EX
+.PP
-+.B uux_exec_t
++.B vmware_host_tmp_t
+.EE
+
-+- Set files with the uux_exec_t type, if you want to transition an executable to the uux_t domain.
++- Set files with the vmware_host_tmp_t type, if you want to store vmware host temporary files in the /tmp directories.
+
+
+.PP
@@ -56675,18 +92435,54 @@ index 0000000..94f9b00
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux uux policy is very flexible allowing users to setup their uux processes in as secure a method as possible.
++SELinux vmware_host policy is very flexible allowing users to setup their vmware_host processes in as secure a method as possible.
+.PP
-+The following process types are defined for uux:
++The following process types are defined for vmware_host:
+
+.EX
-+.B uux_t
++.B vmware_host_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vmware_host_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B vmware_host_pid_t
++
++
++.br
++.B vmware_host_tmp_t
++
++
++.br
++.B vmware_log_t
++
++ /var/log/vmware.*
++.br
++ /var/log/vnetlib.*
++.br
++
++.br
++.B vmware_sys_conf_t
++
++ /etc/vmware.*(/.*)?
++.br
++ /usr/lib/vmware/config
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56702,108 +92498,141 @@ index 0000000..94f9b00
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), uux(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/varnishd_selinux.8 b/man/man8/varnishd_selinux.8
++selinux(8), vmware_host(8), semanage(8), restorecon(8), chcon(1)
++, vmware_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/vmware_selinux.8 b/man/man8/vmware_selinux.8
new file mode 100644
-index 0000000..5e7b955
+index 0000000..0350ac4
--- /dev/null
-+++ b/man/man8/varnishd_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "varnishd_selinux" "8" "varnishd" "dwalsh at redhat.com" "varnishd SELinux Policy documentation"
++++ b/man/man8/vmware_selinux.8
+@@ -0,0 +1,220 @@
++.TH "vmware_selinux" "8" "vmware" "dwalsh at redhat.com" "vmware SELinux Policy documentation"
+.SH "NAME"
-+varnishd_selinux \- Security Enhanced Linux Policy for the varnishd processes
++vmware_selinux \- Security Enhanced Linux Policy for the vmware processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the varnishd processes via flexible mandatory access
++Security-Enhanced Linux secures the vmware processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. varnishd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run varnishd with the tightest access possible.
-+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow varnishd to connect to all ports, not just HTTP, you must turn on the varnishd_connect_any boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux vmware policy is very flexible allowing users to setup their vmware processes in as secure a method as possible.
++.PP
++The following file types are defined for vmware:
++
+
+.EX
-+.B setsebool -P varnishd_connect_any 1
++.PP
++.B vmware_conf_t
+.EE
+
-+.SH NSSWITCH DOMAIN
++- Set files with the vmware_conf_t type, if you want to treat the files as vmware configuration data, usually stored under the /etc directory.
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the varnishd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B vmware_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the varnishd_t, you must turn on the kerberos_enabled boolean.
++- Set files with the vmware_exec_t type, if you want to transition an executable to the vmware_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/lib/vmware/bin/vmware-mks, /usr/lib/vmware/bin/vmplayer, /usr/bin/vmware-ping, /usr/lib/vmware/bin/vmware-ui, /usr/sbin/vmware-serverd, /usr/bin/vmware-wizard, /usr/bin/vmware
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B vmware_file_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
++- Set files with the vmware_file_t type, if you want to treat the files as vmware content.
++
++
++.EX
+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.B vmware_host_exec_t
++.EE
++
++- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/vmware-smbpasswd\.bin, /usr/lib/vmware/bin/vmware-vmx, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*
++
++.EX
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for varnishd:
++.B vmware_host_pid_t
++.EE
++
++- Set files with the vmware_host_pid_t type, if you want to store the vmware host files under the /run directory.
+
+
+.EX
+.PP
-+.B varnishd_etc_t
++.B vmware_host_tmp_t
+.EE
+
-+- Set files with the varnishd_etc_t type, if you want to store varnishd files in the /etc directories.
++- Set files with the vmware_host_tmp_t type, if you want to store vmware host temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B varnishd_exec_t
++.B vmware_log_t
+.EE
+
-+- Set files with the varnishd_exec_t type, if you want to transition an executable to the varnishd_t domain.
++- Set files with the vmware_log_t type, if you want to treat the data as vmware log data, usually stored under the /var/log directory.
+
++.br
++.TP 5
++Paths:
++/var/log/vmware.*, /var/log/vnetlib.*
+
+.EX
+.PP
-+.B varnishd_initrc_exec_t
++.B vmware_pid_t
+.EE
+
-+- Set files with the varnishd_initrc_exec_t type, if you want to transition an executable to the varnishd_initrc_t domain.
++- Set files with the vmware_pid_t type, if you want to store the vmware files under the /run directory.
+
+
+.EX
+.PP
-+.B varnishd_tmp_t
++.B vmware_sys_conf_t
+.EE
+
-+- Set files with the varnishd_tmp_t type, if you want to store varnishd temporary files in the /tmp directories.
++- Set files with the vmware_sys_conf_t type, if you want to treat the files as vmware sys configuration data, usually stored under the /etc directory.
+
++.br
++.TP 5
++Paths:
++/usr/lib/vmware/config, /etc/vmware.*(/.*)?
+
+.EX
+.PP
-+.B varnishd_var_lib_t
++.B vmware_tmp_t
+.EE
+
-+- Set files with the varnishd_var_lib_t type, if you want to store the varnishd files under the /var/lib directory.
++- Set files with the vmware_tmp_t type, if you want to store vmware temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B varnishd_var_run_t
++.B vmware_tmpfs_t
+.EE
+
-+- Set files with the varnishd_var_run_t type, if you want to store the varnishd files under the /run directory.
++- Set files with the vmware_tmpfs_t type, if you want to store vmware files on a tmpfs file system.
+
+
+.PP
@@ -56813,47 +92642,74 @@ index 0000000..5e7b955
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
-+.PP
-+The following port types are defined for varnishd:
-+
-+.EX
-+.TP 5
-+.B varnishd_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 6081-6082
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible.
++SELinux vmware policy is very flexible allowing users to setup their vmware processes in as secure a method as possible.
+.PP
-+The following process types are defined for varnishd:
++The following process types are defined for vmware:
+
+.EX
-+.B varnishd_t, varnishlog_t
++.B vmware_t, vmware_host_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vmware_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B usbfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B vmware_conf_t
++
++ /home/[^/]*/\.vmware[^/]*/.*\.cfg
++.br
++
++.br
++.B vmware_file_t
++
++ /home/[^/]*/vmware(/.*)?
++.br
++ /home/[^/]*/\.vmware(/.*)?
++.br
++
++.br
++.B vmware_pid_t
++
++
++.br
++.B vmware_tmp_t
++
++
++.br
++.B vmware_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56864,35 +92720,29 @@ index 0000000..5e7b955
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), varnishd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1)
++, vmware_host_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/varnishlog_selinux.8 b/man/man8/varnishlog_selinux.8
+diff --git a/man/man8/vnstat_selinux.8 b/man/man8/vnstat_selinux.8
new file mode 100644
-index 0000000..4f51e3f
+index 0000000..0a663db
--- /dev/null
-+++ b/man/man8/varnishlog_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "varnishlog_selinux" "8" "varnishlog" "dwalsh at redhat.com" "varnishlog SELinux Policy documentation"
++++ b/man/man8/vnstat_selinux.8
+@@ -0,0 +1,108 @@
++.TH "vnstat_selinux" "8" "vnstat" "dwalsh at redhat.com" "vnstat SELinux Policy documentation"
+.SH "NAME"
-+varnishlog_selinux \- Security Enhanced Linux Policy for the varnishlog processes
++vnstat_selinux \- Security Enhanced Linux Policy for the vnstat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the varnishlog processes via flexible mandatory access
++Security-Enhanced Linux secures the vnstat processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -56903,54 +92753,42 @@ index 0000000..4f51e3f
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux varnishlog policy is very flexible allowing users to setup their varnishlog processes in as secure a method as possible.
++SELinux vnstat policy is very flexible allowing users to setup their vnstat processes in as secure a method as possible.
+.PP
-+The following file types are defined for varnishlog:
++The following file types are defined for vnstat:
+
+
+.EX
+.PP
-+.B varnishlog_exec_t
++.B vnstat_exec_t
+.EE
+
-+- Set files with the varnishlog_exec_t type, if you want to transition an executable to the varnishlog_t domain.
++- Set files with the vnstat_exec_t type, if you want to transition an executable to the vnstat_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/varnisncsa, /usr/bin/varnishlog
+
+.EX
+.PP
-+.B varnishlog_initrc_exec_t
++.B vnstatd_exec_t
+.EE
+
-+- Set files with the varnishlog_initrc_exec_t type, if you want to transition an executable to the varnishlog_initrc_t domain.
++- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa
+
+.EX
+.PP
-+.B varnishlog_log_t
++.B vnstatd_var_lib_t
+.EE
+
-+- Set files with the varnishlog_log_t type, if you want to treat the data as varnishlog log data, usually stored under the /var/log directory.
++- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
+
+
+.EX
+.PP
-+.B varnishlog_var_run_t
++.B vnstatd_var_run_t
+.EE
+
-+- Set files with the varnishlog_var_run_t type, if you want to store the varnishlog files under the /run directory.
++- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/varnishncsa\.pid, /var/run/varnishlog\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -56965,18 +92803,28 @@ index 0000000..4f51e3f
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux varnishlog policy is very flexible allowing users to setup their varnishlog processes in as secure a method as possible.
++SELinux vnstat policy is very flexible allowing users to setup their vnstat processes in as secure a method as possible.
+.PP
-+The following process types are defined for varnishlog:
++The following process types are defined for vnstat:
+
+.EX
-+.B varnishlog_t
++.B vnstat_t, vnstatd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vnstat_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B vnstatd_var_lib_t
++
++ /var/lib/vnstat(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -56992,35 +92840,26 @@ index 0000000..4f51e3f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vbetool_selinux.8 b/man/man8/vbetool_selinux.8
++selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1)
++, vnstatd_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8
new file mode 100644
-index 0000000..502e672
+index 0000000..96ff2ef
--- /dev/null
-+++ b/man/man8/vbetool_selinux.8
-@@ -0,0 +1,88 @@
-+.TH "vbetool_selinux" "8" "vbetool" "dwalsh at redhat.com" "vbetool SELinux Policy documentation"
++++ b/man/man8/vnstatd_selinux.8
+@@ -0,0 +1,106 @@
++.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh at redhat.com" "vnstatd SELinux Policy documentation"
+.SH "NAME"
-+vbetool_selinux \- Security Enhanced Linux Policy for the vbetool processes
++vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vbetool processes via flexible mandatory access
++Security-Enhanced Linux secures the vnstatd processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. vbetool policy is extremely flexible and has several booleans that allow you to manipulate the policy and run vbetool with the tightest access possible.
-+
-+
-+.PP
-+If you want to ignore vbetool mmap_zero errors, you must turn on the vbetool_mmap_zero_ignore boolean.
-+
-+.EX
-+.B setsebool -P vbetool_mmap_zero_ignore 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -57029,17 +92868,33 @@ index 0000000..502e672
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vbetool policy is very flexible allowing users to setup their vbetool processes in as secure a method as possible.
++SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
+.PP
-+The following file types are defined for vbetool:
++The following file types are defined for vnstatd:
+
+
+.EX
+.PP
-+.B vbetool_exec_t
++.B vnstatd_exec_t
+.EE
+
-+- Set files with the vbetool_exec_t type, if you want to transition an executable to the vbetool_t domain.
++- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
++
++
++.EX
++.PP
++.B vnstatd_var_lib_t
++.EE
++
++- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B vnstatd_var_run_t
++.EE
++
++- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
+
+
+.PP
@@ -57055,18 +92910,34 @@ index 0000000..502e672
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vbetool policy is very flexible allowing users to setup their vbetool processes in as secure a method as possible.
++SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
+.PP
-+The following process types are defined for vbetool:
++The following process types are defined for vnstatd:
+
+.EX
-+.B vbetool_t
++.B vnstat_t, vnstatd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vnstatd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B vnstatd_var_lib_t
++
++ /var/lib/vnstat(/.*)?
++.br
++
++.br
++.B vnstatd_var_run_t
++
++ /var/run/vnstat\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -57077,78 +92948,85 @@ index 0000000..502e672
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vbetool(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1)
++, vnstat_selinux(8), vnstat_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/vdagent_selinux.8 b/man/man8/vdagent_selinux.8
+diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8
new file mode 100644
-index 0000000..f8c8221
+index 0000000..52873e2
--- /dev/null
-+++ b/man/man8/vdagent_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "vdagent_selinux" "8" "vdagent" "dwalsh at redhat.com" "vdagent SELinux Policy documentation"
++++ b/man/man8/vpnc_selinux.8
+@@ -0,0 +1,147 @@
++.TH "vpnc_selinux" "8" "vpnc" "dwalsh at redhat.com" "vpnc SELinux Policy documentation"
+.SH "NAME"
-+vdagent_selinux \- Security Enhanced Linux Policy for the vdagent processes
++vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vdagent processes via flexible mandatory access
++Security-Enhanced Linux secures the vpnc processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vpnc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the vpnc_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vdagent policy is very flexible allowing users to setup their vdagent processes in as secure a method as possible.
++SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
+.PP
-+The following file types are defined for vdagent:
++The following file types are defined for vpnc:
+
+
+.EX
+.PP
-+.B vdagent_exec_t
++.B vpnc_exec_t
+.EE
+
-+- Set files with the vdagent_exec_t type, if you want to transition an executable to the vdagent_t domain.
++- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
+
+.EX
+.PP
-+.B vdagent_log_t
++.B vpnc_tmp_t
+.EE
+
-+- Set files with the vdagent_log_t type, if you want to treat the data as vdagent log data, usually stored under the /var/log directory.
++- Set files with the vpnc_tmp_t type, if you want to store vpnc temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/spice-vdagentd\.log.*, /var/log/spice-vdagentd(/.*)?
+
+.EX
+.PP
-+.B vdagent_var_run_t
++.B vpnc_var_run_t
+.EE
+
-+- Set files with the vdagent_var_run_t type, if you want to store the vdagent files under the /run directory.
++- Set files with the vpnc_var_run_t type, if you want to store the vpnc files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/spice-vdagentd.\pid, /var/run/spice-vdagentd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -57163,18 +93041,58 @@ index 0000000..f8c8221
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vdagent policy is very flexible allowing users to setup their vdagent processes in as secure a method as possible.
++SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
+.PP
-+The following process types are defined for vdagent:
++The following process types are defined for vpnc:
+
+.EX
-+.B vdagent_t
++.B vpnc_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type vpnc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B net_conf_t
++
++ /etc/ntpd?\.conf.*
++.br
++ /etc/hosts[^/]*
++.br
++ /etc/yp\.conf.*
++.br
++ /etc/denyhosts.*
++.br
++ /etc/hosts\.deny.*
++.br
++ /etc/resolv\.conf.*
++.br
++ /etc/ntp/step-tickers.*
++.br
++ /etc/sysconfig/networking(/.*)?
++.br
++ /etc/sysconfig/network-scripts(/.*)?
++.br
++ /etc/sysconfig/network-scripts/.*resolv\.conf
++.br
++ /etc/ethers
++.br
++
++.br
++.B vpnc_tmp_t
++
++
++.br
++.B vpnc_var_run_t
++
++ /var/run/vpnc(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -57190,38 +93108,38 @@ index 0000000..f8c8221
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vhostmd_selinux.8 b/man/man8/vhostmd_selinux.8
++selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8
new file mode 100644
-index 0000000..f840982
+index 0000000..22d7269
--- /dev/null
-+++ b/man/man8/vhostmd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "vhostmd_selinux" "8" "vhostmd" "dwalsh at redhat.com" "vhostmd SELinux Policy documentation"
++++ b/man/man8/wdmd_selinux.8
+@@ -0,0 +1,125 @@
++.TH "wdmd_selinux" "8" "wdmd" "dwalsh at redhat.com" "wdmd SELinux Policy documentation"
+.SH "NAME"
-+vhostmd_selinux \- Security Enhanced Linux Policy for the vhostmd processes
++wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vhostmd processes via flexible mandatory access
++Security-Enhanced Linux secures the wdmd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vhostmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the wdmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the vhostmd_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the wdmd_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -57230,41 +93148,41 @@ index 0000000..f840982
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vhostmd policy is very flexible allowing users to setup their vhostmd processes in as secure a method as possible.
++SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
+.PP
-+The following file types are defined for vhostmd:
++The following file types are defined for wdmd:
+
+
+.EX
+.PP
-+.B vhostmd_exec_t
++.B wdmd_exec_t
+.EE
+
-+- Set files with the vhostmd_exec_t type, if you want to transition an executable to the vhostmd_t domain.
++- Set files with the wdmd_exec_t type, if you want to transition an executable to the wdmd_t domain.
+
+
+.EX
+.PP
-+.B vhostmd_initrc_exec_t
++.B wdmd_initrc_exec_t
+.EE
+
-+- Set files with the vhostmd_initrc_exec_t type, if you want to transition an executable to the vhostmd_initrc_t domain.
++- Set files with the wdmd_initrc_exec_t type, if you want to transition an executable to the wdmd_initrc_t domain.
+
+
+.EX
+.PP
-+.B vhostmd_tmpfs_t
++.B wdmd_tmpfs_t
+.EE
+
-+- Set files with the vhostmd_tmpfs_t type, if you want to store vhostmd files on a tmpfs file system.
++- Set files with the wdmd_tmpfs_t type, if you want to store wdmd files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B vhostmd_var_run_t
++.B wdmd_var_run_t
+.EE
+
-+- Set files with the vhostmd_var_run_t type, if you want to store the vhostmd files under the /run directory.
++- Set files with the wdmd_var_run_t type, if you want to store the wdmd files under the /run directory.
+
+
+.PP
@@ -57280,18 +93198,32 @@ index 0000000..f840982
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vhostmd policy is very flexible allowing users to setup their vhostmd processes in as secure a method as possible.
++SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
+.PP
-+The following process types are defined for vhostmd:
++The following process types are defined for wdmd:
+
+.EX
-+.B vhostmd_t
++.B wdmd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type wdmd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B wdmd_tmpfs_t
++
++
++.br
++.B wdmd_var_run_t
++
++ /var/run/wdmd(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -57307,87 +93239,232 @@ index 0000000..f840982
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/virsh_selinux.8 b/man/man8/virsh_selinux.8
++selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/webadm_selinux.8 b/man/man8/webadm_selinux.8
new file mode 100644
-index 0000000..f603d57
+index 0000000..6cd1bb8
--- /dev/null
-+++ b/man/man8/virsh_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "virsh_selinux" "8" "virsh" "dwalsh at redhat.com" "virsh SELinux Policy documentation"
++++ b/man/man8/webadm_selinux.8
+@@ -0,0 +1,240 @@
++.TH "webadm_selinux" "8" "webadm" "mgrepl at redhat.com" "webadm SELinux Policy documentation"
+.SH "NAME"
-+virsh_selinux \- Security Enhanced Linux Policy for the virsh processes
-+.SH "DESCRIPTION"
++webadm_r \- \fBWeb administrator role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the virsh processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control (RBAC), some Linux roles are login roles, while other roles need to be transition into.
++
++.I Note:
++Examples in this man page will use the
++.B staff_u
++SELinux user.
++
++Non login roles are usually used for administrative tasks. For example, tasks that require root privileges. Roles control which types a user can run processes with. Roles often have default types assigned to them.
++
++The default type for the webadm_r role is webadm_t.
++
++The
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r webadm_r -t webadm_t
++
++.B sudo
++is the preferred method to do transition from one role to another. You setup sudo to transition to webadm_r by adding a similar line to the /etc/sudoers file.
++
++USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
++
++.br
++sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
++
++When using a a non login role, you need to setup SELinux so that your SELinux user can reach webadm_r role.
++
++Execute the following to see all of the assigned SELinux roles:
++
++.B semanage user -l
++
++You need to add webadm_r to the staff_u user. You could setup the staff_u user to be able to use the webadm_r role with a command like:
++
++.B $ semanage user -m -R 'staff_r system_r webadm_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the staff_r, unconfined_r roles can transition to the webadm_r role.
++
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. webadm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run webadm with the tightest access possible.
+
-+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virsh_ssh_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P webadm_read_user_files 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the virsh_ssh_t, you must turn on the kerberos_enabled boolean.
++If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P webadm_manage_user_files 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux virsh policy is very flexible allowing users to setup their virsh processes in as secure a method as possible.
-+.PP
-+The following file types are defined for virsh:
++.SH "MANAGED FILES"
+
++The SELinux user type webadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B virsh_exec_t
-+.EE
++.br
++.B httpd_config_t
+
-+- Set files with the virsh_exec_t type, if you want to transition an executable to the virsh_t domain.
++ /etc/httpd(/.*)?
++.br
++ /etc/apache(2)?(/.*)?
++.br
++ /etc/cherokee(/.*)?
++.br
++ /etc/lighttpd(/.*)?
++.br
++ /etc/apache-ssl(2)?(/.*)?
++.br
++ /var/lib/stickshift/.httpd.d(/.*)?
++.br
++ /etc/vhosts
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/bin/virt-sandbox-service.*, /usr/bin/virsh
++.B httpd_lock_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux virsh policy is very flexible allowing users to setup their virsh processes in as secure a method as possible.
-+.PP
-+The following process types are defined for virsh:
++.br
++.B httpd_log_t
++
++ /var/www(/.*)?/logs(/.*)?
++.br
++ /var/log/cacti(/.*)?
++.br
++ /var/log/httpd(/.*)?
++.br
++ /var/log/apache(2)?(/.*)?
++.br
++ /var/log/cherokee(/.*)?
++.br
++ /var/log/lighttpd(/.*)?
++.br
++ /var/log/suphp\.log.*
++.br
++ /var/log/apache-ssl(2)?(/.*)?
++.br
++ /var/log/cgiwrap\.log.*
++.br
++ /var/log/roundcubemail(/.*)?
++.br
++ /var/log/dirsrv/admin-serv(/.*)?
++.br
++ /etc/httpd/logs
++.br
++
++.br
++.B httpd_modules_t
++
++ /usr/lib/httpd(/.*)?
++.br
++ /usr/lib/apache(/.*)?
++.br
++ /usr/lib/cherokee(/.*)?
++.br
++ /usr/lib/lighttpd(/.*)?
++.br
++ /usr/lib/apache2/modules(/.*)?
++.br
++ /etc/httpd/modules
++.br
++
++.br
++.B httpd_php_tmp_t
++
++
++.br
++.B httpd_script_exec_type
++
++
++.br
++.B httpd_suexec_tmp_t
++
++
++.br
++.B httpd_tmp_t
++
++ /var/run/user/apache(/.*)?
++.br
++
++.br
++.B httpd_unit_file_t
++
++ /usr/lib/systemd/system/httpd.*
++.br
++ /usr/lib/systemd/system/jetty.*
++.br
++
++.br
++.B httpd_var_run_t
++
++ /var/run/mod_.*
++.br
++ /var/run/wsgi.*
++.br
++ /var/run/httpd.*
++.br
++ /var/run/apache.*
++.br
++ /var/run/lighttpd(/.*)?
++.br
++ /var/lib/php/session(/.*)?
++.br
++ /var/run/dirsrv/admin-serv.*
++.br
++ /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?
++.br
++ /var/run/gcache_port
++.br
++ /var/run/cherokee\.pid
++.br
++
++.br
++.B httpdcontent
++
++
++.br
++.B public_content_rw_t
++
++ /var/spool/abrt-upload(/.*)?
