# allow アクセス元ドメイン アクセス先タイプ : ファイル種別 { 許可するパーミッション } # allow <タイプA> <タイプB>:<クラス> <操作> allow sambagui_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow openvpn_t ldap_client_packet_t : packet { send recv } ; allow radiusd_t ldap_client_packet_t : packet { send recv } ; allow kadmind_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow lsassd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow certmonger_t ldap_port_t : tcp_socket name_connect ; allow netlogond_t ldap_client_packet_t : packet { send recv } ; allow realmd_t ldap_port_t : tcp_socket name_connect ; allow sysadm_t ldap_port_t : tcp_socket name_bind ; allow smbcontrol_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow tomcat_domain ldap_port_t : tcp_socket name_connect ; allow smbcontrol_t ldap_client_packet_t : packet { send recv } ; allow samba_net_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow dirsrv_t ldap_port_t : tcp_socket name_bind ; allow swat_t ldap_client_packet_t : packet { send recv } ; allow radiusd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow samba_net_t ldap_client_packet_t : packet { send recv } ; allow nslcd_t ldap_client_packet_t : packet { send recv } ; allow keystone_t ldap_port_t : tcp_socket name_connect ; allow dovecot_auth_t ldap_client_packet_t : packet { send recv } ; allow dirsrv_t ldap_server_packet_t : packet { send recv } ; allow ftpd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow pki_tps_t ldap_port_t : tcp_socket name_connect ; allow nslcd_t ldap_port_t : tcp_socket name_connect ; allow krb5kdc_t ldap_client_packet_t : packet { send recv } ; allow slapd_t ldap_server_packet_t : packet { send recv } ; allow slapd_t ldap_port_t : tcp_socket name_bind ; allow winbind_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow postgresql_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow smbd_t ldap_client_packet_t : packet { send recv } ; allow netlogond_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow dovecot_auth_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow openvpn_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow kadmind_t ldap_client_packet_t : packet { send recv } ; allow sambagui_t ldap_client_packet_t : packet { send recv } ; allow antivirus_domain ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow postgresql_t ldap_client_packet_t : packet { send recv } ; allow ftpd_t ldap_client_packet_t : packet { send recv } ; allow sssd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow pyicqt_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow pyicqt_t ldap_client_packet_t : packet { send recv } ; allow bacula_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow dirsrvadmin_script_t ldap_port_t : tcp_socket name_connect ; allow winbind_t ldap_client_packet_t : packet { send recv } ; allow bugzilla_script_t ldap_client_packet_t : packet { send recv } ; allow lsassd_t ldap_client_packet_t : packet { send recv } ; allow ipa_helper_t ldap_port_t : tcp_socket name_connect ; allow ipsec_t ldap_port_t : tcp_socket name_connect ; allow bugzilla_script_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow smbd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow pki_tomcat_t ldap_port_t : tcp_socket name_connect ; allow saslauthd_t ldap_port_t : tcp_socket name_connect ; allow krb5kdc_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow bacula_t ldap_client_packet_t : packet { send recv } ; allow swat_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow sssd_t ldap_client_packet_t : packet { send recv } ; allow antivirus_domain ldap_client_packet_t : packet { send recv } ; allow nsswitch_domain ldap_client_packet_t : packet recv ; allow nsswitch_domain ldap_client_packet_t : packet send ; allow nsswitch_domain ldap_port_t : tcp_socket name_connect ; allow nsswitch_domain ldap_port_t : tcp_socket { recv_msg send_msg } ; allow dhcpd_t ldap_port_t : tcp_socket name_connect ; allow dhcpd_t ldap_port_t : tcp_socket { recv_msg send_msg } ; allow httpd_t ldap_port_t : tcp_socket name_connect ; allow dhcpd_t ldap_client_packet_t : packet recv ; allow dhcpd_t ldap_client_packet_t : packet send ; # typeB_tプロセスがtypeA_tファイルを実行したとき子プロセスはtype_Cになる type_transition typeB_t typeA_t:process type_C; type_transition winbind_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition unconfined_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition init_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition init_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition initrc_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition neutron_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition init_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition initrc_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition authconfig_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition unconfined_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition certmonger_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition dirsrv_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition rpm_script_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition dirsrv_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition gssproxy_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition named_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition rpm_script_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition sysadm_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition pegasus_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition slapd_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition realmd_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition pegasus_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition winbind_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition winbind_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition certmonger_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition initrc_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition named_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition pegasus_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition authconfig_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition dirsrv_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition gssproxy_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition puppetagent_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition puppetagent_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition sysadm_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition rpm_script_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition sysadm_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition authconfig_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition gssproxy_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition neutron_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition realmd_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition puppetagent_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition neutron_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition slapd_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition named_t tmp_t : file krb5_host_rcache_t "ldapmap1_0"; type_transition certmonger_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition unconfined_t tmp_t : file krb5_host_rcache_t "ldap_487"; type_transition realmd_t tmp_t : file krb5_host_rcache_t "ldap_55"; type