++.br
++
++.br
++.B systemd_passwd_var_run_t
+
-+.EX
-+.B virsh_ssh_t, virsh_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B var_lock_t
++
++ /var/lock(/.*)?
++.br
++ /run/lock(/.*)?
++.br
++ /var/lock
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -57399,110 +93476,48 @@ index 0000000..f603d57
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/virt_selinux.8 b/man/man8/virt_selinux.8
++selinux(8), webadm(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/webalizer_selinux.8 b/man/man8/webalizer_selinux.8
new file mode 100644
-index 0000000..8dc1d8d
+index 0000000..1ae795d
--- /dev/null
-+++ b/man/man8/virt_selinux.8
-@@ -0,0 +1,373 @@
-+.TH "virt_selinux" "8" "virt" "dwalsh at redhat.com" "virt SELinux Policy documentation"
++++ b/man/man8/webalizer_selinux.8
+@@ -0,0 +1,189 @@
++.TH "webalizer_selinux" "8" "webalizer" "dwalsh at redhat.com" "webalizer SELinux Policy documentation"
+.SH "NAME"
-+virt_selinux \- Security Enhanced Linux Policy for the virt processes
++webalizer_selinux \- Security Enhanced Linux Policy for the webalizer processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the virt processes via flexible mandatory access
++Security-Enhanced Linux secures the webalizer processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. virt policy is extremely flexible and has several booleans that allow you to manipulate the policy and run virt with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use serial/parallel communication ports, you must turn on the virt_use_comm boolean.
-+
-+.EX
-+.B setsebool -P virt_use_comm 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
-+
-+.EX
-+.B setsebool -P virt_use_xserver 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to manage device configuration, (pci), you must turn on the virt_use_sysfs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_sysfs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
-+
-+.EX
-+.B setsebool -P virt_use_sanlock 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
-+
-+.EX
-+.B setsebool -P virt_use_execmem 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to read fuse files, you must turn on the virt_use_fusefs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_fusefs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
-+
-+.EX
-+.B setsebool -P virt_use_usb 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
-+
-+.EX
-+.B setsebool -P virt_use_samba 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virtd_t, virtd_lxc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the webalizer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the virtd_t, virtd_lxc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the webalizer_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -57511,193 +93526,212 @@ index 0000000..8dc1d8d
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux virt policy is very flexible allowing users to setup their virt processes in as secure a method as possible.
++SELinux webalizer policy is very flexible allowing users to setup their webalizer processes in as secure a method as possible.
+.PP
-+The following file types are defined for virt:
++The following file types are defined for webalizer:
+
+
+.EX
+.PP
-+.B virt_bridgehelper_exec_t
++.B webalizer_etc_t
+.EE
+
-+- Set files with the virt_bridgehelper_exec_t type, if you want to transition an executable to the virt_bridgehelper_t domain.
++- Set files with the webalizer_etc_t type, if you want to store webalizer files in the /etc directories.
+
+
+.EX
+.PP
-+.B virt_cache_t
++.B webalizer_exec_t
+.EE
+
-+- Set files with the virt_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the webalizer_exec_t type, if you want to transition an executable to the webalizer_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/cache/oz(/.*)?, /var/cache/libvirt(/.*)?
++/usr/bin/webalizer, /usr/bin/awffull
+
+.EX
+.PP
-+.B virt_content_t
++.B webalizer_tmp_t
+.EE
+
-+- Set files with the virt_content_t type, if you want to treat the files as virt content.
++- Set files with the webalizer_tmp_t type, if you want to store webalizer temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/vdsm(/.*)?, /var/lib/oz/isos(/.*)?, /var/lib/libvirt/boot(/.*)?, /var/lib/libvirt/isos(/.*)?
+
+.EX
+.PP
-+.B virt_etc_rw_t
++.B webalizer_usage_t
+.EE
+
-+- Set files with the virt_etc_rw_t type, if you want to treat the files as virt etc read/write content.
++- Set files with the webalizer_usage_t type, if you want to treat the files as webalizer usage data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/libvirt/.*/.*, /etc/xen/.*/.*, /etc/xen/[^/]*, /etc/libvirt/[^/]*
+
+.EX
+.PP
-+.B virt_etc_t
++.B webalizer_var_lib_t
+.EE
+
-+- Set files with the virt_etc_t type, if you want to store virt files in the /etc directories.
++- Set files with the webalizer_var_lib_t type, if you want to store the webalizer files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/libvirt/[^/]*, /etc/libvirt, /etc/xen/[^/]*, /etc/xen
+
+.EX
+.PP
-+.B virt_home_t
++.B webalizer_write_t
+.EE
+
-+- Set files with the virt_home_t type, if you want to store virt files in the users home directory.
++- Set files with the webalizer_write_t type, if you want to treat the files as webalizer read/write content.
+
+
-+.EX
+.PP
-+.B virt_image_t
-+.EE
-+
-+- Set files with the virt_image_t type, if you want to treat the files as virt image data.
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/imagefactory/images(/.*)?, /var/lib/libvirt/images(/.*)?
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux webalizer policy is very flexible allowing users to setup their webalizer processes in as secure a method as possible.
++.PP
++The following process types are defined for webalizer:
+
+.EX
-+.PP
-+.B virt_lock_t
++.B webalizer_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+- Set files with the virt_lock_t type, if you want to treat the files as virt lock data, stored under the /var/lock directory
++.SH "MANAGED FILES"
+
++The SELinux user type webalizer_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.PP
-+.B virt_log_t
-+.EE
++.br
++.B anon_inodefs_t
+
-+- Set files with the virt_log_t type, if you want to treat the data as virt log data, usually stored under the /var/log directory.
+
+.br
-+.TP 5
-+Paths:
-+/var/log/log(/.*)?, /var/log/vdsm(/.*)?, /var/log/libvirt(/.*)?
-+
-+.EX
-+.PP
-+.B virt_lxc_var_run_t
-+.EE
++.B httpd_sys_content_t
+
-+- Set files with the virt_lxc_var_run_t type, if you want to store the virt lxc files under the /run directory.
++ /srv/([^/]*/)?www(/.*)?
++.br
++ /var/www(/.*)?
++.br
++ /etc/htdig(/.*)?
++.br
++ /srv/gallery2(/.*)?
++.br
++ /var/lib/trac(/.*)?
++.br
++ /var/lib/htdig(/.*)?
++.br
++ /var/www/icons(/.*)?
++.br
++ /usr/share/htdig(/.*)?
++.br
++ /usr/share/drupal.*
++.br
++ /var/www/svn/conf(/.*)?
++.br
++ /usr/share/icecast(/.*)?
++.br
++ /usr/share/mythweb(/.*)?
++.br
++ /var/lib/cacti/rra(/.*)?
++.br
++ /usr/share/ntop/html(/.*)?
++.br
++ /usr/share/mythtv/data(/.*)?
++.br
++ /usr/share/doc/ghc/html(/.*)?
++.br
++ /usr/share/openca/htdocs(/.*)?
++.br
++ /usr/share/selinux-policy[^/]*/html(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/var/run/libvirt-sandbox(/.*)?, /var/run/libvirt/lxc(/.*)?
++.B webalizer_tmp_t
+
-+.EX
-+.PP
-+.B virt_qmf_exec_t
-+.EE
+
-+- Set files with the virt_qmf_exec_t type, if you want to transition an executable to the virt_qmf_t domain.
++.br
++.B webalizer_var_lib_t
+
++ /var/lib/webalizer(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B virt_tmp_t
-+.EE
-+
-+- Set files with the virt_tmp_t type, if you want to store virt temporary files in the /tmp directories.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B virt_var_lib_t
-+.EE
-+
-+- Set files with the virt_var_lib_t type, if you want to store the virt files under the /var/lib directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/oz(/.*)?, /var/lib/libvirt(/.*)?
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B virt_var_run_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the virt_var_run_t type, if you want to store the virt files under the /run directory.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/vdsm(/.*)?, /var/run/libguestfs(/.*)?, /var/vdsm(/.*)?, /var/run/libvirt(/.*)?
++.SH "SEE ALSO"
++selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/winbind_helper_selinux.8 b/man/man8/winbind_helper_selinux.8
+new file mode 100644
+index 0000000..ba1693e
+--- /dev/null
++++ b/man/man8/winbind_helper_selinux.8
+@@ -0,0 +1,92 @@
++.TH "winbind_helper_selinux" "8" "winbind_helper" "dwalsh at redhat.com" "winbind_helper SELinux Policy documentation"
++.SH "NAME"
++winbind_helper_selinux \- Security Enhanced Linux Policy for the winbind_helper processes
++.SH "DESCRIPTION"
+
-+.EX
-+.PP
-+.B virtd_exec_t
-+.EE
++Security-Enhanced Linux secures the winbind_helper processes via flexible mandatory access
++control.
+
-+- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain.
++.SH NSSWITCH DOMAIN
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/condor_vm-gahp, /usr/bin/imagefactory, /usr/bin/vios-proxy-host, /usr/bin/imgfac\.py, /usr/bin/vios-proxy-guest, /usr/bin/nova-compute, /usr/sbin/libvirtd
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the winbind_helper_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B virtd_initrc_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the virtd_initrc_exec_t type, if you want to transition an executable to the virtd_initrc_t domain.
-+
++.PP
++If you want to allow confined applications to run with kerberos for the winbind_helper_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B virtd_keytab_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the virtd_keytab_t type, if you want to treat the files as kerberos keytab files.
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux winbind_helper policy is very flexible allowing users to setup their winbind_helper processes in as secure a method as possible.
++.PP
++The following file types are defined for winbind_helper:
+
+
+.EX
+.PP
-+.B virtd_lxc_exec_t
++.B winbind_helper_exec_t
+.EE
+
-+- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain.
++- Set files with the winbind_helper_exec_t type, if you want to transition an executable to the winbind_helper_t domain.
+
+
+.PP
@@ -57707,60 +93741,28 @@ index 0000000..8dc1d8d
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux virt policy is very flexible allowing users to setup their virt processes in as secure a method as possible.
-+.PP
-+The following port types are defined for virt:
-+
-+.EX
-+.TP 5
-+.B virt_migration_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 49152-49216
-+.EE
-+
-+.EX
-+.TP 5
-+.B virt_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 16509,16514
-+.EE
-+udp 16509,16514
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux virt policy is very flexible allowing users to setup their virt processes in as secure a method as possible.
++SELinux winbind_helper policy is very flexible allowing users to setup their winbind_helper processes in as secure a method as possible.
+.PP
-+The following process types are defined for virt:
++The following process types are defined for winbind_helper:
+
+.EX
-+.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t
++.B winbind_helper_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type winbind_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -57771,118 +93773,56 @@ index 0000000..8dc1d8d
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), virt(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), winbind_helper(8), semanage(8), restorecon(8), chcon(1)
++, winbind_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/virtd_selinux.8 b/man/man8/virtd_selinux.8
+diff --git a/man/man8/winbind_selinux.8 b/man/man8/winbind_selinux.8
new file mode 100644
-index 0000000..196fc17
+index 0000000..fbc135e
--- /dev/null
-+++ b/man/man8/virtd_selinux.8
-@@ -0,0 +1,225 @@
-+.TH "virtd_selinux" "8" "virtd" "dwalsh at redhat.com" "virtd SELinux Policy documentation"
++++ b/man/man8/winbind_selinux.8
+@@ -0,0 +1,258 @@
++.TH "winbind_selinux" "8" "winbind" "dwalsh at redhat.com" "winbind SELinux Policy documentation"
+.SH "NAME"
-+virtd_selinux \- Security Enhanced Linux Policy for the virtd processes
++winbind_selinux \- Security Enhanced Linux Policy for the winbind processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the virtd processes via flexible mandatory access
++Security-Enhanced Linux secures the winbind processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. virtd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run virtd with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use serial/parallel communication ports, you must turn on the virt_use_comm boolean.
-+
-+.EX
-+.B setsebool -P virt_use_comm 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
-+
-+.EX
-+.B setsebool -P virt_use_xserver 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to manage device configuration, (pci), you must turn on the virt_use_sysfs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_sysfs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
-+
-+.EX
-+.B setsebool -P virt_use_sanlock 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
-+
-+.EX
-+.B setsebool -P virt_use_execmem 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to read fuse files, you must turn on the virt_use_fusefs boolean.
-+
-+.EX
-+.B setsebool -P virt_use_fusefs 1
-+.EE
-+
-+.PP
-+If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
++SELinux policy is customizable based on least access required. winbind policy is extremely flexible and has several booleans that allow you to manipulate the policy and run winbind with the tightest access possible.
+
-+.EX
-+.B setsebool -P virt_use_usb 1
-+.EE
+
+.PP
-+If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
++If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
+
+.EX
-+.B setsebool -P virt_use_samba 1
++.B setsebool -P httpd_mod_auth_ntlm_winbind 1
+.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the virtd_t, virtd_lxc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the winbind_helper_t, winbind_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the virtd_t, virtd_lxc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the winbind_helper_t, winbind_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -57891,46 +93831,46 @@ index 0000000..196fc17
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
++SELinux winbind policy is very flexible allowing users to setup their winbind processes in as secure a method as possible.
+.PP
-+The following file types are defined for virtd:
++The following file types are defined for winbind:
+
+
+.EX
+.PP
-+.B virtd_exec_t
++.B winbind_exec_t
+.EE
+
-+- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain.
++- Set files with the winbind_exec_t type, if you want to transition an executable to the winbind_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/condor_vm-gahp, /usr/bin/imagefactory, /usr/bin/vios-proxy-host, /usr/bin/imgfac\.py, /usr/bin/vios-proxy-guest, /usr/bin/nova-compute, /usr/sbin/libvirtd
+
+.EX
+.PP
-+.B virtd_initrc_exec_t
++.B winbind_helper_exec_t
+.EE
+
-+- Set files with the virtd_initrc_exec_t type, if you want to transition an executable to the virtd_initrc_t domain.
++- Set files with the winbind_helper_exec_t type, if you want to transition an executable to the winbind_helper_t domain.
+
+
+.EX
+.PP
-+.B virtd_keytab_t
++.B winbind_log_t
+.EE
+
-+- Set files with the virtd_keytab_t type, if you want to treat the files as kerberos keytab files.
++- Set files with the winbind_log_t type, if you want to treat the data as winbind log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B virtd_lxc_exec_t
++.B winbind_var_run_t
+.EE
+
-+- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain.
++- Set files with the winbind_var_run_t type, if you want to store the winbind files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/cache/samba/winbindd_privileged(/.*)?, /var/lib/samba/winbindd_privileged(/.*)?, /var/run/winbindd(/.*)?, /var/run/samba/winbindd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -57939,59 +93879,151 @@ index 0000000..196fc17
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
++Policy governs the access confined processes have to files.
++SELinux winbind policy is very flexible allowing users to setup their winbind processes in as secure a method as possible.
+.PP
-+The following port types are defined for virtd:
++The following process types are defined for winbind:
+
+.EX
-+.TP 5
-+.B virt_migration_port_t
-+.TP 10
++.B winbind_helper_t, winbind_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+Default Defined Ports:
-+tcp 49152-49216
-+.EE
++The SELinux user type winbind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.EX
-+.TP 5
-+.B virt_port_t
-+.TP 10
-+.EE
++.br
++.B auth_cache_t
+
++ /var/cache/coolkey(/.*)?
++.br
+
-+Default Defined Ports:
-+tcp 16509,16514
-+.EE
-+udp 16509,16514
-+.EE
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for virtd:
++.br
++.B ctdbd_var_lib_t
++
++ /etc/ctdb(/.*)?
++.br
++ /var/ctdb(/.*)?
++.br
++ /var/ctdbd(/.*)?
++.br
++ /var/lib/ctdbd(/.*)?
++.br
++
++.br
++.B faillog_t
++
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
++
++.br
++.B pcscd_var_run_t
++
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
++
++.br
++.B samba_log_t
++
++ /var/log/samba(/.*)?
++.br
++
++.br
++.B samba_secrets_t
++
++ /etc/samba/smbpasswd
++.br
++ /etc/samba/passdb\.tdb
++.br
++ /etc/samba/MACHINE\.SID
++.br
++ /etc/samba/secrets\.tdb
++.br
++
++.br
++.B samba_var_t
++
++ /var/lib/samba(/.*)?
++.br
++ /var/cache/samba(/.*)?
++.br
++ /var/spool/samba(/.*)?
++.br
++
++.br
++.B smbd_tmp_t
++
++
++.br
++.B smbd_var_run_t
++
++ /var/run/samba(/.*)?
++.br
++ /var/run/samba/smbd\.pid
++.br
++ /var/run/samba/brlock\.tdb
++.br
++ /var/run/samba/locking\.tdb
++.br
++ /var/run/samba/gencache\.tdb
++.br
++ /var/run/samba/sessionid\.tdb
++.br
++ /var/run/samba/share_info\.tdb
++.br
++ /var/run/samba/connections\.tdb
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
+
-+.EX
-+.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B winbind_log_t
++
++
++.br
++.B winbind_var_run_t
++
++ /var/run/winbindd(/.*)?
++.br
++ /var/run/samba/winbindd(/.*)?
++.br
++ /var/lib/samba/winbindd_privileged(/.*)?
++.br
++ /var/cache/samba/winbindd_privileged(/.*)?
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -58003,9 +94035,6 @@ index 0000000..196fc17
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -58014,59 +94043,68 @@ index 0000000..196fc17
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), virtd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), winbind(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), winbind_helper_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/vlock_selinux.8 b/man/man8/vlock_selinux.8
+diff --git a/man/man8/wine_selinux.8 b/man/man8/wine_selinux.8
new file mode 100644
-index 0000000..3db3dd5
+index 0000000..29697df
--- /dev/null
-+++ b/man/man8/vlock_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "vlock_selinux" "8" "vlock" "dwalsh at redhat.com" "vlock SELinux Policy documentation"
++++ b/man/man8/wine_selinux.8
+@@ -0,0 +1,108 @@
++.TH "wine_selinux" "8" "wine" "dwalsh at redhat.com" "wine SELinux Policy documentation"
+.SH "NAME"
-+vlock_selinux \- Security Enhanced Linux Policy for the vlock processes
++wine_selinux \- Security Enhanced Linux Policy for the wine processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vlock processes via flexible mandatory access
++Security-Enhanced Linux secures the wine processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
-+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vlock_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. wine policy is extremely flexible and has several booleans that allow you to manipulate the policy and run wine with the tightest access possible.
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the vlock_t, you must turn on the kerberos_enabled boolean.
++If you want to ignore wine mmap_zero errors, you must turn on the wine_mmap_zero_ignore boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P wine_mmap_zero_ignore 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vlock policy is very flexible allowing users to setup their vlock processes in as secure a method as possible.
++SELinux wine policy is very flexible allowing users to setup their wine processes in as secure a method as possible.
+.PP
-+The following file types are defined for vlock:
++The following file types are defined for wine:
+
+
+.EX
+.PP
-+.B vlock_exec_t
++.B wine_exec_t
+.EE
+
-+- Set files with the vlock_exec_t type, if you want to transition an executable to the vlock_t domain.
++- Set files with the wine_exec_t type, if you want to transition an executable to the wine_t domain.
++
++.br
++.TP 5
++Paths:
++/opt/google/picasa(/.*)?/bin/msiexec, /usr/bin/regedit, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/regedit, /usr/bin/regsvr32, /opt/google/picasa(/.*)?/bin/regsvr32, /usr/bin/uninstaller, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/google/picasa(/.*)?/bin/wdi, /usr/bin/msiexec, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/teamviewer(/.*)?/bin/wine.*, /usr/bin/wine.*, /opt/google/picasa(/.*)?/bin/progman, /opt/picasa/wine/bin/wine.*, /usr/bin/notepad, /opt/cxoffice/bin/wine.*
++
++.EX
++.PP
++.B wine_tmp_t
++.EE
++
++- Set files with the wine_tmp_t type, if you want to store wine temporary files in the /tmp directories.
+
+
+.PP
@@ -58082,18 +94120,26 @@ index 0000000..3db3dd5
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vlock policy is very flexible allowing users to setup their vlock processes in as secure a method as possible.
++SELinux wine policy is very flexible allowing users to setup their wine processes in as secure a method as possible.
+.PP
-+The following process types are defined for vlock:
++The following process types are defined for wine:
+
+.EX
-+.B vlock_t
++.B wine_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type wine_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B wine_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -58104,144 +94150,91 @@ index 0000000..3db3dd5
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vmware_selinux.8 b/man/man8/vmware_selinux.8
++selinux(8), wine(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/wireshark_selinux.8 b/man/man8/wireshark_selinux.8
new file mode 100644
-index 0000000..ab1f549
+index 0000000..a546865
--- /dev/null
-+++ b/man/man8/vmware_selinux.8
-@@ -0,0 +1,169 @@
-+.TH "vmware_selinux" "8" "vmware" "dwalsh at redhat.com" "vmware SELinux Policy documentation"
++++ b/man/man8/wireshark_selinux.8
+@@ -0,0 +1,151 @@
++.TH "wireshark_selinux" "8" "wireshark" "dwalsh at redhat.com" "wireshark SELinux Policy documentation"
+.SH "NAME"
-+vmware_selinux \- Security Enhanced Linux Policy for the vmware processes
++wireshark_selinux \- Security Enhanced Linux Policy for the wireshark processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vmware processes via flexible mandatory access
++Security-Enhanced Linux secures the wireshark processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux vmware policy is very flexible allowing users to setup their vmware processes in as secure a method as possible.
-+.PP
-+The following file types are defined for vmware:
-+
-+
-+.EX
-+.PP
-+.B vmware_conf_t
-+.EE
-+
-+- Set files with the vmware_conf_t type, if you want to treat the files as vmware configuration data, usually stored under the /etc directory.
-+
-+
-+.EX
+.PP
-+.B vmware_exec_t
-+.EE
-+
-+- Set files with the vmware_exec_t type, if you want to transition an executable to the vmware_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/vmware-serverd, /usr/lib/vmware/bin/vmware-mks, /usr/lib/vmware/bin/vmplayer, /usr/bin/vmware-ping, /usr/lib/vmware/bin/vmware-ui, /usr/bin/vmware-wizard, /usr/bin/vmware
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the wireshark_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B vmware_file_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the vmware_file_t type, if you want to treat the files as vmware content.
-+
-+
-+.EX
+.PP
-+.B vmware_host_exec_t
-+.EE
-+
-+- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/lib/vmware/bin/vmware-vmx, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*
++If you want to allow confined applications to run with kerberos for the wireshark_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B vmware_host_pid_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the vmware_host_pid_t type, if you want to store the vmware host files under the /run directory.
-+
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B vmware_host_tmp_t
-+.EE
-+
-+- Set files with the vmware_host_tmp_t type, if you want to store vmware host temporary files in the /tmp directories.
-+
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B vmware_log_t
-+.EE
-+
-+- Set files with the vmware_log_t type, if you want to treat the data as vmware log data, usually stored under the /var/log directory.
++Policy governs the access confined processes have to these files.
++SELinux wireshark policy is very flexible allowing users to setup their wireshark processes in as secure a method as possible.
++.PP
++The following file types are defined for wireshark:
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/vmware.*, /var/log/vnetlib.*
+
+.EX
+.PP
-+.B vmware_pid_t
++.B wireshark_exec_t
+.EE
+
-+- Set files with the vmware_pid_t type, if you want to store the vmware files under the /run directory.
++- Set files with the wireshark_exec_t type, if you want to transition an executable to the wireshark_t domain.
+
+
+.EX
+.PP
-+.B vmware_sys_conf_t
++.B wireshark_home_t
+.EE
+
-+- Set files with the vmware_sys_conf_t type, if you want to treat the files as vmware sys configuration data, usually stored under the /etc directory.
++- Set files with the wireshark_home_t type, if you want to store wireshark files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/vmware/config, /etc/vmware.*(/.*)?
+
+.EX
+.PP
-+.B vmware_tmp_t
++.B wireshark_tmp_t
+.EE
+
-+- Set files with the vmware_tmp_t type, if you want to store vmware temporary files in the /tmp directories.
++- Set files with the wireshark_tmp_t type, if you want to store wireshark temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B vmware_tmpfs_t
++.B wireshark_tmpfs_t
+.EE
+
-+- Set files with the vmware_tmpfs_t type, if you want to store vmware files on a tmpfs file system.
++- Set files with the wireshark_tmpfs_t type, if you want to store wireshark files on a tmpfs file system.
+
+
+.PP
@@ -58257,18 +94250,58 @@ index 0000000..ab1f549
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vmware policy is very flexible allowing users to setup their vmware processes in as secure a method as possible.
++SELinux wireshark policy is very flexible allowing users to setup their wireshark processes in as secure a method as possible.
+.PP
-+The following process types are defined for vmware:
++The following process types are defined for wireshark:
+
+.EX
-+.B vmware_t, vmware_host_t
++.B wireshark_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type wireshark_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.br
++.B wireshark_home_t
++
++ /home/[^/]*/\.wireshark(/.*)?
++.br
++
++.br
++.B wireshark_tmp_t
++
++
++.br
++.B wireshark_tmpfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -58284,22 +94317,22 @@ index 0000000..ab1f549
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vnstat_selinux.8 b/man/man8/vnstat_selinux.8
++selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/wpa_cli_selinux.8 b/man/man8/wpa_cli_selinux.8
new file mode 100644
-index 0000000..90431d7
+index 0000000..48ec260
--- /dev/null
-+++ b/man/man8/vnstat_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "vnstat_selinux" "8" "vnstat" "dwalsh at redhat.com" "vnstat SELinux Policy documentation"
++++ b/man/man8/wpa_cli_selinux.8
+@@ -0,0 +1,81 @@
++.TH "wpa_cli_selinux" "8" "wpa_cli" "dwalsh at redhat.com" "wpa_cli SELinux Policy documentation"
+.SH "NAME"
-+vnstat_selinux \- Security Enhanced Linux Policy for the vnstat processes
++wpa_cli_selinux \- Security Enhanced Linux Policy for the wpa_cli processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vnstat processes via flexible mandatory access
++Security-Enhanced Linux secures the wpa_cli processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -58310,42 +94343,22 @@ index 0000000..90431d7
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vnstat policy is very flexible allowing users to setup their vnstat processes in as secure a method as possible.
++SELinux wpa_cli policy is very flexible allowing users to setup their wpa_cli processes in as secure a method as possible.
+.PP
-+The following file types are defined for vnstat:
-+
-+
-+.EX
-+.PP
-+.B vnstat_exec_t
-+.EE
-+
-+- Set files with the vnstat_exec_t type, if you want to transition an executable to the vnstat_t domain.
-+
-+
-+.EX
-+.PP
-+.B vnstatd_exec_t
-+.EE
-+
-+- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
-+
-+
-+.EX
-+.PP
-+.B vnstatd_var_lib_t
-+.EE
-+
-+- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
++The following file types are defined for wpa_cli:
+
+
+.EX
+.PP
-+.B vnstatd_var_run_t
++.B wpa_cli_exec_t
+.EE
+
-+- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
++- Set files with the wpa_cli_exec_t type, if you want to transition an executable to the wpa_cli_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/wpa_cli, /sbin/wpa_cli
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -58360,18 +94373,22 @@ index 0000000..90431d7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vnstat policy is very flexible allowing users to setup their vnstat processes in as secure a method as possible.
++SELinux wpa_cli policy is very flexible allowing users to setup their wpa_cli processes in as secure a method as possible.
+.PP
-+The following process types are defined for vnstat:
++The following process types are defined for wpa_cli:
+
+.EX
-+.B vnstat_t, vnstatd_t
++.B wpa_cli_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type wpa_cli_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -58387,59 +94404,81 @@ index 0000000..90431d7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8
++selinux(8), wpa_cli(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/xauth_selinux.8 b/man/man8/xauth_selinux.8
new file mode 100644
-index 0000000..7fdefeb
+index 0000000..db32c31
--- /dev/null
-+++ b/man/man8/vnstatd_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh at redhat.com" "vnstatd SELinux Policy documentation"
++++ b/man/man8/xauth_selinux.8
+@@ -0,0 +1,201 @@
++.TH "xauth_selinux" "8" "xauth" "dwalsh at redhat.com" "xauth SELinux Policy documentation"
+.SH "NAME"
-+vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes
++xauth_selinux \- Security Enhanced Linux Policy for the xauth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vnstatd processes via flexible mandatory access
++Security-Enhanced Linux secures the xauth processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xauth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the xauth_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
++SELinux xauth policy is very flexible allowing users to setup their xauth processes in as secure a method as possible.
+.PP
-+The following file types are defined for vnstatd:
++The following file types are defined for xauth:
+
+
+.EX
+.PP
-+.B vnstatd_exec_t
++.B xauth_exec_t
+.EE
+
-+- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
++- Set files with the xauth_exec_t type, if you want to transition an executable to the xauth_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/bin/xauth, /usr/X11R6/bin/xauth
+
+.EX
+.PP
-+.B vnstatd_var_lib_t
++.B xauth_home_t
+.EE
+
-+- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
++- Set files with the xauth_home_t type, if you want to store xauth files in the users home directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/nxserver/home/\.Xauthority.*, /var/lib/nxserver/home/\.xauth.*, /root/\.Xauth.*, /root/\.Xauthority.*, /root/\.serverauth.*, /var/lib/pqsql/\.Xauthority.*, /root/\.xauth.*, /var/lib/pqsql/\.xauth.*
+
+.EX
+.PP
-+.B vnstatd_var_run_t
++.B xauth_tmp_t
+.EE
+
-+- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
++- Set files with the xauth_tmp_t type, if you want to store xauth temporary files in the /tmp directories.
+
+
+.PP
@@ -58455,18 +94494,108 @@ index 0000000..7fdefeb
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
++SELinux xauth policy is very flexible allowing users to setup their xauth processes in as secure a method as possible.
+.PP
-+The following process types are defined for vnstatd:
++The following process types are defined for xauth:
+
+.EX
-+.B vnstat_t, vnstatd_t
++.B xauth_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type xauth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B user_home_t
++
++ /home/[^/]*/.+
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++
++.br
++.B xauth_home_t
++
++ /root/\.xauth.*
++.br
++ /root/\.Xauth.*
++.br
++ /root/\.serverauth.*
++.br
++ /root/\.Xauthority.*
++.br
++ /var/lib/pqsql/\.xauth.*
++.br
++ /var/lib/pqsql/\.Xauthority.*
++.br
++ /var/lib/nxserver/home/\.xauth.*
++.br
++ /var/lib/nxserver/home/\.Xauthority.*
++.br
++ /home/[^/]*/\.xauth.*
++.br
++ /home/[^/]*/\.Xauth.*
++.br
++ /home/[^/]*/\.serverauth.*
++.br
++ /home/[^/]*/\.Xauthority.*
++.br
++
++.br
++.B xauth_tmp_t
++
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.br
++.B xdm_var_run_t
++
++ /etc/kde[34]?/kdm/backgroundrc
++.br
++ /var/run/[gx]dm\.pid
++.br
++ /var/run/[kgm]dm(/.*)?
++.br
++ /usr/lib/qt-.*/etc/settings(/.*)?
++.br
++ /var/run/slim.*
++.br
++ /var/run/lxdm(/.*)?
++.br
++ /var/run/slim(/.*)?
++.br
++ /var/run/xauth(/.*)?
++.br
++ /var/run/xdmctl(/.*)?
++.br
++ /var/run/lightdm(/.*)?
++.br
++ /var/run/systemd/multi-session-x(/.*)?
++.br
++ /var/run/lxdm\.pid
++.br
++ /var/run/lxdm\.auth
++.br
++ /var/run/gdm_socket
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -58482,78 +94611,196 @@ index 0000000..7fdefeb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8
++selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/xdm_selinux.8 b/man/man8/xdm_selinux.8
new file mode 100644
-index 0000000..3c115fb
+index 0000000..b9c7f31
--- /dev/null
-+++ b/man/man8/vpnc_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "vpnc_selinux" "8" "vpnc" "dwalsh at redhat.com" "vpnc SELinux Policy documentation"
++++ b/man/man8/xdm_selinux.8
+@@ -0,0 +1,707 @@
++.TH "xdm_selinux" "8" "xdm" "dwalsh at redhat.com" "xdm SELinux Policy documentation"
+.SH "NAME"
-+vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes
++xdm_selinux \- Security Enhanced Linux Policy for the xdm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vpnc processes via flexible mandatory access
++Security-Enhanced Linux secures the xdm processes via flexible mandatory access
+control.
+
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. xdm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xdm with the tightest access possible.
++
++
++.PP
++If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
++
++.EX
++.B setsebool -P xdm_sysadm_login 1
++.EE
++
++.PP
++If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
++
++.EX
++.B setsebool -P xdm_exec_bootloader 1
++.EE
++
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the vpnc_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xdm_dbusd_t, xdm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the vpnc_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the xdm_dbusd_t, xdm_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
++.PP
++The following file types are defined for xdm:
++
++
++.EX
++.PP
++.B xdm_etc_t
++.EE
++
++- Set files with the xdm_etc_t type, if you want to store xdm files in the /etc directories.
++
++
++.EX
++.PP
++.B xdm_exec_t
++.EE
++
++- Set files with the xdm_exec_t type, if you want to transition an executable to the xdm_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/bin/slim, /usr/(s)?bin/lightdm*, /usr/(s)?bin/[mxgkw]dm, /usr/sbin/mdm-binary, /usr/(s)?bin/lxdm(-binary)?, /usr/X11R6/bin/[xgkw]dm, /usr/(s)?bin/gdm-binary, /usr/bin/gpe-dm, /opt/kde3/bin/kdm
++
++.EX
++.PP
++.B xdm_home_t
++.EE
++
++- Set files with the xdm_home_t type, if you want to store xdm files in the users home directory.
++
++.br
++.TP 5
++Paths:
++/root/\.xsession-errors.*, /root/\.dmrc.*
++
++.EX
++.PP
++.B xdm_lock_t
++.EE
++
++- Set files with the xdm_lock_t type, if you want to treat the files as xdm lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B xdm_log_t
++.EE
++
++- Set files with the xdm_log_t type, if you want to treat the data as xdm log data, usually stored under the /var/log directory.
++
++.br
++.TP 5
++Paths:
++/var/log/slim\.log, /var/log/lxdm\.log.*, /var/log/[mg]dm(/.*)?, /var/log/[mkwx]dm\.log.*
++
++.EX
++.PP
++.B xdm_rw_etc_t
++.EE
++
++- Set files with the xdm_rw_etc_t type, if you want to store xdm rw files in the /etc directories.
++
++.br
++.TP 5
++Paths:
++/etc/opt/VirtualGL(/.*)?, /etc/X11/wdm(/.*)?
++
++.EX
++.PP
++.B xdm_spool_t
++.EE
++
++- Set files with the xdm_spool_t type, if you want to store the xdm files under the /var/spool directory.
++
++
++.EX
++.PP
++.B xdm_tmp_t
++.EE
++
++- Set files with the xdm_tmp_t type, if you want to store xdm temporary files in the /tmp directories.
++
++.br
++.TP 5
++Paths:
++/tmp/\.X0-lock, /tmp/\.X11-unix(/.*)?, /tmp/\.ICE-unix(/.*)?
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B xdm_tmpfs_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
-+.PP
-+The following file types are defined for vpnc:
++- Set files with the xdm_tmpfs_t type, if you want to store xdm files on a tmpfs file system.
+
+
+.EX
+.PP
-+.B vpnc_exec_t
++.B xdm_unconfined_exec_t
+.EE
+
-+- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain.
++- Set files with the xdm_unconfined_exec_t type, if you want to transition an executable to the xdm_unconfined_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
++/etc/[mg]dm/Init(/.*)?, /etc/[mg]dm/PreSession(/.*)?, /etc/[mg]dm/PostLogin(/.*)?, /etc/[mg]dm/PostSession(/.*)?
+
+.EX
+.PP
-+.B vpnc_tmp_t
++.B xdm_var_lib_t
+.EE
+
-+- Set files with the vpnc_tmp_t type, if you want to store vpnc temporary files in the /tmp directories.
++- Set files with the xdm_var_lib_t type, if you want to store the xdm files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/lightdm(/.*)?, /var/cache/lightdm(/.*)?, /var/lib/[mxkwg]dm(/.*)?, /var/lib/lxdm(/.*)?, /var/cache/[mg]dm(/.*)?
+
+.EX
+.PP
-+.B vpnc_var_run_t
++.B xdm_var_run_t
+.EE
+
-+- Set files with the vpnc_var_run_t type, if you want to store the vpnc files under the /run directory.
++- Set files with the xdm_var_run_t type, if you want to store the xdm files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/etc/kde[34]?/kdm/backgroundrc, /var/run/slim.*, /var/run/lxdm(/.*)?, /usr/lib/qt-.*/etc/settings(/.*)?, /var/run/lxdm\.auth, /var/run/systemd/multi-session-x(/.*)?, /var/run/xauth(/.*)?, /var/run/xdmctl(/.*)?, /var/run/[gx]dm\.pid, /var/run/[kgm]dm(/.*)?, /var/run/slim(/.*)?, /var/run/gdm_socket, /var/run/lxdm\.pid, /var/run/lightdm(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -58562,314 +94809,567 @@ index 0000000..3c115fb
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
++.PP
++The following port types are defined for xdm:
++
++.EX
++.TP 5
++.B xdmcp_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 177
++.EE
++udp 177
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
++SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
+.PP
-+The following process types are defined for vpnc:
++The following process types are defined for xdm:
+
+.EX
-+.B vpnc_t
++.B xdm_t, xdm_dbusd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++The SELinux user type xdm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B anon_inodefs_t
+
-+.SH "SEE ALSO"
-+selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8
-new file mode 100644
-index 0000000..3ad930d
---- /dev/null
-+++ b/man/man8/wdmd_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "wdmd_selinux" "8" "wdmd" "dwalsh at redhat.com" "wdmd SELinux Policy documentation"
-+.SH "NAME"
-+wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wdmd processes via flexible mandatory access
-+control.
++.br
++.B auth_cache_t
+
-+.SH NSSWITCH DOMAIN
++ /var/cache/coolkey(/.*)?
++.br
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the wdmd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.B auth_home_t
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++ /root/\.google_authenticator
++.br
++ /root/\.google_authenticator~
++.br
++ /home/[^/]*/\.google_authenticator
++.br
++ /home/[^/]*/\.google_authenticator~
++.br
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the wdmd_t, you must turn on the kerberos_enabled boolean.
++.br
++.B cgroup_t
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for wdmd:
++.br
++.B etc_runtime_t
+
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
+
-+.EX
-+.PP
-+.B wdmd_exec_t
-+.EE
++.br
++.B faillog_t
+
-+- Set files with the wdmd_exec_t type, if you want to transition an executable to the wdmd_t domain.
++ /var/log/btmp.*
++.br
++ /var/run/faillock(/.*)?
++.br
++ /var/log/faillog
++.br
++ /var/log/tallylog
++.br
+
++.br
++.B fonts_cache_t
+
-+.EX
-+.PP
-+.B wdmd_initrc_exec_t
-+.EE
++ /var/cache/fontconfig(/.*)?
++.br
+
-+- Set files with the wdmd_initrc_exec_t type, if you want to transition an executable to the wdmd_initrc_t domain.
++.br
++.B gconf_home_t
+
++ /root/\.local.*
++.br
++ /root/\.gconf(d)?(/.*)?
++.br
++ /home/[^/]*/\.local.*
++.br
++ /home/[^/]*/\.gconf(d)?(/.*)?
++.br
+
-+.EX
-+.PP
-+.B wdmd_var_run_t
-+.EE
++.br
++.B gnome_home_type
+
-+- Set files with the wdmd_var_run_t type, if you want to store the wdmd files under the /run directory.
+
++.br
++.B initrc_var_run_t
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++ /var/run/utmp
++.br
++ /var/run/random-seed
++.br
++ /var/run/runlevel\.dir
++.br
++ /var/run/setmixer_flag
++.br
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for wdmd:
++.br
++.B krb5_host_rcache_t
+
-+.EX
-+.B wdmd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.br
++.B lastlog_t
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++ /var/log/lastlog
++.br
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B locale_t
+
-+.SH "SEE ALSO"
-+selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/webadm_selinux.8 b/man/man8/webadm_selinux.8
-new file mode 100644
-index 0000000..072a0c0
---- /dev/null
-+++ b/man/man8/webadm_selinux.8
-@@ -0,0 +1,65 @@
-+.TH "webadm_selinux" "8" "webadm" "mgrepl at redhat.com" "webadm SELinux Policy documentation"
-+.SH "NAME"
-+webadm_r \- \fBWeb administrator role\fP - Security Enhanced Linux Policy
++ /etc/locale.conf
++.br
++ /usr/lib/locale(/.*)?
++.br
++ /usr/share/locale(/.*)?
++.br
++ /usr/share/zoneinfo(/.*)?
++.br
++ /usr/share/X11/locale(/.*)?
++.br
++ /etc/timezone
++.br
++ /etc/localtime
++.br
++ /etc/sysconfig/clock
++.br
++ /etc/avahi/etc/localtime
++.br
++ /var/empty/sshd/etc/localtime
++.br
++ /var/spool/postfix/etc/localtime
++.br
+
-+.SH DESCRIPTION
++.br
++.B pam_var_console_t
+
-+SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++ /var/run/console(/.*)?
++.br
+
-+Note: The examples in the man page will user the staff_u user.
++.br
++.B pam_var_run_t
+
-+Non login roles are usually used for administrative tasks.
++ /var/(db|lib|adm)/sudo(/.*)?
++.br
++ /var/run/sudo(/.*)?
++.br
++ /var/run/sepermit(/.*)?
++.br
++ /var/run/pam_mount(/.*)?
++.br
+
-+Roles usually have default types assigned to them.
++.br
++.B pcscd_var_run_t
+
-+The default type for the webadm_r role is webadm_t.
++ /var/run/pcscd(/.*)?
++.br
++ /var/run/pcscd\.events(/.*)?
++.br
++ /var/run/pcscd\.pid
++.br
++ /var/run/pcscd\.pub
++.br
++ /var/run/pcscd\.comm
++.br
+
-+You can use the
-+.B newrole
-+program to transition directly to this role.
++.br
++.B security_t
+
-+.B newrole -r webadm_r -t webadm_t
++ /selinux
++.br
+
-+.B sudo
-+can also be setup to transition to this role using the visudo command.
++.br
++.B sysfs_t
+
-+USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
++ /sys(/.*)?
+.br
-+sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
+
-+If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++.br
++.B systemd_passwd_var_run_t
+
-+You can see all of the assigned SELinux roles using the following
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
+
-+.B semanage user -l
++.br
++.B user_fonts_t
+
-+If you wanted to add webadm_r to the staff_u user, you would execute:
++ /root/\.fonts(/.*)?
++.br
++ /tmp/\.font-unix(/.*)?
++.br
++ /home/[^/]*/\.fonts(/.*)?
++.br
+
-+.B $ semanage user -m -R 'staff_r webadm_r' staff_u
++.br
++.B user_tmp_t
+
++ /var/run/user(/.*)?
++.br
+
++.br
++.B user_tmpfs_type
+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
++ all user content in tmpfs file systems
++.br
+
-+.B sesearch --role_allow
++.br
++.B var_auth_t
+
-+SELinux policy allows the staff_r role can transition to the webadm_r role.
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
++.br
+
++.br
++.B wtmp_t
+
-+.SH "COMMANDS"
++ /var/log/wtmp.*
++.br
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
++.br
++.B xauth_home_t
+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++ /root/\.xauth.*
++.br
++ /root/\.Xauth.*
++.br
++ /root/\.serverauth.*
++.br
++ /root/\.Xauthority.*
++.br
++ /var/lib/pqsql/\.xauth.*
++.br
++ /var/lib/pqsql/\.Xauthority.*
++.br
++ /var/lib/nxserver/home/\.xauth.*
++.br
++ /var/lib/nxserver/home/\.Xauthority.*
++.br
++ /home/[^/]*/\.xauth.*
++.br
++ /home/[^/]*/\.Xauth.*
++.br
++ /home/[^/]*/\.serverauth.*
++.br
++ /home/[^/]*/\.Xauthority.*
++.br
+
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++.br
++.B xdm_home_t
+
-+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++ /root/\.dmrc.*
++.br
++ /root/\.xsession-errors.*
++.br
++ /home/[^/]*/\.dmrc.*
++.br
++ /home/[^/]*/\.cache/gdm(/.*)?
++.br
++ /home/[^/]*/\.xsession-errors.*
++.br
+
-+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/webalizer_selinux.8 b/man/man8/webalizer_selinux.8
-new file mode 100644
-index 0000000..67e4921
---- /dev/null
-+++ b/man/man8/webalizer_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "webalizer_selinux" "8" "webalizer" "dwalsh at redhat.com" "webalizer SELinux Policy documentation"
-+.SH "NAME"
-+webalizer_selinux \- Security Enhanced Linux Policy for the webalizer processes
-+.SH "DESCRIPTION"
++.br
++.B xdm_lock_t
+
-+Security-Enhanced Linux secures the webalizer processes via flexible mandatory access
-+control.
+
-+.SH NSSWITCH DOMAIN
++.br
++.B xdm_log_t
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the webalizer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++ /var/log/[mg]dm(/.*)?
++.br
++ /var/log/[mkwx]dm\.log.*
++.br
++ /var/log/lxdm\.log.*
++.br
++ /var/log/slim\.log
++.br
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
++.br
++.B xdm_rw_etc_t
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the webalizer_t, you must turn on the kerberos_enabled boolean.
++ /etc/X11/wdm(/.*)?
++.br
++ /etc/opt/VirtualGL(/.*)?
++.br
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
++.br
++.B xdm_spool_t
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux webalizer policy is very flexible allowing users to setup their webalizer processes in as secure a method as possible.
-+.PP
-+The following file types are defined for webalizer:
++ /var/spool/[mg]dm(/.*)?
++.br
+
++.br
++.B xdm_tmp_t
+
-+.EX
-+.PP
-+.B webalizer_etc_t
-+.EE
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
+
-+- Set files with the webalizer_etc_t type, if you want to store webalizer files in the /etc directories.
++.br
++.B xdm_tmpfs_t
+
+
-+.EX
-+.PP
-+.B webalizer_exec_t
-+.EE
++.br
++.B xdm_var_lib_t
+
-+- Set files with the webalizer_exec_t type, if you want to transition an executable to the webalizer_t domain.
++ /var/lib/[mxkwg]dm(/.*)?
++.br
++ /var/cache/[mg]dm(/.*)?
++.br
++ /var/lib/lxdm(/.*)?
++.br
++ /var/lib/lightdm(/.*)?
++.br
++ /var/cache/lightdm(/.*)?
++.br
+
+.br
-+.TP 5
-+Paths:
-+/usr/bin/webalizer, /usr/bin/awffull
++.B xdm_var_run_t
+
-+.EX
++ /etc/kde[34]?/kdm/backgroundrc
++.br
++ /var/run/[gx]dm\.pid
++.br
++ /var/run/[kgm]dm(/.*)?
++.br
++ /usr/lib/qt-.*/etc/settings(/.*)?
++.br
++ /var/run/slim.*
++.br
++ /var/run/lxdm(/.*)?
++.br
++ /var/run/slim(/.*)?
++.br
++ /var/run/xauth(/.*)?
++.br
++ /var/run/xdmctl(/.*)?
++.br
++ /var/run/lightdm(/.*)?
++.br
++ /var/run/systemd/multi-session-x(/.*)?
++.br
++ /var/run/lxdm\.pid
++.br
++ /var/run/lxdm\.auth
++.br
++ /var/run/gdm_socket
++.br
++
++.br
++.B xkb_var_lib_t
++
++ /var/lib/xkb(/.*)?
++.br
++ /usr/X11R6/lib/X11/xkb/.*
++.br
++ /usr/X11R6/lib/X11/xkb
++.br
++
++.br
++.B xserver_log_t
++
++ /var/[xgkw]dm(/.*)?
++.br
++ /usr/var/[xgkw]dm(/.*)?
++.br
++ /var/log/Xorg.*
++.br
++ /var/log/XFree86.*
++.br
++ /var/log/lightdm(/.*)?
++.br
++ /var/log/nvidia-installer\.log.*
++.br
++
++.br
++.B xserver_tmpfs_t
++
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B webalizer_tmp_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the webalizer_tmp_t type, if you want to store webalizer temporary files in the /tmp directories.
++.B semanage port
++can also be used to manipulate the port definitions
+
++.B semanage boolean
++can also be used to manipulate the booleans
+
-+.EX
+.PP
-+.B webalizer_usage_t
-+.EE
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
-+- Set files with the webalizer_usage_t type, if you want to treat the files as webalizer usage data.
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), xdm(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/xenconsoled_selinux.8 b/man/man8/xenconsoled_selinux.8
+new file mode 100644
+index 0000000..e29e011
+--- /dev/null
++++ b/man/man8/xenconsoled_selinux.8
+@@ -0,0 +1,113 @@
++.TH "xenconsoled_selinux" "8" "xenconsoled" "dwalsh at redhat.com" "xenconsoled SELinux Policy documentation"
++.SH "NAME"
++xenconsoled_selinux \- Security Enhanced Linux Policy for the xenconsoled processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the xenconsoled processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux xenconsoled policy is very flexible allowing users to setup their xenconsoled processes in as secure a method as possible.
++.PP
++The following file types are defined for xenconsoled:
+
+
+.EX
+.PP
-+.B webalizer_var_lib_t
++.B xenconsoled_exec_t
+.EE
+
-+- Set files with the webalizer_var_lib_t type, if you want to store the webalizer files under the /var/lib directory.
++- Set files with the xenconsoled_exec_t type, if you want to transition an executable to the xenconsoled_t domain.
+
+
+.EX
+.PP
-+.B webalizer_write_t
++.B xenconsoled_var_run_t
+.EE
+
-+- Set files with the webalizer_write_t type, if you want to treat the files as webalizer read/write content.
++- Set files with the xenconsoled_var_run_t type, if you want to store the xenconsoled files under the /run directory.
+
+
+.PP
@@ -58885,18 +95385,50 @@ index 0000000..67e4921
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux webalizer policy is very flexible allowing users to setup their webalizer processes in as secure a method as possible.
++SELinux xenconsoled policy is very flexible allowing users to setup their xenconsoled processes in as secure a method as possible.
+.PP
-+The following process types are defined for webalizer:
++The following process types are defined for xenconsoled:
+
+.EX
-+.B webalizer_t
++.B xenconsoled_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type xenconsoled_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B xenconsoled_var_run_t
++
++ /var/run/xenconsoled\.pid
++.br
++
++.br
++.B xend_var_log_t
++
++ /var/log/xen(/.*)?
++.br
++ /var/log/xend\.log.*
++.br
++ /var/log/xend-debug\.log.*
++.br
++ /var/log/xen-hotplug\.log.*
++.br
++
++.br
++.B xenfs_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -58912,97 +95444,113 @@ index 0000000..67e4921
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/winbind_selinux.8 b/man/man8/winbind_selinux.8
-new file mode 100644
-index 0000000..663ec66
---- /dev/null
-+++ b/man/man8/winbind_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "winbind_selinux" "8" "winbind" "dwalsh at redhat.com" "winbind SELinux Policy documentation"
++selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/xend_selinux.8 b/man/man8/xend_selinux.8
+new file mode 100644
+index 0000000..cc7f6c6
+--- /dev/null
++++ b/man/man8/xend_selinux.8
+@@ -0,0 +1,308 @@
++.TH "xend_selinux" "8" "xend" "dwalsh at redhat.com" "xend SELinux Policy documentation"
+.SH "NAME"
-+winbind_selinux \- Security Enhanced Linux Policy for the winbind processes
++xend_selinux \- Security Enhanced Linux Policy for the xend processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the winbind processes via flexible mandatory access
++Security-Enhanced Linux secures the xend processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. winbind policy is extremely flexible and has several booleans that allow you to manipulate the policy and run winbind with the tightest access possible.
++SELinux policy is customizable based on least access required. xend policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xend with the tightest access possible.
+
+
+.PP
-+If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
+
+.EX
-+.B setsebool -P httpd_mod_auth_ntlm_winbind 1
++.B setsebool -P xen_use_nfs 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the winbind_helper_t, winbind_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow xend to run qemu-dm. Not required if using paravirt and no vfb, you must turn on the xend_run_qemu boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P xend_run_qemu 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the winbind_helper_t, winbind_t, you must turn on the kerberos_enabled boolean.
++If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P xend_run_blktap 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux winbind policy is very flexible allowing users to setup their winbind processes in as secure a method as possible.
++SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
+.PP
-+The following file types are defined for winbind:
++The following file types are defined for xend:
+
+
+.EX
+.PP
-+.B winbind_exec_t
++.B xend_exec_t
+.EE
+
-+- Set files with the winbind_exec_t type, if you want to transition an executable to the winbind_t domain.
++- Set files with the xend_exec_t type, if you want to transition an executable to the xend_t domain.
+
+
+.EX
+.PP
-+.B winbind_helper_exec_t
++.B xend_tmp_t
+.EE
+
-+- Set files with the winbind_helper_exec_t type, if you want to transition an executable to the winbind_helper_t domain.
++- Set files with the xend_tmp_t type, if you want to store xend temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B winbind_log_t
++.B xend_var_lib_t
+.EE
+
-+- Set files with the winbind_log_t type, if you want to treat the data as winbind log data, usually stored under the /var/log directory.
++- Set files with the xend_var_lib_t type, if you want to store the xend files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/xen(/.*)?, /var/lib/xend(/.*)?
+
+.EX
+.PP
-+.B winbind_var_run_t
++.B xend_var_log_t
+.EE
+
-+- Set files with the winbind_var_run_t type, if you want to store the winbind files under the /run directory.
++- Set files with the xend_var_log_t type, if you want to treat the data as xend var log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/var/cache/samba/winbindd_privileged(/.*)?, /var/lib/samba/winbindd_privileged(/.*)?, /var/run/winbindd(/.*)?, /var/run/samba/winbindd(/.*)?
++/var/log/xen-hotplug\.log.*, /var/log/xen(/.*)?, /var/log/xend-debug\.log.*, /var/log/xend\.log.*
++
++.EX
++.PP
++.B xend_var_run_t
++.EE
++
++- Set files with the xend_var_run_t type, if you want to store the xend files under the /run directory.
++
++.br
++.TP 5
++Paths:
++/var/run/xenner(/.*)?, /var/run/xend(/.*)?, /var/run/xend\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59011,24 +95559,183 @@ index 0000000..663ec66
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
++.PP
++The following port types are defined for xend:
++
++.EX
++.TP 5
++.B xen_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 8002
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux winbind policy is very flexible allowing users to setup their winbind processes in as secure a method as possible.
++SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
+.PP
-+The following process types are defined for winbind:
++The following process types are defined for xend:
+
+.EX
-+.B winbind_helper_t, winbind_t
++.B xend_t, xenstored_t, xenconsoled_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type xend_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B dhcp_etc_t
++
++ /etc/dhcpc.*
++.br
++ /etc/dhcp3(/.*)?
++.br
++ /etc/dhcpd(6)?\.conf
++.br
++ /etc/dhcp3?/dhclient.*
++.br
++ /etc/dhclient.*conf
++.br
++ /etc/dhcp/dhcpd(6)?\.conf
++.br
++ /etc/dhclient-script
++.br
++
++.br
++.B etc_runtime_t
++
++ /[^/]+
++.br
++ /etc/mtab.*
++.br
++ /etc/blkid(/.*)?
++.br
++ /etc/nologin.*
++.br
++ /etc/\.fstab\.hal\..+
++.br
++ /halt
++.br
++ /fastboot
++.br
++ /poweroff
++.br
++ /etc/cmtab
++.br
++ /forcefsck
++.br
++ /\.autofsck
++.br
++ /\.suspended
++.br
++ /fsckoptions
++.br
++ /\.autorelabel
++.br
++ /etc/securetty
++.br
++ /etc/nohotplug
++.br
++ /etc/killpower
++.br
++ /etc/ioctl\.save
++.br
++ /etc/fstab\.REVOKE
++.br
++ /etc/network/ifstate
++.br
++ /etc/sysconfig/hwconf
++.br
++ /etc/ptal/ptal-printd-like
++.br
++ /etc/sysconfig/iptables\.save
++.br
++ /etc/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++ /etc/X11/xorg\.conf\.d/00-system-setup-keyboard\.conf
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B xen_image_t
++
++ /xen(/.*)?
++.br
++ /var/lib/xen/images(/.*)?
++.br
++
++.br
++.B xend_tmp_t
++
++
++.br
++.B xend_var_lib_t
++
++ /var/lib/xen(/.*)?
++.br
++ /var/lib/xend(/.*)?
++.br
++
++.br
++.B xend_var_log_t
++
++ /var/log/xen(/.*)?
++.br
++ /var/log/xend\.log.*
++.br
++ /var/log/xend-debug\.log.*
++.br
++ /var/log/xen-hotplug\.log.*
++.br
++
++.br
++.B xend_var_run_t
++
++ /var/run/xend(/.*)?
++.br
++ /var/run/xenner(/.*)?
++.br
++ /var/run/xend\.pid
++.br
++
++.br
++.B xenfs_t
++
++
++.br
++.B xenstored_var_run_t
++
++ /var/run/xenstored(/.*)?
++.br
++ /var/run/xenstore\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -59039,6 +95746,9 @@ index 0000000..663ec66
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage port
++can also be used to manipulate the port definitions
++
+.B semanage boolean
+can also be used to manipulate the booleans
+
@@ -59047,37 +95757,26 @@ index 0000000..663ec66
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), winbind(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), xend(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), xenconsoled_selinux(8), xenstored_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/wine_selinux.8 b/man/man8/wine_selinux.8
+diff --git a/man/man8/xenstored_selinux.8 b/man/man8/xenstored_selinux.8
new file mode 100644
-index 0000000..10fe614
+index 0000000..bce5105
--- /dev/null
-+++ b/man/man8/wine_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "wine_selinux" "8" "wine" "dwalsh at redhat.com" "wine SELinux Policy documentation"
++++ b/man/man8/xenstored_selinux.8
+@@ -0,0 +1,139 @@
++.TH "xenstored_selinux" "8" "xenstored" "dwalsh at redhat.com" "xenstored SELinux Policy documentation"
+.SH "NAME"
-+wine_selinux \- Security Enhanced Linux Policy for the wine processes
++xenstored_selinux \- Security Enhanced Linux Policy for the xenstored processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wine processes via flexible mandatory access
++Security-Enhanced Linux secures the xenstored processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. wine policy is extremely flexible and has several booleans that allow you to manipulate the policy and run wine with the tightest access possible.
-+
-+
-+.PP
-+If you want to ignore wine mmap_zero errors, you must turn on the wine_mmap_zero_ignore boolean.
-+
-+.EX
-+.B setsebool -P wine_mmap_zero_ignore 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -59086,30 +95785,54 @@ index 0000000..10fe614
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux wine policy is very flexible allowing users to setup their wine processes in as secure a method as possible.
++SELinux xenstored policy is very flexible allowing users to setup their xenstored processes in as secure a method as possible.
+.PP
-+The following file types are defined for wine:
++The following file types are defined for xenstored:
+
+
+.EX
+.PP
-+.B wine_exec_t
++.B xenstored_exec_t
+.EE
+
-+- Set files with the wine_exec_t type, if you want to transition an executable to the wine_t domain.
++- Set files with the xenstored_exec_t type, if you want to transition an executable to the xenstored_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/opt/google/picasa(/.*)?/bin/msiexec, /usr/bin/regedit, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/regedit, /usr/bin/regsvr32, /usr/bin/uninstaller, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/google/picasa(/.*)?/bin/wdi, /opt/google/picasa(/.*)?/bin/regsvr32, /usr/bin/msiexec, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/teamviewer(/.*)?/bin/wine.*, /usr/bin/wine.*, /opt/google/picasa(/.*)?/bin/progman, /opt/picasa/wine/bin/wine.*, /usr/bin/notepad, /opt/cxoffice/bin/wine.*
+
+.EX
+.PP
-+.B wine_tmp_t
++.B xenstored_tmp_t
+.EE
+
-+- Set files with the wine_tmp_t type, if you want to store wine temporary files in the /tmp directories.
++- Set files with the xenstored_tmp_t type, if you want to store xenstored temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B xenstored_var_lib_t
++.EE
++
++- Set files with the xenstored_var_lib_t type, if you want to store the xenstored files under the /var/lib directory.
++
++
++.EX
++.PP
++.B xenstored_var_log_t
++.EE
++
++- Set files with the xenstored_var_log_t type, if you want to treat the data as xenstored var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B xenstored_var_run_t
++.EE
++
++- Set files with the xenstored_var_run_t type, if you want to store the xenstored files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/xenstore\.pid, /var/run/xenstored(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59124,18 +95847,48 @@ index 0000000..10fe614
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux wine policy is very flexible allowing users to setup their wine processes in as secure a method as possible.
++SELinux xenstored policy is very flexible allowing users to setup their xenstored processes in as secure a method as possible.
+.PP
-+The following process types are defined for wine:
++The following process types are defined for xenstored:
+
+.EX
-+.B wine_t
++.B xenstored_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type xenstored_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B xenfs_t
++
++
++.br
++.B xenstored_tmp_t
++
++
++.br
++.B xenstored_var_lib_t
++
++ /var/lib/xenstored(/.*)?
++.br
++
++.br
++.B xenstored_var_log_t
++
++
++.br
++.B xenstored_var_run_t
++
++ /var/run/xenstored(/.*)?
++.br
++ /var/run/xenstore\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -59146,117 +95899,283 @@ index 0000000..10fe614
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), wine(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/wireshark_selinux.8 b/man/man8/wireshark_selinux.8
++selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/xguest_selinux.8 b/man/man8/xguest_selinux.8
new file mode 100644
-index 0000000..c7544cc
+index 0000000..d038fd3
--- /dev/null
-+++ b/man/man8/wireshark_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "wireshark_selinux" "8" "wireshark" "dwalsh at redhat.com" "wireshark SELinux Policy documentation"
++++ b/man/man8/xguest_selinux.8
+@@ -0,0 +1,286 @@
++.TH "xguest_selinux" "8" "xguest" "mgrepl at redhat.com" "xguest SELinux Policy documentation"
+.SH "NAME"
-+wireshark_selinux \- Security Enhanced Linux Policy for the wireshark processes
-+.SH "DESCRIPTION"
++xguest_u \- \fBLeast privledge xwindows user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the wireshark processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
++
++\fBxguest_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBxguest_r\fP. The
++default role has a default type, \fBxguest_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B xguest_u:xguest_r:xguest_t:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the xguest_u user, you would execute:
++
++.B semanage login -m -s xguest_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user xguest, you would execute:
++
++.B $ semanage login -a -s xguest_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user xguest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++.SH X WINDOWS LOGIN
++
++The SELinux user xguest_u is able to X Windows login.
++
++.SH NETWORK
++
++.TP
++The SELinux user xguest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B pulseaudio_port_t: 4713
++
++.B flash_port_t: 843,1935
++
++.B soundd_port_t: 8000,9433,16001
++
++.B ipp_port_t: 631,8610-8614
++
++.B transproxy_port_t: 8081
++
++.B ocsp_port_t: 9080
++
++.B all ports with out defined types
++
++.B kerberos_port_t: 88,750,4444
++
++.B ftp_port_t: 21,990
++
++.B speech_port_t: 8036
++
++.B http_cache_port_t: 8080,8118,10001-10010
++
++.B http_port_t: 80,81,443,488,8008,8009,8443
++
++.B squid_port_t: 3128,3401,4827
++
++.TP
++The SELinux user xguest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B pulseaudio_port_t: 4713
++
++.B flash_port_t: 843,1935
++
++.B soundd_port_t: 8000,9433,16001
++
++.B ipp_port_t: 631,8610-8614
++
++.B transproxy_port_t: 8081
++
++.B ocsp_port_t: 9080
++
++.B all ports with out defined types
++
++.B kerberos_port_t: 88,750,4444
++
++.B ftp_port_t: 21,990
++
++.B speech_port_t: 8036
++
++.B http_cache_port_t: 8080,8118,10001-10010
++
++.B http_port_t: 80,81,443,488,8008,8009,8443
++
++.B squid_port_t: 3128,3401,4827
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. xguest policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xguest with the tightest access possible.
+
-+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the wireshark_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P xguest_connect_network 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the wireshark_t, you must turn on the kerberos_enabled boolean.
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P xguest_mount_media 1
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux wireshark policy is very flexible allowing users to setup their wireshark processes in as secure a method as possible.
-+.PP
-+The following file types are defined for wireshark:
-+
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
+
+.EX
-+.PP
-+.B wireshark_exec_t
++.B setsebool -P xguest_use_bluetooth 1
+.EE
+
-+- Set files with the wireshark_exec_t type, if you want to transition an executable to the wireshark_t domain.
++.SH HOME_EXEC
+
++The SELinux user xguest_u is able execute home content files.
+
-+.EX
-+.PP
-+.B wireshark_home_t
-+.EE
++.SH TRANSITIONS
+
-+- Set files with the wireshark_home_t type, if you want to store wireshark files in the users home directory.
++Three things can happen when xguest_t attempts to execute a program.
+
++\fB1.\fP SELinux Policy can deny xguest_t from executing the program.
+
-+.EX
-+.PP
-+.B wireshark_tmp_t
-+.EE
++.TP
+
-+- Set files with the wireshark_tmp_t type, if you want to store wireshark temporary files in the /tmp directories.
++\fB2.\fP SELinux Policy can allow xguest_t to execute the program in the current user type.
+
++Execute the following to see the types that the SELinux user xguest_t can execute without transitioning:
+
-+.EX
-+.PP
-+.B wireshark_tmpfs_t
-+.EE
++.B sesearch -A -s xguest_t -c file -p execute_no_trans
+
-+- Set files with the wireshark_tmpfs_t type, if you want to store wireshark files on a tmpfs file system.
++.TP
+
++\fB3.\fP SELinux can allow xguest_t to execute the program and transition to a new type.
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++Execute the following to see the types that the SELinux user xguest_t can execute and transition:
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux wireshark policy is very flexible allowing users to setup their wireshark processes in as secure a method as possible.
-+.PP
-+The following process types are defined for wireshark:
++.B $ sesearch -A -s xguest_t -c process -p transition
++
++
++.SH "MANAGED FILES"
++
++The SELinux user type xguest_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B anon_inodefs_t
++
++
++.br
++.B auth_cache_t
++
++ /var/cache/coolkey(/.*)?
++.br
++
++.br
++.B chrome_sandbox_tmpfs_t
++
++
++.br
++.B httpd_user_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.+)?
++.br
++
++.br
++.B httpd_user_htaccess_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/\.htaccess
++.br
++
++.br
++.B httpd_user_ra_content_t
++
++ /home/[^/]*/((www)|(web)|(public_html))(/.*)?/logs(/.*)?
++.br
++
++.br
++.B httpd_user_rw_content_t
++
++
++.br
++.B httpd_user_script_exec_t
++
++ /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?
++.br
++
++.br
++.B noxattrfs
++
++ all files on file systems which do not support extended attributes
++.br
++
++.br
++.B usbfs_t
++
++
++.br
++.B user_fonts_cache_t
++
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
++
++.br
++.B user_home_type
++
++ all user home files
++.br
++
++.br
++.B user_tmp_type
++
++ all user tmp files
++.br
++
++.br
++.B user_tmpfs_type
++
++ all user content in tmpfs file systems
++.br
+
-+.EX
-+.B wireshark_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
+
+.SH "COMMANDS"
+.B semanage fcontext
@@ -59268,126 +96187,80 @@ index 0000000..c7544cc
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
++.B semanage boolean
++can also be used to manipulate the booleans
++
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/wpa_selinux.8 b/man/man8/wpa_selinux.8
++selinux(8), xguest(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/xserver_selinux.8 b/man/man8/xserver_selinux.8
new file mode 100644
-index 0000000..2d45137
+index 0000000..92e14ca
--- /dev/null
-+++ b/man/man8/wpa_selinux.8
-@@ -0,0 +1,77 @@
-+.TH "wpa_selinux" "8" "wpa" "dwalsh at redhat.com" "wpa SELinux Policy documentation"
++++ b/man/man8/xserver_selinux.8
+@@ -0,0 +1,375 @@
++.TH "xserver_selinux" "8" "xserver" "dwalsh at redhat.com" "xserver SELinux Policy documentation"
+.SH "NAME"
-+wpa_selinux \- Security Enhanced Linux Policy for the wpa processes
++xserver_selinux \- Security Enhanced Linux Policy for the xserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wpa processes via flexible mandatory access
++Security-Enhanced Linux secures the xserver processes via flexible mandatory access
+control.
+
-+.SH NSSWITCH DOMAIN
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. xserver policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xserver with the tightest access possible.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux wpa policy is very flexible allowing users to setup their wpa processes in as secure a method as possible.
-+.PP
-+The following file types are defined for wpa:
+
++.PP
++If you want to support X userspace object manager, you must turn on the xserver_object_manager boolean.
+
+.EX
-+.PP
-+.B wpa_cli_exec_t
++.B setsebool -P xserver_object_manager 1
+.EE
+
-+- Set files with the wpa_cli_exec_t type, if you want to transition an executable to the wpa_cli_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/wpa_cli, /sbin/wpa_cli
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux wpa policy is very flexible allowing users to setup their wpa processes in as secure a method as possible.
-+.PP
-+The following process types are defined for wpa:
++If you want to allows XServer to execute writable memory, you must turn on the xserver_execmem boolean.
+
+.EX
-+.B wpa_cli_t
++.B setsebool -P xserver_execmem 1
+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
+
+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.EX
++.B setsebool -P virt_use_xserver 1
++.EE
+
-+.SH "SEE ALSO"
-+selinux(8), wpa(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/xauth_selinux.8 b/man/man8/xauth_selinux.8
-new file mode 100644
-index 0000000..cd01807
---- /dev/null
-+++ b/man/man8/xauth_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "xauth_selinux" "8" "xauth" "dwalsh at redhat.com" "xauth SELinux Policy documentation"
-+.SH "NAME"
-+xauth_selinux \- Security Enhanced Linux Policy for the xauth processes
-+.SH "DESCRIPTION"
++.PP
++If you want to allows clients to write to the X server shared memory segments, you must turn on the xserver_clients_write_xshm boolean.
+
-+Security-Enhanced Linux secures the xauth processes via flexible mandatory access
-+control.
++.EX
++.B setsebool -P xserver_clients_write_xshm 1
++.EE
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xauth_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xserver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the xauth_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the xserver_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -59396,42 +96269,62 @@ index 0000000..cd01807
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux xauth policy is very flexible allowing users to setup their xauth processes in as secure a method as possible.
++SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
+.PP
-+The following file types are defined for xauth:
++The following file types are defined for xserver:
+
+
+.EX
+.PP
-+.B xauth_exec_t
++.B xserver_exec_t
+.EE
+
-+- Set files with the xauth_exec_t type, if you want to transition an executable to the xauth_t domain.
++- Set files with the xserver_exec_t type, if you want to transition an executable to the xserver_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/xauth, /usr/X11R6/bin/xauth
++/usr/bin/Xair, /usr/X11R6/bin/XFree86, /etc/init\.d/xfree86-common, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/bin/Xephyr, /usr/bin/Xorg, /usr/X11R6/bin/Xwrapper, /usr/X11R6/bin/X
+
+.EX
+.PP
-+.B xauth_home_t
++.B xserver_log_t
+.EE
+
-+- Set files with the xauth_home_t type, if you want to store xauth files in the users home directory.
++- Set files with the xserver_log_t type, if you want to treat the data as xserver log data, usually stored under the /var/log directory.
+
+.br
+.TP 5
+Paths:
-+/var/lib/nxserver/home/\.xauth.*, /root/\.Xauth.*, /var/lib/nxserver/home/\.Xauthority.*, /root/\.Xauthority.*, /root/\.serverauth.*, /var/lib/pqsql/\.Xauthority.*, /root/\.xauth.*, /var/lib/pqsql/\.xauth.*
++/var/log/lightdm(/.*)?, /usr/var/[xgkw]dm(/.*)?, /var/log/nvidia-installer\.log.*, /var/[xgkw]dm(/.*)?, /var/log/XFree86.*, /var/log/Xorg.*
+
+.EX
+.PP
-+.B xauth_tmp_t
++.B xserver_tmpfs_t
+.EE
+
-+- Set files with the xauth_tmp_t type, if you want to store xauth temporary files in the /tmp directories.
++- Set files with the xserver_tmpfs_t type, if you want to store xserver files on a tmpfs file system.
++
++
++.EX
++.PP
++.B xserver_var_lib_t
++.EE
++
++- Set files with the xserver_var_lib_t type, if you want to store the xserver files under the /var/lib directory.
++
++
++.EX
++.PP
++.B xserver_var_run_t
++.EE
++
++- Set files with the xserver_var_run_t type, if you want to store the xserver files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/xorg(/.*)?, /var/run/video.rom
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59440,229 +96333,336 @@ index 0000000..cd01807
+.B restorecon
+to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
++.PP
++You can see the types associated with a port by using the following command:
++
++.B semanage port -l
++
++.PP
++Policy governs the access confined processes have to these ports.
++SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
++.PP
++The following port types are defined for xserver:
++
++.EX
++.TP 5
++.B xserver_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 6000-6020
++.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xauth policy is very flexible allowing users to setup their xauth processes in as secure a method as possible.
++SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
+.PP
-+The following process types are defined for xauth:
++The following process types are defined for xserver:
+
+.EX
-+.B xauth_t
++.B xserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules.
++.SH "MANAGED FILES"
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++The SELinux user type xserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++.br
++.B bluetooth_helper_tmpfs_t
+
-+.SH "SEE ALSO"
-+selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/xdm_selinux.8 b/man/man8/xdm_selinux.8
-new file mode 100644
-index 0000000..8fdf373
---- /dev/null
-+++ b/man/man8/xdm_selinux.8
-@@ -0,0 +1,257 @@
-+.TH "xdm_selinux" "8" "xdm" "dwalsh at redhat.com" "xdm SELinux Policy documentation"
-+.SH "NAME"
-+xdm_selinux \- Security Enhanced Linux Policy for the xdm processes
-+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xdm processes via flexible mandatory access
-+control.
++.br
++.B chrome_sandbox_tmpfs_t
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. xdm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xdm with the tightest access possible.
+
++.br
++.B consolekit_tmpfs_t
+
-+.PP
-+If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
+
-+.EX
-+.B setsebool -P xdm_sysadm_login 1
-+.EE
++.br
++.B games_tmpfs_t
+
-+.PP
-+If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
+
-+.EX
-+.B setsebool -P xdm_exec_bootloader 1
-+.EE
++.br
++.B gpg_pinentry_tmpfs_t
+
-+.SH NSSWITCH DOMAIN
+
-+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xdm_dbusd_t, xdm_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++.br
++.B mozilla_tmpfs_t
+
-+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
-+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the xdm_dbusd_t, xdm_t, you must turn on the kerberos_enabled boolean.
++.br
++.B mplayer_tmpfs_t
+
-+.EX
-+setsebool -P kerberos_enabled 1
-+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
-+.PP
-+The following file types are defined for xdm:
++.br
++.B mtrr_device_t
+
++ /dev/cpu/mtrr
++.br
+
-+.EX
-+.PP
-+.B xdm_etc_t
-+.EE
++.br
++.B pulseaudio_tmpfs_t
+
-+- Set files with the xdm_etc_t type, if you want to store xdm files in the /etc directories.
+
++.br
++.B rhgb_tmpfs_t
+
-+.EX
-+.PP
-+.B xdm_exec_t
-+.EE
+
-+- Set files with the xdm_exec_t type, if you want to transition an executable to the xdm_t domain.
++.br
++.B sandbox_xserver_tmpfs_t
++
+
+.br
-+.TP 5
-+Paths:
-+/usr/bin/slim, /usr/(s)?bin/lightdm*, /usr/(s)?bin/[mxgkw]dm, /usr/sbin/mdm-binary, /usr/(s)?bin/lxdm(-binary)?, /usr/X11R6/bin/[xgkw]dm, /usr/(s)?bin/gdm-binary, /usr/bin/gpe-dm, /opt/kde3/bin/kdm
++.B security_t
+
-+.EX
-+.PP
-+.B xdm_home_t
-+.EE
++ /selinux
++.br
++
++.br
++.B ssh_tmpfs_t
+
-+- Set files with the xdm_home_t type, if you want to store xdm files in the users home directory.
+
+.br
-+.TP 5
-+Paths:
-+/root/\.xsession-errors.*, /root/\.dmrc.*
++.B sysfs_t
+
-+.EX
-+.PP
-+.B xdm_lock_t
-+.EE
++ /sys(/.*)?
++.br
+
-+- Set files with the xdm_lock_t type, if you want to treat the files as xdm lock data, stored under the /var/lock directory
++.br
++.B tmpfs_t
+
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
+
-+.EX
-+.PP
-+.B xdm_log_t
-+.EE
++.br
++.B tvtime_tmpfs_t
+
-+- Set files with the xdm_log_t type, if you want to treat the data as xdm log data, usually stored under the /var/log directory.
+
+.br
-+.TP 5
-+Paths:
-+/var/log/slim\.log, /var/log/lxdm\.log.*, /var/log/[mg]dm(/.*)?, /var/log/[mkwx]dm\.log.*
++.B user_fonts_cache_t
+
-+.EX
-+.PP
-+.B xdm_rw_etc_t
-+.EE
++ /root/\.fontconfig(/.*)?
++.br
++ /root/\.fonts/auto(/.*)?
++.br
++ /root/\.fonts\.cache-.*
++.br
++ /home/[^/]*/\.fontconfig(/.*)?
++.br
++ /home/[^/]*/\.fonts/auto(/.*)?
++.br
++ /home/[^/]*/\.fonts\.cache-.*
++.br
+
-+- Set files with the xdm_rw_etc_t type, if you want to store xdm rw files in the /etc directories.
++.br
++.B user_tmpfs_t
+
++ /dev/shm/mono.*
++.br
++ /dev/shm/pulse-shm.*
+.br
-+.TP 5
-+Paths:
-+/etc/opt/VirtualGL(/.*)?, /etc/X11/wdm(/.*)?
+
-+.EX
++.br
++.B vmware_tmpfs_t
++
++
++.br
++.B wireshark_tmpfs_t
++
++
++.br
++.B xdm_log_t
++
++ /var/log/[mg]dm(/.*)?
++.br
++ /var/log/[mkwx]dm\.log.*
++.br
++ /var/log/lxdm\.log.*
++.br
++ /var/log/slim\.log
++.br
++
++.br
++.B xdm_tmp_t
++
++ /tmp/\.X11-unix(/.*)?
++.br
++ /tmp/\.ICE-unix(/.*)?
++.br
++ /tmp/\.X0-lock
++.br
++
++.br
++.B xdm_tmpfs_t
++
++
++.br
++.B xkb_var_lib_t
++
++ /var/lib/xkb(/.*)?
++.br
++ /usr/X11R6/lib/X11/xkb/.*
++.br
++ /usr/X11R6/lib/X11/xkb
++.br
++
++.br
++.B xserver_log_t
++
++ /var/[xgkw]dm(/.*)?
++.br
++ /usr/var/[xgkw]dm(/.*)?
++.br
++ /var/log/Xorg.*
++.br
++ /var/log/XFree86.*
++.br
++ /var/log/lightdm(/.*)?
++.br
++ /var/log/nvidia-installer\.log.*
++.br
++
++.br
++.B xserver_tmpfs_t
++
++
++.br
++.B xserver_var_lib_t
++
++ /var/lib/xorg(/.*)?
++.br
++
++.br
++.B xserver_var_run_t
++
++ /var/run/xorg(/.*)?
++.br
++ /var/run/video.rom
++.br
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B xdm_spool_t
-+.EE
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+- Set files with the xdm_spool_t type, if you want to store the xdm files under the /var/spool directory.
++.B semanage port
++can also be used to manipulate the port definitions
++
++.B semanage boolean
++can also be used to manipulate the booleans
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), xserver(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8)
+\ No newline at end of file
+diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
+index 5061a5f..faf03e0 100644
+--- a/man/man8/ypbind_selinux.8
++++ b/man/man8/ypbind_selinux.8
+@@ -1,19 +1,129 @@
+-.TH "ypbind_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ypbind Selinux Policy documentation"
++.TH "ypbind_selinux" "8" "ypbind" "dwalsh at redhat.com" "ypbind SELinux Policy documentation"
+ .SH "NAME"
+-ypbind_selinux \- Security Enhanced Linux Policy for NIS.
++ypbind_selinux \- Security Enhanced Linux Policy for the ypbind processes
+ .SH "DESCRIPTION"
+
+-Security-Enhanced Linux secures the system via flexible mandatory access
+-control. SELinux can be setup deny NIS from working, since it requires daemons to be allowed greater access to the network.
+-.SH BOOLEANS
+-.TP
+-You must set the allow_ypbind boolean to allow your system to work properly in a NIS environment.
+-.TP
+-setsebool -P allow_ypbind 1
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
++Security-Enhanced Linux secures the ypbind processes via flexible mandatory access
++control.
++
++.SH NSSWITCH DOMAIN
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux ypbind policy is very flexible allowing users to setup their ypbind processes in as secure a method as possible.
++.PP
++The following file types are defined for ypbind:
+
+
+.EX
+.PP
-+.B xdm_tmp_t
++.B ypbind_exec_t
+.EE
+
-+- Set files with the xdm_tmp_t type, if you want to store xdm temporary files in the /tmp directories.
++- Set files with the ypbind_exec_t type, if you want to transition an executable to the ypbind_t domain.
+
+.br
+.TP 5
+Paths:
-+/tmp/\.X0-lock, /tmp/\.X11-unix(/.*)?, /tmp/\.ICE-unix(/.*)?
++/usr/sbin/ypbind, /sbin/ypbind
+
+.EX
+.PP
-+.B xdm_tmpfs_t
++.B ypbind_initrc_exec_t
+.EE
+
-+- Set files with the xdm_tmpfs_t type, if you want to store xdm files on a tmpfs file system.
++- Set files with the ypbind_initrc_exec_t type, if you want to transition an executable to the ypbind_initrc_t domain.
+
+
+.EX
+.PP
-+.B xdm_unconfined_exec_t
++.B ypbind_tmp_t
+.EE
+
-+- Set files with the xdm_unconfined_exec_t type, if you want to transition an executable to the xdm_unconfined_t domain.
++- Set files with the ypbind_tmp_t type, if you want to store ypbind temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/[mg]dm/Init(/.*)?, /etc/[mg]dm/PreSession(/.*)?, /etc/[mg]dm/PostLogin(/.*)?, /etc/[mg]dm/PostSession(/.*)?
+
+.EX
+.PP
-+.B xdm_var_lib_t
++.B ypbind_unit_file_t
+.EE
+
-+- Set files with the xdm_var_lib_t type, if you want to store the xdm files under the /var/lib directory.
++- Set files with the ypbind_unit_file_t type, if you want to treat the files as ypbind unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/lightdm(/.*)?, /var/cache/lightdm(/.*)?, /var/lib/[mxkwg]dm(/.*)?, /var/lib/lxdm(/.*)?, /var/cache/[mg]dm(/.*)?
+
+.EX
+.PP
-+.B xdm_var_run_t
++.B ypbind_var_run_t
+.EE
+
-+- Set files with the xdm_var_run_t type, if you want to store the xdm files under the /run directory.
++- Set files with the ypbind_var_run_t type, if you want to store the ypbind files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/kde[34]?/kdm/backgroundrc, /var/run/slim.*, /var/run/lxdm(/.*)?, /usr/lib/qt-.*/etc/settings(/.*)?, /var/run/lxdm\.auth, /var/run/systemd/multi-session-x(/.*)?, /var/run/xauth(/.*)?, /var/run/xdmctl(/.*)?, /var/run/[gx]dm\.pid, /var/run/[kgm]dm(/.*)?, /var/run/slim(/.*)?, /var/run/gdm_socket, /var/run/lxdm\.pid, /var/run/lightdm(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59671,49 +96671,44 @@ index 0000000..8fdf373
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
-+.PP
-+The following port types are defined for xdm:
-+
-+.EX
-+.TP 5
-+.B xdmcp_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 177
-+.EE
-+udp 177
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible.
++SELinux ypbind policy is very flexible allowing users to setup their ypbind processes in as secure a method as possible.
+.PP
-+The following process types are defined for xdm:
++The following process types are defined for ypbind:
+
+.EX
-+.B xdm_t, xdm_dbusd_t
++.B ypbind_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ypbind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B var_yp_t
++
++ /var/yp(/.*)?
++.br
++
++.br
++.B ypbind_tmp_t
++
++
++.br
++.B ypbind_var_run_t
++
++ /var/run/ypbind.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -59724,35 +96719,29 @@ index 0000000..8fdf373
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), xdm(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/xenconsoled_selinux.8 b/man/man8/xenconsoled_selinux.8
+ .SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++This manual page was auto-generated by genman.py.
+
+ .SH "SEE ALSO"
+-selinux(8), ypbind(8), chcon(1), setsebool(8)
++selinux(8), ypbind(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/yppasswdd_selinux.8 b/man/man8/yppasswdd_selinux.8
new file mode 100644
-index 0000000..ace8c33
+index 0000000..59d56f7
--- /dev/null
-+++ b/man/man8/xenconsoled_selinux.8
-@@ -0,0 +1,81 @@
-+.TH "xenconsoled_selinux" "8" "xenconsoled" "dwalsh at redhat.com" "xenconsoled SELinux Policy documentation"
++++ b/man/man8/yppasswdd_selinux.8
+@@ -0,0 +1,123 @@
++.TH "yppasswdd_selinux" "8" "yppasswdd" "dwalsh at redhat.com" "yppasswdd SELinux Policy documentation"
+.SH "NAME"
-+xenconsoled_selinux \- Security Enhanced Linux Policy for the xenconsoled processes
++yppasswdd_selinux \- Security Enhanced Linux Policy for the yppasswdd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xenconsoled processes via flexible mandatory access
++Security-Enhanced Linux secures the yppasswdd processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -59763,25 +96752,29 @@ index 0000000..ace8c33
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux xenconsoled policy is very flexible allowing users to setup their xenconsoled processes in as secure a method as possible.
++SELinux yppasswdd policy is very flexible allowing users to setup their yppasswdd processes in as secure a method as possible.
+.PP
-+The following file types are defined for xenconsoled:
++The following file types are defined for yppasswdd:
+
+
+.EX
+.PP
-+.B xenconsoled_exec_t
++.B yppasswdd_exec_t
+.EE
+
-+- Set files with the xenconsoled_exec_t type, if you want to transition an executable to the xenconsoled_t domain.
++- Set files with the yppasswdd_exec_t type, if you want to transition an executable to the yppasswdd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/rpc\.yppasswdd\.env, /usr/sbin/rpc\.yppasswdd
+
+.EX
+.PP
-+.B xenconsoled_var_run_t
++.B yppasswdd_var_run_t
+.EE
+
-+- Set files with the xenconsoled_var_run_t type, if you want to store the xenconsoled files under the /run directory.
++- Set files with the yppasswdd_var_run_t type, if you want to store the yppasswdd files under the /run directory.
+
+
+.PP
@@ -59797,18 +96790,56 @@ index 0000000..ace8c33
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xenconsoled policy is very flexible allowing users to setup their xenconsoled processes in as secure a method as possible.
++SELinux yppasswdd policy is very flexible allowing users to setup their yppasswdd processes in as secure a method as possible.
+.PP
-+The following process types are defined for xenconsoled:
++The following process types are defined for yppasswdd:
+
+.EX
-+.B xenconsoled_t
++.B yppasswdd_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type yppasswdd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B shadow_t
++
++ /etc/shadow.*
++.br
++ /etc/gshadow.*
++.br
++ /var/db/shadow.*
++.br
++ /etc/passwd\.adjunct.*
++.br
++ /etc/\.pwd\.lock
++.br
++ /etc/group\.lock
++.br
++ /etc/passwd\.lock
++.br
++ /etc/security/opasswd
++.br
++ /etc/security/opasswd\.old
++.br
++
++.br
++.B var_yp_t
++
++ /var/yp(/.*)?
++.br
++
++.br
++.B yppasswdd_var_run_t
++
++ /var/run/yppass.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -59824,49 +96855,24 @@ index 0000000..ace8c33
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/xend_selinux.8 b/man/man8/xend_selinux.8
++selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ypserv_selinux.8 b/man/man8/ypserv_selinux.8
new file mode 100644
-index 0000000..6d13960
+index 0000000..13199b9
--- /dev/null
-+++ b/man/man8/xend_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "xend_selinux" "8" "xend" "dwalsh at redhat.com" "xend SELinux Policy documentation"
++++ b/man/man8/ypserv_selinux.8
+@@ -0,0 +1,117 @@
++.TH "ypserv_selinux" "8" "ypserv" "dwalsh at redhat.com" "ypserv SELinux Policy documentation"
+.SH "NAME"
-+xend_selinux \- Security Enhanced Linux Policy for the xend processes
++ypserv_selinux \- Security Enhanced Linux Policy for the ypserv processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xend processes via flexible mandatory access
++Security-Enhanced Linux secures the ypserv processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. xend policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xend with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
-+
-+.EX
-+.B setsebool -P xen_use_nfs 1
-+.EE
-+
-+.PP
-+If you want to allow xend to run qemu-dm. Not required if using paravirt and no vfb, you must turn on the xend_run_qemu boolean.
-+
-+.EX
-+.B setsebool -P xend_run_qemu 1
-+.EE
-+
-+.PP
-+If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
-+
-+.EX
-+.B setsebool -P xend_run_blktap 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.SH FILE CONTEXTS
@@ -59875,62 +96881,42 @@ index 0000000..6d13960
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
++SELinux ypserv policy is very flexible allowing users to setup their ypserv processes in as secure a method as possible.
+.PP
-+The following file types are defined for xend:
-+
-+
-+.EX
-+.PP
-+.B xend_exec_t
-+.EE
-+
-+- Set files with the xend_exec_t type, if you want to transition an executable to the xend_t domain.
++The following file types are defined for ypserv:
+
+
+.EX
+.PP
-+.B xend_tmp_t
++.B ypserv_conf_t
+.EE
+
-+- Set files with the xend_tmp_t type, if you want to store xend temporary files in the /tmp directories.
++- Set files with the ypserv_conf_t type, if you want to treat the files as ypserv configuration data, usually stored under the /etc directory.
+
+
+.EX
+.PP
-+.B xend_var_lib_t
++.B ypserv_exec_t
+.EE
+
-+- Set files with the xend_var_lib_t type, if you want to store the xend files under the /var/lib directory.
++- Set files with the ypserv_exec_t type, if you want to transition an executable to the ypserv_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/xen(/.*)?, /var/lib/xend(/.*)?
+
+.EX
+.PP
-+.B xend_var_log_t
++.B ypserv_tmp_t
+.EE
+
-+- Set files with the xend_var_log_t type, if you want to treat the data as xend var log data, usually stored under the /var/log directory.
++- Set files with the ypserv_tmp_t type, if you want to store ypserv temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/xen-hotplug\.log.*, /var/log/xen(/.*)?, /var/log/xend-debug\.log.*, /var/log/xend\.log.*
+
+.EX
+.PP
-+.B xend_var_run_t
++.B ypserv_var_run_t
+.EE
+
-+- Set files with the xend_var_run_t type, if you want to store the xend files under the /run directory.
++- Set files with the ypserv_var_run_t type, if you want to store the ypserv files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xenner(/.*)?, /var/run/xend(/.*)?, /var/run/xend\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59939,47 +96925,44 @@ index 0000000..6d13960
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
-+.PP
-+The following port types are defined for xend:
-+
-+.EX
-+.TP 5
-+.B xen_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 8002
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible.
++SELinux ypserv policy is very flexible allowing users to setup their ypserv processes in as secure a method as possible.
+.PP
-+The following process types are defined for xend:
++The following process types are defined for ypserv:
+
+.EX
-+.B xend_t, xenstored_t, xenconsoled_t
++.B ypserv_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ypserv_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B var_yp_t
++
++ /var/yp(/.*)?
++.br
++
++.br
++.B ypserv_tmp_t
++
++
++.br
++.B ypserv_var_run_t
++
++ /var/run/ypserv.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -59990,35 +96973,27 @@ index 0000000..6d13960
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), xend(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/xenstored_selinux.8 b/man/man8/xenstored_selinux.8
++selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/ypxfr_selinux.8 b/man/man8/ypxfr_selinux.8
new file mode 100644
-index 0000000..6143bee
+index 0000000..7dfaeaf
--- /dev/null
-+++ b/man/man8/xenstored_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "xenstored_selinux" "8" "xenstored" "dwalsh at redhat.com" "xenstored SELinux Policy documentation"
++++ b/man/man8/ypxfr_selinux.8
+@@ -0,0 +1,101 @@
++.TH "ypxfr_selinux" "8" "ypxfr" "dwalsh at redhat.com" "ypxfr SELinux Policy documentation"
+.SH "NAME"
-+xenstored_selinux \- Security Enhanced Linux Policy for the xenstored processes
++ypxfr_selinux \- Security Enhanced Linux Policy for the ypxfr processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xenstored processes via flexible mandatory access
++Security-Enhanced Linux secures the ypxfr processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -60029,54 +97004,30 @@ index 0000000..6143bee
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux xenstored policy is very flexible allowing users to setup their xenstored processes in as secure a method as possible.
++SELinux ypxfr policy is very flexible allowing users to setup their ypxfr processes in as secure a method as possible.
+.PP
-+The following file types are defined for xenstored:
-+
-+
-+.EX
-+.PP
-+.B xenstored_exec_t
-+.EE
-+
-+- Set files with the xenstored_exec_t type, if you want to transition an executable to the xenstored_t domain.
-+
-+
-+.EX
-+.PP
-+.B xenstored_tmp_t
-+.EE
-+
-+- Set files with the xenstored_tmp_t type, if you want to store xenstored temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B xenstored_var_lib_t
-+.EE
-+
-+- Set files with the xenstored_var_lib_t type, if you want to store the xenstored files under the /var/lib directory.
++The following file types are defined for ypxfr:
+
+
+.EX
+.PP
-+.B xenstored_var_log_t
++.B ypxfr_exec_t
+.EE
+
-+- Set files with the xenstored_var_log_t type, if you want to treat the data as xenstored var log data, usually stored under the /var/log directory.
++- Set files with the ypxfr_exec_t type, if you want to transition an executable to the ypxfr_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/lib/yp/ypxfr, /usr/sbin/rpc\.ypxfrd
+
+.EX
+.PP
-+.B xenstored_var_run_t
++.B ypxfr_var_run_t
+.EE
+
-+- Set files with the xenstored_var_run_t type, if you want to store the xenstored files under the /run directory.
++- Set files with the ypxfr_var_run_t type, if you want to store the ypxfr files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xenstore\.pid, /var/run/xenstored(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -60091,18 +97042,34 @@ index 0000000..6143bee
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xenstored policy is very flexible allowing users to setup their xenstored processes in as secure a method as possible.
++SELinux ypxfr policy is very flexible allowing users to setup their ypxfr processes in as secure a method as possible.
+.PP
-+The following process types are defined for xenstored:
++The following process types are defined for ypxfr:
+
+.EX
-+.B xenstored_t
++.B ypxfr_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type ypxfr_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B var_yp_t
++
++ /var/yp(/.*)?
++.br
++
++.br
++.B ypxfr_var_run_t
++
++ /var/run/ypxfrd.*
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60118,371 +97085,275 @@ index 0000000..6143bee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/xguest_selinux.8 b/man/man8/xguest_selinux.8
++selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zabbix_agent_selinux.8 b/man/man8/zabbix_agent_selinux.8
new file mode 100644
-index 0000000..2478817
+index 0000000..613ce3e
--- /dev/null
-+++ b/man/man8/xguest_selinux.8
-@@ -0,0 +1,231 @@
-+.TH "xguest_selinux" "8" "xguest" "mgrepl at redhat.com" "xguest SELinux Policy documentation"
++++ b/man/man8/zabbix_agent_selinux.8
+@@ -0,0 +1,128 @@
++.TH "zabbix_agent_selinux" "8" "zabbix_agent" "dwalsh at redhat.com" "zabbix_agent SELinux Policy documentation"
+.SH "NAME"
-+xguest_u \- \fBLeast privledge xwindows user role\fP - Security Enhanced Linux Policy
-+
-+.SH DESCRIPTION
-+
-+\fBxguest_u\fP is an SELinux User defined in the SELinux
-+policy. SELinux users have default roles, \fBxguest_r\fP. The
-+default role has a default type, \fBxguest_t\fP, associated with it.
-+
-+The SELinux user will usually login to a system with a context that looks like:
-+
-+.B xguest_u:xguest_r:xguest_u:s0-s0:c0.c1023
-+
-+Linux users are automatically assigned an SELinux users at login.
-+Login programs use the SELinux User to assign initial context to the user's shell.
-+
-+SELinux policy uses the context to control the user's access.
-+
-+By default all users are assigned to the SELinux user via the \fB__default__\fP flag
-+
-+On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
-+
-+You can list all Linux User to SELinux user mapping using:
-+
-+.B semanage login -l
-+
-+If you wanted to change the default user mapping to use the xguest_u user, you would execute:
-+
-+.B semanage login -m -s xguest_u __default__
-+
-+
-+If you want to map the one Linux user (joe) to the SELinux user xguest, you would execute:
-+
-+.B $ semanage login -a -s xguest_u joe
-+
-+
-+.SH USER DESCRIPTION
-+
-+The SELinux user xguest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
-+
-+.SH SUDO
-+
-+The SELinux type xguest_t is not allowed to execute sudo.
-+
-+.SH X WINDOWS LOGIN
-+
-+The SELinux user xguest_u is able to X Windows login.
-+
-+.SH TERMINAL LOGIN
-+
-+The SELinux user xguest_u is able to terminal login.
-+
-+.SH NETWORK
-+
-+.TP
-+The SELinux user xguest_u is able to connect to the following tcp ports.
-+
-+.B dns_port_t: 53
-+
-+.B ipp_port_t: 631,8610-8614
-+
-+.B transproxy_port_t: 8081
-+
-+.B ocsp_port_t: 9080
-+
-+.B kerberos_port_t: 88,750,4444
-+
-+.B all ports with out defined types
-+
-+.B ftp_port_t: 21,990
-+
-+.B speech_port_t: 8036
-+
-+.B squid_port_t: 3128,3401,4827
-+
-+.B http_cache_port_t: 8080,8118,8123,10001-10010
-+
-+.B http_port_t: 80,443,488,8008,8009,8443
-+
-+.B flash_port_t: 843,1935
-+
-+.B pulseaudio_port_t: 4713
-+
-+.B soundd_port_t: 8000,9433,16001
++zabbix_agent_selinux \- Security Enhanced Linux Policy for the zabbix_agent processes
++.SH "DESCRIPTION"
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. xguest_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xguest_t with the tightest access possible.
++Security-Enhanced Linux secures the zabbix_agent processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
-+
-+.EX
-+.B setsebool -P xguest_connect_network 1
-+.EE
-+
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
-+
-+.EX
-+.B setsebool -P allow_user_mysql_connect 1
-+.EE
++Policy governs the access confined processes have to these files.
++SELinux zabbix_agent policy is very flexible allowing users to setup their zabbix_agent processes in as secure a method as possible.
++.PP
++The following file types are defined for zabbix_agent:
+
-+.PP
-+If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
+
+.EX
-+.B setsebool -P user_ping 1
-+.EE
-+
+.PP
-+If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
-+
-+.EX
-+.B setsebool -P user_ttyfile_stat 1
++.B zabbix_agent_exec_t
+.EE
+
-+.PP
-+If you want to allow user music sharing, you must turn on the user_share_music boolean.
-+
-+.EX
-+.B setsebool -P user_share_music 1
-+.EE
++- Set files with the zabbix_agent_exec_t type, if you want to transition an executable to the zabbix_agent_t domain.
+
-+.PP
-+If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
+
+.EX
-+.B setsebool -P user_direct_dri 1
-+.EE
-+
+.PP
-+If you want to allow xguest users to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
-+
-+.EX
-+.B setsebool -P xguest_use_bluetooth 1
++.B zabbix_agent_initrc_exec_t
+.EE
+
-+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++- Set files with the zabbix_agent_initrc_exec_t type, if you want to transition an executable to the zabbix_agent_initrc_t domain.
+
-+.EX
-+.B setsebool -P user_rw_noexattrfile 1
-+.EE
+
+.PP
-+If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
-+
-+.EX
-+.B setsebool -P user_tcp_server 1
-+.EE
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
++.SH PORT TYPES
++SELinux defines port types to represent TCP and UDP ports.
+.PP
-+If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++You can see the types associated with a port by using the following command:
+
-+.EX
-+.B setsebool -P user_direct_mouse 1
-+.EE
++.B semanage port -l
+
+.PP
-+If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++Policy governs the access confined processes have to these ports.
++SELinux zabbix_agent policy is very flexible allowing users to setup their zabbix_agent processes in as secure a method as possible.
++.PP
++The following port types are defined for zabbix_agent:
+
+.EX
-+.B setsebool -P user_setrlimit 1
++.TP 5
++.B zabbix_agent_port_t
++.TP 10
+.EE
+
-+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
+
-+.EX
-+.B setsebool -P allow_user_postgresql_connect 1
++Default Defined Ports:
++tcp 10050
+.EE
-+
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
-+
-+.EX
-+.B setsebool -P xguest_mount_media 1
-+.EE
-+
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++Policy governs the access confined processes have to files.
++SELinux zabbix_agent policy is very flexible allowing users to setup their zabbix_agent processes in as secure a method as possible.
++.PP
++The following process types are defined for zabbix_agent:
+
+.EX
-+.B setsebool -P user_dmesg 1
++.B zabbix_agent_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
-+.SH HOME_EXEC
-+
-+The SELinux user xguest_u is able execute home content files.
-+
-+.SH TRANSITIONS
-+
-+Three things can happen when xguest_t attempts to execute a program.
-+
-+\fB1.\fP SELinux Policy can deny xguest_t from executing the program.
-+
-+.TP
-+
-+\fB2.\fP SELinux Policy can allow xguest_t to execute the program in the current user type.
++.SH "MANAGED FILES"
+
-+Execute the following to see the types that the SELinux user xguest_t can execute without transitioning:
++The SELinux user type zabbix_agent_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+.B sesearch -A -s xguest_t -c file -p execute_no_trans
++.br
++.B zabbix_log_t
+
-+.TP
++ /var/log/zabbix(/.*)?
++.br
+
-+\fB3.\fP SELinux can allow xguest_t to execute the program and transition to a new type.
++.br
++.B zabbix_tmpfs_t
+
-+Execute the following to see the types that the SELinux user xguest_t can execute and transition:
+
-+.B $ sesearch -A -s xguest_t -c process -p transition
++.br
++.B zabbix_var_run_t
+
++ /var/run/zabbix(/.*)?
++.br
+
+.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage login
-+can also be used to manipulate the Linux User to SELinux User mappings
-+
-+.B semanage user
-+can also be used to manipulate SELinux user definitions.
++.B semanage port
++can also be used to manipulate the port definitions
+
++.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genuserman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8).
-diff --git a/man/man8/xserver_selinux.8 b/man/man8/xserver_selinux.8
++selinux(8), zabbix_agent(8), semanage(8), restorecon(8), chcon(1)
++, zabbix_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/zabbix_selinux.8 b/man/man8/zabbix_selinux.8
new file mode 100644
-index 0000000..ac568e6
+index 0000000..66338fc
--- /dev/null
-+++ b/man/man8/xserver_selinux.8
-@@ -0,0 +1,193 @@
-+.TH "xserver_selinux" "8" "xserver" "dwalsh at redhat.com" "xserver SELinux Policy documentation"
++++ b/man/man8/zabbix_selinux.8
+@@ -0,0 +1,234 @@
++.TH "zabbix_selinux" "8" "zabbix" "dwalsh at redhat.com" "zabbix SELinux Policy documentation"
+.SH "NAME"
-+xserver_selinux \- Security Enhanced Linux Policy for the xserver processes
++zabbix_selinux \- Security Enhanced Linux Policy for the zabbix processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xserver processes via flexible mandatory access
++Security-Enhanced Linux secures the zabbix processes via flexible mandatory access
+control.
+
+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. xserver policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xserver with the tightest access possible.
++SELinux policy is customizable based on least access required. zabbix policy is extremely flexible and has several booleans that allow you to manipulate the policy and run zabbix with the tightest access possible.
+
+
+.PP
-+If you want to support X userspace object manager, you must turn on the xserver_object_manager boolean.
++If you want to allow zabbix to connect to unreserved ports, you must turn on the zabbix_can_network boolean.
+
+.EX
-+.B setsebool -P xserver_object_manager 1
++.B setsebool -P zabbix_can_network 1
+.EE
+
+.PP
-+If you want to allows XServer to execute writable memory, you must turn on the xserver_execmem boolean.
++If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
+
+.EX
-+.B setsebool -P xserver_execmem 1
++.B setsebool -P httpd_can_connect_zabbix 1
+.EE
+
++.SH NSSWITCH DOMAIN
++
+.PP
-+If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zabbix_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.B setsebool -P virt_use_xserver 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allows clients to write to the X server shared memory segments, you must turn on the xserver_clients_write_xshm boolean.
++If you want to allow confined applications to run with kerberos for the zabbix_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.B setsebool -P xserver_clients_write_xshm 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+.SH NSSWITCH DOMAIN
-+
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the xserver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
++.PP
++The following file types are defined for zabbix:
++
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.PP
++.B zabbix_agent_exec_t
+.EE
+
-+.PP
-+If you want to allow confined applications to run with kerberos for the xserver_t, you must turn on the kerberos_enabled boolean.
++- Set files with the zabbix_agent_exec_t type, if you want to transition an executable to the zabbix_agent_t domain.
++
+
+.EX
-+setsebool -P kerberos_enabled 1
++.PP
++.B zabbix_agent_initrc_exec_t
+.EE
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
-+.PP
-+The following file types are defined for xserver:
++- Set files with the zabbix_agent_initrc_exec_t type, if you want to transition an executable to the zabbix_agent_initrc_t domain.
+
+
+.EX
+.PP
-+.B xserver_exec_t
++.B zabbix_exec_t
+.EE
+
-+- Set files with the xserver_exec_t type, if you want to transition an executable to the xserver_t domain.
++- Set files with the zabbix_exec_t type, if you want to transition an executable to the zabbix_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/Xair, /usr/X11R6/bin/Xwrapper, /usr/X11R6/bin/XFree86, /etc/init\.d/xfree86-common, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/bin/Xephyr, /usr/bin/Xorg, /usr/X11R6/bin/X
++/usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server_sqlite3, /usr/sbin/zabbix_server_mysql, /usr/(s)?bin/zabbix_server
+
+.EX
+.PP
-+.B xserver_log_t
++.B zabbix_initrc_exec_t
+.EE
+
-+- Set files with the xserver_log_t type, if you want to treat the data as xserver log data, usually stored under the /var/log directory.
++- Set files with the zabbix_initrc_exec_t type, if you want to transition an executable to the zabbix_initrc_t domain.
+
+.br
+.TP 5
+Paths:
-+/var/log/lightdm(/.*)?, /usr/var/[xgkw]dm(/.*)?, /var/log/nvidia-installer\.log.*, /var/[xgkw]dm(/.*)?, /var/log/XFree86.*, /var/log/Xorg.*
++/etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/zabbix
+
+.EX
+.PP
-+.B xserver_tmpfs_t
++.B zabbix_log_t
+.EE
+
-+- Set files with the xserver_tmpfs_t type, if you want to store xserver files on a tmpfs file system.
++- Set files with the zabbix_log_t type, if you want to treat the data as zabbix log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B xserver_var_lib_t
++.B zabbix_tmp_t
+.EE
+
-+- Set files with the xserver_var_lib_t type, if you want to store the xserver files under the /var/lib directory.
++- Set files with the zabbix_tmp_t type, if you want to store zabbix temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B xserver_var_run_t
++.B zabbix_tmpfs_t
+.EE
+
-+- Set files with the xserver_var_run_t type, if you want to store the xserver files under the /run directory.
++- Set files with the zabbix_tmpfs_t type, if you want to store zabbix files on a tmpfs file system.
++
++
++.EX
++.PP
++.B zabbix_var_run_t
++.EE
++
++- Set files with the zabbix_var_run_t type, if you want to store the zabbix files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xorg(/.*)?, /var/run/video.rom
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -60500,19 +97371,30 @@ index 0000000..ac568e6
+
+.PP
+Policy governs the access confined processes have to these ports.
-+SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
++SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
+.PP
-+The following port types are defined for xserver:
++The following port types are defined for zabbix:
+
+.EX
+.TP 5
-+.B xserver_port_t
++.B zabbix_agent_port_t
+.TP 10
+.EE
+
+
+Default Defined Ports:
-+tcp 6000-6020
++tcp 10050
++.EE
++
++.EX
++.TP 5
++.B zabbix_port_t
++.TP 10
++.EE
++
++
++Default Defined Ports:
++tcp 10051
+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
@@ -60520,18 +97402,42 @@ index 0000000..ac568e6
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible.
++SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
+.PP
-+The following process types are defined for xserver:
++The following process types are defined for zabbix:
+
+.EX
-+.B xserver_t
++.B zabbix_agent_t, zabbix_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zabbix_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zabbix_log_t
++
++ /var/log/zabbix(/.*)?
++.br
++
++.br
++.B zabbix_tmp_t
++
++
++.br
++.B zabbix_tmpfs_t
++
++
++.br
++.B zabbix_var_run_t
++
++ /var/run/zabbix(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60553,91 +97459,83 @@ index 0000000..ac568e6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), xserver(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), zabbix(8), semanage(8), restorecon(8), chcon(1)
++, setsebool(8), zabbix_agent_selinux(8)
\ No newline at end of file
-diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
-index 5061a5f..a89264a 100644
---- a/man/man8/ypbind_selinux.8
-+++ b/man/man8/ypbind_selinux.8
-@@ -1,19 +1,109 @@
--.TH "ypbind_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ypbind Selinux Policy documentation"
-+.TH "ypbind_selinux" "8" "ypbind" "dwalsh at redhat.com" "ypbind SELinux Policy documentation"
- .SH "NAME"
--ypbind_selinux \- Security Enhanced Linux Policy for NIS.
-+ypbind_selinux \- Security Enhanced Linux Policy for the ypbind processes
- .SH "DESCRIPTION"
-
--Security-Enhanced Linux secures the system via flexible mandatory access
--control. SELinux can be setup deny NIS from working, since it requires daemons to be allowed greater access to the network.
--.SH BOOLEANS
--.TP
--You must set the allow_ypbind boolean to allow your system to work properly in a NIS environment.
--.TP
--setsebool -P allow_ypbind 1
--.TP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
-+Security-Enhanced Linux secures the ypbind processes via flexible mandatory access
+diff --git a/man/man8/zarafa_deliver_selinux.8 b/man/man8/zarafa_deliver_selinux.8
+new file mode 100644
+index 0000000..9d116b7
+--- /dev/null
++++ b/man/man8/zarafa_deliver_selinux.8
+@@ -0,0 +1,131 @@
++.TH "zarafa_deliver_selinux" "8" "zarafa_deliver" "dwalsh at redhat.com" "zarafa_deliver SELinux Policy documentation"
++.SH "NAME"
++zarafa_deliver_selinux \- Security Enhanced Linux Policy for the zarafa_deliver processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the zarafa_deliver processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_deliver_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the zarafa_deliver_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ypbind policy is very flexible allowing users to setup their ypbind processes in as secure a method as possible.
++SELinux zarafa_deliver policy is very flexible allowing users to setup their zarafa_deliver processes in as secure a method as possible.
+.PP
-+The following file types are defined for ypbind:
-+
-+
-+.EX
-+.PP
-+.B ypbind_exec_t
-+.EE
-+
-+- Set files with the ypbind_exec_t type, if you want to transition an executable to the ypbind_t domain.
++The following file types are defined for zarafa_deliver:
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ypbind, /sbin/ypbind
+
+.EX
+.PP
-+.B ypbind_initrc_exec_t
++.B zarafa_deliver_exec_t
+.EE
+
-+- Set files with the ypbind_initrc_exec_t type, if you want to transition an executable to the ypbind_initrc_t domain.
++- Set files with the zarafa_deliver_exec_t type, if you want to transition an executable to the zarafa_deliver_t domain.
+
+
+.EX
+.PP
-+.B ypbind_tmp_t
++.B zarafa_deliver_log_t
+.EE
+
-+- Set files with the ypbind_tmp_t type, if you want to store ypbind temporary files in the /tmp directories.
++- Set files with the zarafa_deliver_log_t type, if you want to treat the data as zarafa deliver log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B ypbind_unit_file_t
++.B zarafa_deliver_tmp_t
+.EE
+
-+- Set files with the ypbind_unit_file_t type, if you want to treat the files as ypbind unit content.
++- Set files with the zarafa_deliver_tmp_t type, if you want to store zarafa deliver temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B ypbind_var_run_t
++.B zarafa_deliver_var_run_t
+.EE
+
-+- Set files with the ypbind_var_run_t type, if you want to store the ypbind files under the /run directory.
++- Set files with the zarafa_deliver_var_run_t type, if you want to store the zarafa deliver files under the /run directory.
+
+
+.PP
@@ -60653,18 +97551,38 @@ index 5061a5f..a89264a 100644
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ypbind policy is very flexible allowing users to setup their ypbind processes in as secure a method as possible.
++SELinux zarafa_deliver policy is very flexible allowing users to setup their zarafa_deliver processes in as secure a method as possible.
+.PP
-+The following process types are defined for ypbind:
++The following process types are defined for zarafa_deliver:
+
+.EX
-+.B ypbind_t
++.B zarafa_deliver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_deliver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_deliver_log_t
++
++ /var/log/zarafa/dagent\.log.*
++.br
++
++.br
++.B zarafa_deliver_tmp_t
++
++
++.br
++.B zarafa_deliver_var_run_t
++
++ /var/run/zarafa-dagent\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60679,58 +97597,74 @@ index 5061a5f..a89264a 100644
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
- .SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+This manual page was autogenerated by genman.py.
-
- .SH "SEE ALSO"
--selinux(8), ypbind(8), chcon(1), setsebool(8)
-+selinux(8), ypbind(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/yppasswdd_selinux.8 b/man/man8/yppasswdd_selinux.8
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), zarafa_deliver(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_gateway_selinux.8 b/man/man8/zarafa_gateway_selinux.8
new file mode 100644
-index 0000000..2881e38
+index 0000000..cf2b4f4
--- /dev/null
-+++ b/man/man8/yppasswdd_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "yppasswdd_selinux" "8" "yppasswdd" "dwalsh at redhat.com" "yppasswdd SELinux Policy documentation"
++++ b/man/man8/zarafa_gateway_selinux.8
+@@ -0,0 +1,119 @@
++.TH "zarafa_gateway_selinux" "8" "zarafa_gateway" "dwalsh at redhat.com" "zarafa_gateway SELinux Policy documentation"
+.SH "NAME"
-+yppasswdd_selinux \- Security Enhanced Linux Policy for the yppasswdd processes
++zarafa_gateway_selinux \- Security Enhanced Linux Policy for the zarafa_gateway processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the yppasswdd processes via flexible mandatory access
++Security-Enhanced Linux secures the zarafa_gateway processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_gateway_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the zarafa_gateway_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux yppasswdd policy is very flexible allowing users to setup their yppasswdd processes in as secure a method as possible.
++SELinux zarafa_gateway policy is very flexible allowing users to setup their zarafa_gateway processes in as secure a method as possible.
+.PP
-+The following file types are defined for yppasswdd:
++The following file types are defined for zarafa_gateway:
+
+
+.EX
+.PP
-+.B yppasswdd_exec_t
++.B zarafa_gateway_exec_t
+.EE
+
-+- Set files with the yppasswdd_exec_t type, if you want to transition an executable to the yppasswdd_t domain.
++- Set files with the zarafa_gateway_exec_t type, if you want to transition an executable to the zarafa_gateway_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.yppasswdd\.env, /usr/sbin/rpc\.yppasswdd
+
+.EX
+.PP
-+.B yppasswdd_var_run_t
++.B zarafa_gateway_log_t
+.EE
+
-+- Set files with the yppasswdd_var_run_t type, if you want to store the yppasswdd files under the /run directory.
++- Set files with the zarafa_gateway_log_t type, if you want to treat the data as zarafa gateway log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B zarafa_gateway_var_run_t
++.EE
++
++- Set files with the zarafa_gateway_var_run_t type, if you want to store the zarafa gateway files under the /run directory.
+
+
+.PP
@@ -60746,18 +97680,34 @@ index 0000000..2881e38
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux yppasswdd policy is very flexible allowing users to setup their yppasswdd processes in as secure a method as possible.
++SELinux zarafa_gateway policy is very flexible allowing users to setup their zarafa_gateway processes in as secure a method as possible.
+.PP
-+The following process types are defined for yppasswdd:
++The following process types are defined for zarafa_gateway:
+
+.EX
-+.B yppasswdd_t
++.B zarafa_gateway_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_gateway_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_gateway_log_t
++
++ /var/log/zarafa/gateway\.log.*
++.br
++
++.br
++.B zarafa_gateway_var_run_t
++
++ /var/run/zarafa-gateway\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60773,67 +97723,73 @@ index 0000000..2881e38
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ypserv_selinux.8 b/man/man8/ypserv_selinux.8
++selinux(8), zarafa_gateway(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_ical_selinux.8 b/man/man8/zarafa_ical_selinux.8
new file mode 100644
-index 0000000..8206c6b
+index 0000000..b36c2e2
--- /dev/null
-+++ b/man/man8/ypserv_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "ypserv_selinux" "8" "ypserv" "dwalsh at redhat.com" "ypserv SELinux Policy documentation"
++++ b/man/man8/zarafa_ical_selinux.8
+@@ -0,0 +1,119 @@
++.TH "zarafa_ical_selinux" "8" "zarafa_ical" "dwalsh at redhat.com" "zarafa_ical SELinux Policy documentation"
+.SH "NAME"
-+ypserv_selinux \- Security Enhanced Linux Policy for the ypserv processes
++zarafa_ical_selinux \- Security Enhanced Linux Policy for the zarafa_ical processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ypserv processes via flexible mandatory access
++Security-Enhanced Linux secures the zarafa_ical processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_ical_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the zarafa_ical_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ypserv policy is very flexible allowing users to setup their ypserv processes in as secure a method as possible.
++SELinux zarafa_ical policy is very flexible allowing users to setup their zarafa_ical processes in as secure a method as possible.
+.PP
-+The following file types are defined for ypserv:
-+
-+
-+.EX
-+.PP
-+.B ypserv_conf_t
-+.EE
-+
-+- Set files with the ypserv_conf_t type, if you want to treat the files as ypserv configuration data, usually stored under the /etc directory.
++The following file types are defined for zarafa_ical:
+
+
+.EX
+.PP
-+.B ypserv_exec_t
++.B zarafa_ical_exec_t
+.EE
+
-+- Set files with the ypserv_exec_t type, if you want to transition an executable to the ypserv_t domain.
++- Set files with the zarafa_ical_exec_t type, if you want to transition an executable to the zarafa_ical_t domain.
+
+
+.EX
+.PP
-+.B ypserv_tmp_t
++.B zarafa_ical_log_t
+.EE
+
-+- Set files with the ypserv_tmp_t type, if you want to store ypserv temporary files in the /tmp directories.
++- Set files with the zarafa_ical_log_t type, if you want to treat the data as zarafa ical log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B ypserv_var_run_t
++.B zarafa_ical_var_run_t
+.EE
+
-+- Set files with the ypserv_var_run_t type, if you want to store the ypserv files under the /run directory.
++- Set files with the zarafa_ical_var_run_t type, if you want to store the zarafa ical files under the /run directory.
+
+
+.PP
@@ -60849,18 +97805,34 @@ index 0000000..8206c6b
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ypserv policy is very flexible allowing users to setup their ypserv processes in as secure a method as possible.
++SELinux zarafa_ical policy is very flexible allowing users to setup their zarafa_ical processes in as secure a method as possible.
+.PP
-+The following process types are defined for ypserv:
++The following process types are defined for zarafa_ical:
+
+.EX
-+.B ypserv_t
++.B zarafa_ical_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_ical_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_ical_log_t
++
++ /var/log/zarafa/ical\.log.*
++.br
++
++.br
++.B zarafa_ical_var_run_t
++
++ /var/run/zarafa-ical\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60876,56 +97848,86 @@ index 0000000..8206c6b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/ypxfr_selinux.8 b/man/man8/ypxfr_selinux.8
++selinux(8), zarafa_ical(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_indexer_selinux.8 b/man/man8/zarafa_indexer_selinux.8
new file mode 100644
-index 0000000..a5abcec
+index 0000000..b4ea945
--- /dev/null
-+++ b/man/man8/ypxfr_selinux.8
-@@ -0,0 +1,85 @@
-+.TH "ypxfr_selinux" "8" "ypxfr" "dwalsh at redhat.com" "ypxfr SELinux Policy documentation"
++++ b/man/man8/zarafa_indexer_selinux.8
+@@ -0,0 +1,145 @@
++.TH "zarafa_indexer_selinux" "8" "zarafa_indexer" "dwalsh at redhat.com" "zarafa_indexer SELinux Policy documentation"
+.SH "NAME"
-+ypxfr_selinux \- Security Enhanced Linux Policy for the ypxfr processes
++zarafa_indexer_selinux \- Security Enhanced Linux Policy for the zarafa_indexer processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ypxfr processes via flexible mandatory access
++Security-Enhanced Linux secures the zarafa_indexer processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_indexer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the zarafa_indexer_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux ypxfr policy is very flexible allowing users to setup their ypxfr processes in as secure a method as possible.
++SELinux zarafa_indexer policy is very flexible allowing users to setup their zarafa_indexer processes in as secure a method as possible.
+.PP
-+The following file types are defined for ypxfr:
++The following file types are defined for zarafa_indexer:
+
+
+.EX
+.PP
-+.B ypxfr_exec_t
++.B zarafa_indexer_exec_t
+.EE
+
-+- Set files with the ypxfr_exec_t type, if you want to transition an executable to the ypxfr_t domain.
++- Set files with the zarafa_indexer_exec_t type, if you want to transition an executable to the zarafa_indexer_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/yp/ypxfr, /usr/sbin/rpc\.ypxfrd
+
+.EX
+.PP
-+.B ypxfr_var_run_t
++.B zarafa_indexer_log_t
+.EE
+
-+- Set files with the ypxfr_var_run_t type, if you want to store the ypxfr files under the /run directory.
++- Set files with the zarafa_indexer_log_t type, if you want to treat the data as zarafa indexer log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B zarafa_indexer_tmp_t
++.EE
++
++- Set files with the zarafa_indexer_tmp_t type, if you want to store zarafa indexer temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B zarafa_indexer_var_run_t
++.EE
++
++- Set files with the zarafa_indexer_var_run_t type, if you want to store the zarafa indexer files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/zarafa-indexer\.pid, /var/run/zarafa-indexer
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -60940,18 +97942,48 @@ index 0000000..a5abcec
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux ypxfr policy is very flexible allowing users to setup their ypxfr processes in as secure a method as possible.
++SELinux zarafa_indexer policy is very flexible allowing users to setup their zarafa_indexer processes in as secure a method as possible.
+.PP
-+The following process types are defined for ypxfr:
++The following process types are defined for zarafa_indexer:
+
+.EX
-+.B ypxfr_t
++.B zarafa_indexer_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_indexer_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_indexer_log_t
++
++ /var/log/zarafa/indexer\.log.*
++.br
++
++.br
++.B zarafa_indexer_tmp_t
++
++
++.br
++.B zarafa_indexer_var_run_t
++
++ /var/run/zarafa-indexer
++.br
++ /var/run/zarafa-indexer\.pid
++.br
++
++.br
++.B zarafa_var_lib_t
++
++ /var/lib/zarafa(/.*)?
++.br
++ /var/lib/zarafa-webaccess(/.*)?
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -60967,56 +97999,38 @@ index 0000000..a5abcec
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/zabbix_selinux.8 b/man/man8/zabbix_selinux.8
++selinux(8), zarafa_indexer(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_monitor_selinux.8 b/man/man8/zarafa_monitor_selinux.8
new file mode 100644
-index 0000000..583271e
+index 0000000..6f99918
--- /dev/null
-+++ b/man/man8/zabbix_selinux.8
-@@ -0,0 +1,210 @@
-+.TH "zabbix_selinux" "8" "zabbix" "dwalsh at redhat.com" "zabbix SELinux Policy documentation"
++++ b/man/man8/zarafa_monitor_selinux.8
+@@ -0,0 +1,119 @@
++.TH "zarafa_monitor_selinux" "8" "zarafa_monitor" "dwalsh at redhat.com" "zarafa_monitor SELinux Policy documentation"
+.SH "NAME"
-+zabbix_selinux \- Security Enhanced Linux Policy for the zabbix processes
++zarafa_monitor_selinux \- Security Enhanced Linux Policy for the zarafa_monitor processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zabbix processes via flexible mandatory access
++Security-Enhanced Linux secures the zarafa_monitor processes via flexible mandatory access
+control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. zabbix policy is extremely flexible and has several booleans that allow you to manipulate the policy and run zabbix with the tightest access possible.
-+
-+
-+.PP
-+If you want to allow zabbix to connect to unreserved ports, you must turn on the zabbix_can_network boolean.
-+
-+.EX
-+.B setsebool -P zabbix_can_network 1
-+.EE
-+
-+.PP
-+If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
-+
-+.EX
-+.B setsebool -P httpd_can_connect_zabbix 1
-+.EE
-+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zabbix_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_monitor_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the zabbix_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the zarafa_monitor_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -61025,81 +98039,33 @@ index 0000000..583271e
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
++SELinux zarafa_monitor policy is very flexible allowing users to setup their zarafa_monitor processes in as secure a method as possible.
+.PP
-+The following file types are defined for zabbix:
-+
-+
-+.EX
-+.PP
-+.B zabbix_agent_exec_t
-+.EE
-+
-+- Set files with the zabbix_agent_exec_t type, if you want to transition an executable to the zabbix_agent_t domain.
-+
-+
-+.EX
-+.PP
-+.B zabbix_agent_initrc_exec_t
-+.EE
-+
-+- Set files with the zabbix_agent_initrc_exec_t type, if you want to transition an executable to the zabbix_agent_initrc_t domain.
-+
-+
-+.EX
-+.PP
-+.B zabbix_exec_t
-+.EE
-+
-+- Set files with the zabbix_exec_t type, if you want to transition an executable to the zabbix_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server_sqlite3, /usr/sbin/zabbix_server_mysql, /usr/(s)?bin/zabbix_server
-+
-+.EX
-+.PP
-+.B zabbix_initrc_exec_t
-+.EE
-+
-+- Set files with the zabbix_initrc_exec_t type, if you want to transition an executable to the zabbix_initrc_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/zabbix
-+
-+.EX
-+.PP
-+.B zabbix_log_t
-+.EE
-+
-+- Set files with the zabbix_log_t type, if you want to treat the data as zabbix log data, usually stored under the /var/log directory.
++The following file types are defined for zarafa_monitor:
+
+
+.EX
+.PP
-+.B zabbix_tmp_t
++.B zarafa_monitor_exec_t
+.EE
+
-+- Set files with the zabbix_tmp_t type, if you want to store zabbix temporary files in the /tmp directories.
++- Set files with the zarafa_monitor_exec_t type, if you want to transition an executable to the zarafa_monitor_t domain.
+
+
+.EX
+.PP
-+.B zabbix_tmpfs_t
++.B zarafa_monitor_log_t
+.EE
+
-+- Set files with the zabbix_tmpfs_t type, if you want to store zabbix files on a tmpfs file system.
++- Set files with the zarafa_monitor_log_t type, if you want to treat the data as zarafa monitor log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B zabbix_var_run_t
++.B zarafa_monitor_var_run_t
+.EE
+
-+- Set files with the zabbix_var_run_t type, if you want to store the zabbix files under the /run directory.
++- Set files with the zarafa_monitor_var_run_t type, if you want to store the zarafa monitor files under the /run directory.
+
+
+.PP
@@ -61109,58 +98075,40 @@ index 0000000..583271e
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
-+.PP
-+The following port types are defined for zabbix:
-+
-+.EX
-+.TP 5
-+.B zabbix_agent_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 10050
-+.EE
-+
-+.EX
-+.TP 5
-+.B zabbix_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 10051
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible.
++SELinux zarafa_monitor policy is very flexible allowing users to setup their zarafa_monitor processes in as secure a method as possible.
+.PP
-+The following process types are defined for zabbix:
++The following process types are defined for zarafa_monitor:
+
+.EX
-+.B zabbix_agent_t, zabbix_t
++.B zarafa_monitor_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_monitor_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_monitor_log_t
++
++ /var/log/zarafa/monitor\.log.*
++.br
++
++.br
++.B zarafa_monitor_var_run_t
++
++ /var/run/zarafa-monitor\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -61171,51 +98119,43 @@ index 0000000..583271e
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), zabbix(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/zarafa_selinux.8 b/man/man8/zarafa_selinux.8
++selinux(8), zarafa_monitor(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_server_selinux.8 b/man/man8/zarafa_server_selinux.8
new file mode 100644
-index 0000000..3937f44
+index 0000000..259db27
--- /dev/null
-+++ b/man/man8/zarafa_selinux.8
-@@ -0,0 +1,333 @@
-+.TH "zarafa_selinux" "8" "zarafa" "dwalsh at redhat.com" "zarafa SELinux Policy documentation"
++++ b/man/man8/zarafa_server_selinux.8
+@@ -0,0 +1,145 @@
++.TH "zarafa_server_selinux" "8" "zarafa_server" "dwalsh at redhat.com" "zarafa_server SELinux Policy documentation"
+.SH "NAME"
-+zarafa_selinux \- Security Enhanced Linux Policy for the zarafa processes
++zarafa_server_selinux \- Security Enhanced Linux Policy for the zarafa_server processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zarafa processes via flexible mandatory access
++Security-Enhanced Linux secures the zarafa_server processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_deliver_t, zarafa_spooler_t, zarafa_gateway_t, zarafa_ical_t, zarafa_server_t, zarafa_monitor_t, zarafa_indexer_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_server_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the zarafa_deliver_t, zarafa_spooler_t, zarafa_gateway_t, zarafa_ical_t, zarafa_server_t, zarafa_monitor_t, zarafa_indexer_t, you must turn on the kerberos_enabled boolean.
++If you want to allow confined applications to run with kerberos for the zarafa_server_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -61224,201 +98164,160 @@ index 0000000..3937f44
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
++SELinux zarafa_server policy is very flexible allowing users to setup their zarafa_server processes in as secure a method as possible.
+.PP
-+The following file types are defined for zarafa:
++The following file types are defined for zarafa_server:
+
+
+.EX
+.PP
-+.B zarafa_deliver_exec_t
-+.EE
-+
-+- Set files with the zarafa_deliver_exec_t type, if you want to transition an executable to the zarafa_deliver_t domain.
-+
-+
-+.EX
-+.PP
-+.B zarafa_deliver_log_t
++.B zarafa_server_exec_t
+.EE
+
-+- Set files with the zarafa_deliver_log_t type, if you want to treat the data as zarafa deliver log data, usually stored under the /var/log directory.
++- Set files with the zarafa_server_exec_t type, if you want to transition an executable to the zarafa_server_t domain.
+
+
+.EX
+.PP
-+.B zarafa_deliver_tmp_t
++.B zarafa_server_log_t
+.EE
+
-+- Set files with the zarafa_deliver_tmp_t type, if you want to store zarafa deliver temporary files in the /tmp directories.
++- Set files with the zarafa_server_log_t type, if you want to treat the data as zarafa server log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
-+.B zarafa_deliver_var_run_t
++.B zarafa_server_tmp_t
+.EE
+
-+- Set files with the zarafa_deliver_var_run_t type, if you want to store the zarafa deliver files under the /run directory.
++- Set files with the zarafa_server_tmp_t type, if you want to store zarafa server temporary files in the /tmp directories.
+
+
+.EX
+.PP
-+.B zarafa_etc_t
++.B zarafa_server_var_run_t
+.EE
+
-+- Set files with the zarafa_etc_t type, if you want to store zarafa files in the /etc directories.
++- Set files with the zarafa_server_var_run_t type, if you want to store the zarafa server files under the /run directory.
+
++.br
++.TP 5
++Paths:
++/var/run/zarafa, /var/run/zarafa-server\.pid
+
-+.EX
+.PP
-+.B zarafa_gateway_exec_t
-+.EE
-+
-+- Set files with the zarafa_gateway_exec_t type, if you want to transition an executable to the zarafa_gateway_t domain.
-+
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
+
-+.EX
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+.B zarafa_gateway_log_t
-+.EE
-+
-+- Set files with the zarafa_gateway_log_t type, if you want to treat the data as zarafa gateway log data, usually stored under the /var/log directory.
-+
-+
-+.EX
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
-+.B zarafa_gateway_var_run_t
-+.EE
-+
-+- Set files with the zarafa_gateway_var_run_t type, if you want to store the zarafa gateway files under the /run directory.
-+
++Policy governs the access confined processes have to files.
++SELinux zarafa_server policy is very flexible allowing users to setup their zarafa_server processes in as secure a method as possible.
++.PP
++The following process types are defined for zarafa_server:
+
+.EX
-+.PP
-+.B zarafa_ical_exec_t
++.B zarafa_server_t
+.EE
-+
-+- Set files with the zarafa_ical_exec_t type, if you want to transition an executable to the zarafa_ical_t domain.
-+
-+
-+.EX
+.PP
-+.B zarafa_ical_log_t
-+.EE
-+
-+- Set files with the zarafa_ical_log_t type, if you want to treat the data as zarafa ical log data, usually stored under the /var/log directory.
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
+
-+.EX
-+.PP
-+.B zarafa_ical_var_run_t
-+.EE
++The SELinux user type zarafa_server_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
-+- Set files with the zarafa_ical_var_run_t type, if you want to store the zarafa ical files under the /run directory.
++.br
++.B zarafa_server_log_t
+
++ /var/log/zarafa/server\.log.*
++.br
+
-+.EX
-+.PP
-+.B zarafa_indexer_exec_t
-+.EE
++.br
++.B zarafa_server_tmp_t
+
-+- Set files with the zarafa_indexer_exec_t type, if you want to transition an executable to the zarafa_indexer_t domain.
+
++.br
++.B zarafa_server_var_run_t
+
-+.EX
-+.PP
-+.B zarafa_indexer_log_t
-+.EE
++ /var/run/zarafa
++.br
++ /var/run/zarafa-server\.pid
++.br
+
-+- Set files with the zarafa_indexer_log_t type, if you want to treat the data as zarafa indexer log data, usually stored under the /var/log directory.
++.br
++.B zarafa_var_lib_t
+
++ /var/lib/zarafa(/.*)?
++.br
++ /var/lib/zarafa-webaccess(/.*)?
++.br
+
-+.EX
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
+.PP
-+.B zarafa_indexer_tmp_t
-+.EE
-+
-+- Set files with the zarafa_indexer_tmp_t type, if you want to store zarafa indexer temporary files in the /tmp directories.
-+
-+
-+.EX
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
+.PP
-+.B zarafa_indexer_var_run_t
-+.EE
-+
-+- Set files with the zarafa_indexer_var_run_t type, if you want to store the zarafa indexer files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/zarafa-indexer\.pid, /var/run/zarafa-indexer
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
-+.EX
+.PP
-+.B zarafa_monitor_exec_t
-+.EE
-+
-+- Set files with the zarafa_monitor_exec_t type, if you want to transition an executable to the zarafa_monitor_t domain.
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
+
++.SH AUTHOR
++This manual page was auto-generated by genman.py.
+
-+.EX
-+.PP
-+.B zarafa_monitor_log_t
-+.EE
++.SH "SEE ALSO"
++selinux(8), zarafa_server(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/zarafa_spooler_selinux.8 b/man/man8/zarafa_spooler_selinux.8
+new file mode 100644
+index 0000000..6c02d27
+--- /dev/null
++++ b/man/man8/zarafa_spooler_selinux.8
+@@ -0,0 +1,119 @@
++.TH "zarafa_spooler_selinux" "8" "zarafa_spooler" "dwalsh at redhat.com" "zarafa_spooler SELinux Policy documentation"
++.SH "NAME"
++zarafa_spooler_selinux \- Security Enhanced Linux Policy for the zarafa_spooler processes
++.SH "DESCRIPTION"
+
-+- Set files with the zarafa_monitor_log_t type, if you want to treat the data as zarafa monitor log data, usually stored under the /var/log directory.
++Security-Enhanced Linux secures the zarafa_spooler processes via flexible mandatory access
++control.
+
++.SH NSSWITCH DOMAIN
+
-+.EX
+.PP
-+.B zarafa_monitor_var_run_t
-+.EE
-+
-+- Set files with the zarafa_monitor_var_run_t type, if you want to store the zarafa monitor files under the /run directory.
-+
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zarafa_spooler_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+.PP
-+.B zarafa_server_exec_t
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
-+- Set files with the zarafa_server_exec_t type, if you want to transition an executable to the zarafa_server_t domain.
-+
-+
-+.EX
+.PP
-+.B zarafa_server_log_t
-+.EE
-+
-+- Set files with the zarafa_server_log_t type, if you want to treat the data as zarafa server log data, usually stored under the /var/log directory.
-+
++If you want to allow confined applications to run with kerberos for the zarafa_spooler_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+.PP
-+.B zarafa_server_tmp_t
++.B setsebool -P kerberos_enabled 1
+.EE
+
-+- Set files with the zarafa_server_tmp_t type, if you want to store zarafa server temporary files in the /tmp directories.
-+
-+
-+.EX
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
+.PP
-+.B zarafa_server_var_run_t
-+.EE
-+
-+- Set files with the zarafa_server_var_run_t type, if you want to store the zarafa server files under the /run directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/run/zarafa, /var/run/zarafa-server\.pid
-+
-+.EX
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+.B zarafa_share_t
-+.EE
-+
-+- Set files with the zarafa_share_t type, if you want to treat the files as zarafa share data.
++Policy governs the access confined processes have to these files.
++SELinux zarafa_spooler policy is very flexible allowing users to setup their zarafa_spooler processes in as secure a method as possible.
++.PP
++The following file types are defined for zarafa_spooler:
+
+
+.EX
@@ -61445,18 +98344,6 @@ index 0000000..3937f44
+- Set files with the zarafa_spooler_var_run_t type, if you want to store the zarafa spooler files under the /run directory.
+
+
-+.EX
-+.PP
-+.B zarafa_var_lib_t
-+.EE
-+
-+- Set files with the zarafa_var_lib_t type, if you want to store the zarafa files under the /var/lib directory.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/zarafa-webaccess(/.*)?, /var/lib/zarafa(/.*)?
-+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
@@ -61464,47 +98351,40 @@ index 0000000..3937f44
+.B restorecon
+to apply the labels.
+
-+.SH PORT TYPES
-+SELinux defines port types to represent TCP and UDP ports.
-+.PP
-+You can see the types associated with a port by using the following command:
-+
-+.B semanage port -l
-+
-+.PP
-+Policy governs the access confined processes have to these ports.
-+SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
-+.PP
-+The following port types are defined for zarafa:
-+
-+.EX
-+.TP 5
-+.B zarafa_port_t
-+.TP 10
-+.EE
-+
-+
-+Default Defined Ports:
-+tcp 236,237
-+.EE
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
++SELinux zarafa_spooler policy is very flexible allowing users to setup their zarafa_spooler processes in as secure a method as possible.
+.PP
-+The following process types are defined for zarafa:
++The following process types are defined for zarafa_spooler:
+
+.EX
-+.B zarafa_gateway_t, zarafa_spooler_t, zarafa_deliver_t, zarafa_monitor_t, zarafa_indexer_t, zarafa_server_t, zarafa_ical_t
++.B zarafa_spooler_t
+.EE
+.PP
+Note:
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zarafa_spooler_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zarafa_spooler_log_t
++
++ /var/log/zarafa/spooler\.log.*
++.br
++
++.br
++.B zarafa_spooler_var_run_t
++
++ /var/run/zarafa-spooler\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -61515,24 +98395,21 @@ index 0000000..3937f44
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
-+.B semanage port
-+can also be used to manipulate the port definitions
-+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_spooler(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/zebra_selinux.8 b/man/man8/zebra_selinux.8
new file mode 100644
-index 0000000..29db127
+index 0000000..ee7db30
--- /dev/null
+++ b/man/man8/zebra_selinux.8
-@@ -0,0 +1,176 @@
+@@ -0,0 +1,198 @@
+.TH "zebra_selinux" "8" "zebra" "dwalsh at redhat.com" "zebra SELinux Policy documentation"
+.SH "NAME"
+zebra_selinux \- Security Enhanced Linux Policy for the zebra processes
@@ -61611,7 +98488,7 @@ index 0000000..29db127
+.br
+.TP 5
+Paths:
-+/var/log/quagga(/.*)?, /var/log/zebra(/.*)?
++/var/log/zebra(/.*)?, /var/log/quagga(/.*)?
+
+.EX
+.PP
@@ -61683,6 +98560,28 @@ index 0000000..29db127
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zebra_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zebra_log_t
++
++ /var/log/zebra(/.*)?
++.br
++ /var/log/quagga(/.*)?
++.br
++
++.br
++.B zebra_var_run_t
++
++ /var/run/quagga(/.*)?
++.br
++ /var/run/\.zebra
++.br
++ /var/run/\.zserv
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -61704,7 +98603,7 @@ index 0000000..29db127
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
+selinux(8), zebra(8), semanage(8), restorecon(8), chcon(1)
@@ -61712,10 +98611,10 @@ index 0000000..29db127
\ No newline at end of file
diff --git a/man/man8/zoneminder_selinux.8 b/man/man8/zoneminder_selinux.8
new file mode 100644
-index 0000000..810320c
+index 0000000..1c49e32
--- /dev/null
+++ b/man/man8/zoneminder_selinux.8
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,213 @@
+.TH "zoneminder_selinux" "8" "zoneminder" "dwalsh at redhat.com" "zoneminder SELinux Policy documentation"
+.SH "NAME"
+zoneminder_selinux \- Security Enhanced Linux Policy for the zoneminder processes
@@ -61730,14 +98629,14 @@ index 0000000..810320c
+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zoneminder_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
+If you want to allow confined applications to run with kerberos for the zoneminder_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH SHARING FILES
@@ -61836,6 +98735,10 @@ index 0000000..810320c
+
+- Set files with the zoneminder_var_lib_t type, if you want to store the zoneminder files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/zoneminder(/.*)?, /var/motion(/.*)?
+
+.EX
+.PP
@@ -61870,6 +98773,42 @@ index 0000000..810320c
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zoneminder_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B zoneminder_log_t
++
++ /var/log/motion\.log.*
++.br
++ /var/log/zoneminder(/.*)?
++.br
++
++.br
++.B zoneminder_spool_t
++
++ /var/spool/zoneminder-upload(/.*)?
++.br
++
++.br
++.B zoneminder_tmpfs_t
++
++
++.br
++.B zoneminder_var_lib_t
++
++ /var/motion(/.*)?
++.br
++ /var/lib/zoneminder(/.*)?
++.br
++
++.br
++.B zoneminder_var_run_t
++
++ /var/run/motion\.pid
++.br
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -61885,22 +98824,22 @@ index 0000000..810320c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
+selinux(8), zoneminder(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/zos_selinux.8 b/man/man8/zos_selinux.8
+diff --git a/man/man8/zos_remote_selinux.8 b/man/man8/zos_remote_selinux.8
new file mode 100644
-index 0000000..ec9a6d7
+index 0000000..d842792
--- /dev/null
-+++ b/man/man8/zos_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "zos_selinux" "8" "zos" "dwalsh at redhat.com" "zos SELinux Policy documentation"
++++ b/man/man8/zos_remote_selinux.8
+@@ -0,0 +1,95 @@
++.TH "zos_remote_selinux" "8" "zos_remote" "dwalsh at redhat.com" "zos_remote SELinux Policy documentation"
+.SH "NAME"
-+zos_selinux \- Security Enhanced Linux Policy for the zos processes
++zos_remote_selinux \- Security Enhanced Linux Policy for the zos_remote processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zos processes via flexible mandatory access
++Security-Enhanced Linux secures the zos_remote processes via flexible mandatory access
+control.
+
+.SH NSSWITCH DOMAIN
@@ -61909,14 +98848,14 @@ index 0000000..ec9a6d7
+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the zos_remote_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
-+setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
+If you want to allow confined applications to run with kerberos for the zos_remote_t, you must turn on the kerberos_enabled boolean.
+
+.EX
-+setsebool -P kerberos_enabled 1
++.B setsebool -P kerberos_enabled 1
+.EE
+
+.SH FILE CONTEXTS
@@ -61925,9 +98864,9 @@ index 0000000..ec9a6d7
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux zos policy is very flexible allowing users to setup their zos processes in as secure a method as possible.
++SELinux zos_remote policy is very flexible allowing users to setup their zos_remote processes in as secure a method as possible.
+.PP
-+The following file types are defined for zos:
++The following file types are defined for zos_remote:
+
+
+.EX
@@ -61955,9 +98894,9 @@ index 0000000..ec9a6d7
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux zos policy is very flexible allowing users to setup their zos processes in as secure a method as possible.
++SELinux zos_remote policy is very flexible allowing users to setup their zos_remote processes in as secure a method as possible.
+.PP
-+The following process types are defined for zos:
++The following process types are defined for zos_remote:
+
+.EX
+.B zos_remote_t
@@ -61967,6 +98906,10 @@ index 0000000..ec9a6d7
+.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
++.SH "MANAGED FILES"
++
++The SELinux user type zos_remote_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -61982,10 +98925,10 @@ index 0000000..ec9a6d7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was auto-generated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), zos(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zos_remote(8), semanage(8), restorecon(8), chcon(1)
diff --git a/policy/constraints b/policy/constraints
index 3a45f23..f4754f0 100644
--- a/policy/constraints
@@ -79367,7 +116310,7 @@ index 130ced9..1b31c76 100644
+ files_search_tmp($1)
+')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index d40f750..29cb626 100644
+index d40f750..ebb4cae 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -26,27 +26,50 @@ gen_require(`
@@ -80098,7 +117041,7 @@ index d40f750..29cb626 100644
hostname_exec(xdm_t)
')
-@@ -537,28 +802,69 @@ optional_policy(`
+@@ -537,28 +802,70 @@ optional_policy(`
')
optional_policy(`
@@ -80124,6 +117067,7 @@ index d40f750..29cb626 100644
+ pulseaudio_exec(xdm_t)
+ pulseaudio_dbus_chat(xdm_t)
+ pulseaudio_stream_connect(xdm_t)
++ pulseaudio_read_state(xserver_t)
+')
+
+optional_policy(`
@@ -80177,7 +117121,7 @@ index d40f750..29cb626 100644
')
optional_policy(`
-@@ -570,6 +876,14 @@ optional_policy(`
+@@ -570,6 +877,14 @@ optional_policy(`
')
optional_policy(`
@@ -80192,7 +117136,7 @@ index d40f750..29cb626 100644
xfs_stream_connect(xdm_t)
')
-@@ -594,8 +908,11 @@ allow xserver_t input_xevent_t:x_event send;
+@@ -594,8 +909,11 @@ allow xserver_t input_xevent_t:x_event send;
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -80205,7 +117149,7 @@ index d40f750..29cb626 100644
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:fd use;
allow xserver_t self:fifo_file rw_fifo_file_perms;
-@@ -608,8 +925,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
+@@ -608,8 +926,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -80221,7 +117165,7 @@ index d40f750..29cb626 100644
manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-@@ -628,12 +952,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
+@@ -628,12 +953,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -80243,7 +117187,7 @@ index d40f750..29cb626 100644
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -641,12 +972,12 @@ kernel_read_modprobe_sysctls(xserver_t)
+@@ -641,12 +973,12 @@ kernel_read_modprobe_sysctls(xserver_t)
# Xorg wants to check if kernel is tainted
kernel_read_kernel_sysctls(xserver_t)
kernel_write_proc_files(xserver_t)
@@ -80257,7 +117201,7 @@ index d40f750..29cb626 100644
corenet_all_recvfrom_netlabel(xserver_t)
corenet_tcp_sendrecv_generic_if(xserver_t)
corenet_udp_sendrecv_generic_if(xserver_t)
-@@ -667,23 +998,28 @@ dev_rw_apm_bios(xserver_t)
+@@ -667,23 +999,28 @@ dev_rw_apm_bios(xserver_t)
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -80289,7 +117233,7 @@ index d40f750..29cb626 100644
# brought on by rhgb
files_search_mnt(xserver_t)
-@@ -694,8 +1030,13 @@ fs_getattr_xattr_fs(xserver_t)
+@@ -694,8 +1031,13 @@ fs_getattr_xattr_fs(xserver_t)
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -80303,7 +117247,7 @@ index d40f750..29cb626 100644
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -708,8 +1049,6 @@ init_getpgid(xserver_t)
+@@ -708,8 +1050,6 @@ init_getpgid(xserver_t)
term_setattr_unallocated_ttys(xserver_t)
term_use_unallocated_ttys(xserver_t)
@@ -80312,7 +117256,7 @@ index d40f750..29cb626 100644
locallogin_use_fds(xserver_t)
logging_send_syslog_msg(xserver_t)
-@@ -717,11 +1056,12 @@ logging_send_audit_msgs(xserver_t)
+@@ -717,11 +1057,12 @@ logging_send_audit_msgs(xserver_t)
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -80327,7 +117271,7 @@ index d40f750..29cb626 100644
userdom_search_user_home_dirs(xserver_t)
userdom_use_user_ttys(xserver_t)
-@@ -775,16 +1115,40 @@ optional_policy(`
+@@ -775,16 +1116,40 @@ optional_policy(`
')
optional_policy(`
@@ -80369,7 +117313,7 @@ index d40f750..29cb626 100644
unconfined_domtrans(xserver_t)
')
-@@ -793,6 +1157,10 @@ optional_policy(`
+@@ -793,6 +1158,10 @@ optional_policy(`
')
optional_policy(`
@@ -80380,7 +117324,7 @@ index d40f750..29cb626 100644
xfs_stream_connect(xserver_t)
')
-@@ -808,10 +1176,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
+@@ -808,10 +1177,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
# NB we do NOT allow xserver_t xdm_var_lib_t:dir, only access to an open
# handle of a file inside the dir!!!
@@ -80394,7 +117338,7 @@ index d40f750..29cb626 100644
# Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -819,7 +1187,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
+@@ -819,7 +1188,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
# Run xkbcomp.
@@ -80403,7 +117347,7 @@ index d40f750..29cb626 100644
can_exec(xserver_t, xkb_var_lib_t)
# VNC v4 module in X server
-@@ -832,26 +1200,21 @@ init_use_fds(xserver_t)
+@@ -832,26 +1201,21 @@ init_use_fds(xserver_t)
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -80438,7 +117382,7 @@ index d40f750..29cb626 100644
')
optional_policy(`
-@@ -859,6 +1222,10 @@ optional_policy(`
+@@ -859,6 +1223,10 @@ optional_policy(`
rhgb_rw_tmpfs_files(xserver_t)
')
@@ -80449,7 +117393,7 @@ index d40f750..29cb626 100644
########################################
#
# Rules common to all X window domains
-@@ -902,7 +1269,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
+@@ -902,7 +1270,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -80458,7 +117402,7 @@ index d40f750..29cb626 100644
# operations allowed on all windows
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
-@@ -956,11 +1323,31 @@ allow x_domain self:x_resource { read write };
+@@ -956,11 +1324,31 @@ allow x_domain self:x_resource { read write };
# can mess with the screensaver
allow x_domain xserver_t:x_screen { getattr saver_getattr };
@@ -80490,7 +117434,7 @@ index d40f750..29cb626 100644
tunable_policy(`! xserver_object_manager',`
# should be xserver_unconfined(x_domain),
# but typeattribute doesnt work in conditionals
-@@ -982,18 +1369,44 @@ tunable_policy(`! xserver_object_manager',`
+@@ -982,18 +1370,44 @@ tunable_policy(`! xserver_object_manager',`
allow x_domain xevent_type:{ x_event x_synthetic_event } *;
')
@@ -84542,7 +121486,7 @@ index 0d4c8d3..9d66bf7 100644
########################################
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
-index a30840c..1035cf4 100644
+index a30840c..14e9dd5 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -73,13 +73,15 @@ role system_r types setkey_t;
@@ -84562,7 +121506,15 @@ index a30840c..1035cf4 100644
allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
-@@ -127,20 +129,21 @@ corecmd_exec_shell(ipsec_t)
+@@ -113,6 +115,7 @@ allow ipsec_mgmt_t ipsec_t:unix_stream_socket { read write };
+ allow ipsec_mgmt_t ipsec_t:process { rlimitinh sigchld };
+
+ kernel_read_kernel_sysctls(ipsec_t)
++kernel_read_net_sysctls(ipsec_t)
+ kernel_list_proc(ipsec_t)
+ kernel_read_proc_symlinks(ipsec_t)
+ # allow pluto to access /proc/net/ipsec_eroute;
+@@ -127,20 +130,21 @@ corecmd_exec_shell(ipsec_t)
corecmd_exec_bin(ipsec_t)
# Pluto needs network access
@@ -84591,7 +121543,7 @@ index a30840c..1035cf4 100644
dev_read_sysfs(ipsec_t)
dev_read_rand(ipsec_t)
-@@ -156,6 +159,8 @@ files_dontaudit_search_home(ipsec_t)
+@@ -156,6 +160,8 @@ files_dontaudit_search_home(ipsec_t)
fs_getattr_all_fs(ipsec_t)
fs_search_auto_mountpoints(ipsec_t)
@@ -84600,7 +121552,7 @@ index a30840c..1035cf4 100644
term_use_console(ipsec_t)
term_dontaudit_use_all_ttys(ipsec_t)
-@@ -164,11 +169,14 @@ auth_use_nsswitch(ipsec_t)
+@@ -164,11 +170,14 @@ auth_use_nsswitch(ipsec_t)
init_use_fds(ipsec_t)
init_use_script_ptys(ipsec_t)
@@ -84615,7 +121567,7 @@ index a30840c..1035cf4 100644
userdom_dontaudit_use_unpriv_user_fds(ipsec_t)
userdom_dontaudit_search_user_home_dirs(ipsec_t)
-@@ -186,9 +194,9 @@ optional_policy(`
+@@ -186,9 +195,9 @@ optional_policy(`
# ipsec_mgmt Local policy
#
@@ -84628,7 +121580,7 @@ index a30840c..1035cf4 100644
allow ipsec_mgmt_t self:unix_stream_socket create_stream_socket_perms;
allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
allow ipsec_mgmt_t self:udp_socket create_socket_perms;
-@@ -245,6 +253,16 @@ kernel_read_kernel_sysctls(ipsec_mgmt_t)
+@@ -245,6 +254,16 @@ kernel_read_kernel_sysctls(ipsec_mgmt_t)
kernel_getattr_core_if(ipsec_mgmt_t)
kernel_getattr_message_if(ipsec_mgmt_t)
@@ -84645,7 +121597,7 @@ index a30840c..1035cf4 100644
files_read_kernel_symbol_table(ipsec_mgmt_t)
files_getattr_kernel_modules(ipsec_mgmt_t)
-@@ -254,6 +272,8 @@ files_getattr_kernel_modules(ipsec_mgmt_t)
+@@ -254,6 +273,8 @@ files_getattr_kernel_modules(ipsec_mgmt_t)
corecmd_exec_bin(ipsec_mgmt_t)
corecmd_exec_shell(ipsec_mgmt_t)
@@ -84654,7 +121606,7 @@ index a30840c..1035cf4 100644
dev_read_rand(ipsec_mgmt_t)
dev_read_urand(ipsec_mgmt_t)
-@@ -277,9 +297,10 @@ fs_getattr_xattr_fs(ipsec_mgmt_t)
+@@ -277,9 +298,10 @@ fs_getattr_xattr_fs(ipsec_mgmt_t)
fs_list_tmpfs(ipsec_mgmt_t)
term_use_console(ipsec_mgmt_t)
@@ -84666,7 +121618,7 @@ index a30840c..1035cf4 100644
init_read_utmp(ipsec_mgmt_t)
init_use_script_ptys(ipsec_mgmt_t)
-@@ -297,7 +318,12 @@ sysnet_manage_config(ipsec_mgmt_t)
+@@ -297,7 +319,12 @@ sysnet_manage_config(ipsec_mgmt_t)
sysnet_domtrans_ifconfig(ipsec_mgmt_t)
sysnet_etc_filetrans_config(ipsec_mgmt_t)
@@ -84680,7 +121632,7 @@ index a30840c..1035cf4 100644
optional_policy(`
consoletype_exec(ipsec_mgmt_t)
-@@ -369,13 +395,12 @@ kernel_request_load_module(racoon_t)
+@@ -369,13 +396,12 @@ kernel_request_load_module(racoon_t)
corecmd_exec_shell(racoon_t)
corecmd_exec_bin(racoon_t)
@@ -84700,7 +121652,7 @@ index a30840c..1035cf4 100644
corenet_udp_bind_isakmp_port(racoon_t)
corenet_udp_bind_ipsecnat_port(racoon_t)
-@@ -404,6 +429,8 @@ miscfiles_read_localization(racoon_t)
+@@ -404,6 +430,8 @@ miscfiles_read_localization(racoon_t)
sysnet_exec_ifconfig(racoon_t)
@@ -84709,7 +121661,7 @@ index a30840c..1035cf4 100644
auth_can_read_shadow_passwords(racoon_t)
tunable_policy(`racoon_read_shadow',`
auth_tunable_read_shadow(racoon_t)
-@@ -441,5 +468,6 @@ miscfiles_read_localization(setkey_t)
+@@ -441,5 +469,6 @@ miscfiles_read_localization(setkey_t)
seutil_read_config(setkey_t)
diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index 90e5683..74eae57 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -7900,10 +7900,10 @@ index 0000000..efebae7
+')
diff --git a/chrome.te b/chrome.te
new file mode 100644
-index 0000000..504b857
+index 0000000..f45aef3
--- /dev/null
+++ b/chrome.te
-@@ -0,0 +1,184 @@
+@@ -0,0 +1,185 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -8053,6 +8053,7 @@ index 0000000..504b857
+allow chrome_sandbox_nacl_t self:unix_dgram_socket { create_socket_perms sendto };
+allow chrome_sandbox_nacl_t chrome_sandbox_t:unix_stream_socket { getattr write read };
+allow chrome_sandbox_t chrome_sandbox_nacl_t:unix_stream_socket { getattr write read };
++allow chrome_sandbox_nacl_t chrome_sandbox_t:unix_dgram_socket { read write };
+
+allow chrome_sandbox_nacl_t chrome_sandbox_t:shm rw_shm_perms;
+allow chrome_sandbox_nacl_t chrome_sandbox_tmpfs_t:file rw_inherited_file_perms;
@@ -21741,7 +21742,7 @@ index 00a19e3..17006fc 100644
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff --git a/gnome.if b/gnome.if
-index f5afe78..5701c86 100644
+index f5afe78..a5a95df 100644
--- a/gnome.if
+++ b/gnome.if
@@ -1,44 +1,956 @@
@@ -22973,7 +22974,7 @@ index f5afe78..5701c86 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -140,51 +1186,283 @@ interface(`gnome_domtrans_gconfd',`
+@@ -140,51 +1186,274 @@ interface(`gnome_domtrans_gconfd',`
## </summary>
## </param>
#
@@ -23159,7 +23160,6 @@ index f5afe78..5701c86 100644
+gen_require(`
+ type config_home_t;
+ type cache_home_t;
-+ type gstreamer_home_t;
+ type gconf_home_t;
+ type gnome_home_t;
+ type data_home_t, icc_data_home_t;
@@ -23176,14 +23176,6 @@ index f5afe78..5701c86 100644
+ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
+ userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local")
+ userdom_user_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".orc")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-0.12")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-0.10")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".grl-bookmarks")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".grl-metadata-store")
-+ userdom_user_home_dir_filetrans($1, gstreamer_home_t, file, ".grl-podcasts")
+
+ # ~/.color/icc: legacy
+ userdom_user_home_content_filetrans($1, icc_data_home_t, dir, "icc")
@@ -23191,7 +23183,7 @@ index f5afe78..5701c86 100644
+ filetrans_pattern($1, gconf_home_t, data_home_t, dir, "share")
+ filetrans_pattern($1, data_home_t, icc_data_home_t, dir, "icc")
+ userdom_user_tmp_filetrans($1, config_home_t, dir, "dconf")
-+ userdom_user_tmp_filetrans($1, gstreamer_home_t, dir, ".orc")
++ gnome_filetrans_gstreamer_home_content($1)
+')
+
+########################################
@@ -46045,7 +46037,7 @@ index 84f23dc..5be2738 100644
/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
diff --git a/pulseaudio.if b/pulseaudio.if
-index f40c64d..a3352d3 100644
+index f40c64d..d676e96 100644
--- a/pulseaudio.if
+++ b/pulseaudio.if
@@ -35,6 +35,9 @@ interface(`pulseaudio_role',`
@@ -46073,7 +46065,7 @@ index f40c64d..a3352d3 100644
')
########################################
-@@ -257,4 +262,68 @@ interface(`pulseaudio_manage_home_files',`
+@@ -257,4 +262,87 @@ interface(`pulseaudio_manage_home_files',`
userdom_search_user_home_dirs($1)
manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
@@ -46141,6 +46133,25 @@ index f40c64d..a3352d3 100644
+ userdom_admin_home_dir_filetrans($1, pulseaudio_home_t, dir, ".pulse")
+ userdom_admin_home_dir_filetrans($1, pulseaudio_home_t, file, ".pulse-cookie")
+ userdom_admin_home_dir_filetrans($1, pulseaudio_home_t, file, ".esd_auth")
++')
++
++########################################
++## <summary>
++## Allow the domain to read pulseaudio state files in /proc.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`pulseaudio_read_state',`
++ gen_require(`
++ type pulseaudio_t;
++ ')
++
++ kernel_search_proc($1)
++ ps_process_pattern($1, pulseaudio_t)
')
diff --git a/pulseaudio.te b/pulseaudio.te
index 901ac9b..10dbb29 100644
@@ -49489,7 +49500,7 @@ index 47c4723..64c8889 100644
+')
+
diff --git a/readahead.te b/readahead.te
-index b4ac57e..ef944a4 100644
+index b4ac57e..8a9e0d6 100644
--- a/readahead.te
+++ b/readahead.te
@@ -16,13 +16,14 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
@@ -49522,7 +49533,8 @@ index b4ac57e..ef944a4 100644
kernel_read_system_state(readahead_t)
kernel_dontaudit_getattr_core_if(readahead_t)
- dev_read_sysfs(readahead_t)
+-dev_read_sysfs(readahead_t)
++dev_rw_sysfs(readahead_t)
+dev_read_kmsg(readahead_t)
+dev_write_kmsg(readahead_t)
dev_getattr_generic_chr_files(readahead_t)
@@ -58892,7 +58904,7 @@ index d2496bd..c7614d7 100644
init_labeled_script_domtrans($1, squid_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/squid.te b/squid.te
-index c38de7a..72c7364 100644
+index c38de7a..52addd0 100644
--- a/squid.te
+++ b/squid.te
@@ -29,7 +29,7 @@ type squid_cache_t;
@@ -58981,7 +58993,18 @@ index c38de7a..72c7364 100644
sysnet_dns_name_resolve(httpd_squid_script_t)
-@@ -206,3 +220,29 @@ optional_policy(`
+@@ -192,10 +206,6 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- cron_system_entry(squid_t, squid_exec_t)
+-')
+-
+-optional_policy(`
+ samba_domtrans_winbind_helper(squid_t)
+ ')
+
+@@ -206,3 +216,33 @@ optional_policy(`
optional_policy(`
udev_read_db(squid_t)
')
@@ -59011,6 +59034,10 @@ index c38de7a..72c7364 100644
+files_read_usr_files(squid_cron_t)
+
+miscfiles_read_localization(squid_cron_t)
++
++optional_policy(`
++ cron_system_entry(squid_cron_t, squid_cron_exec_t)
++')
diff --git a/sssd.fc b/sssd.fc
index 4271815..fb5520f 100644
--- a/sssd.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 80622eb..550f559 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.1
-Release: 18%{?dist}
+Release: 19%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -495,6 +495,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Sep 13 2012 Miroslav Grepl <mgreplh at redhat.com> 3.11.1-19
+- Man page fixes by Dan Walsh
+
* Tue Sep 11 2012 Miroslav Grepl <mgreplh at redhat.com> 3.11.1-18
- Allow postalias to read postfix config files
- Allow man2html to read man pages
More information about the scm-commits
mailing list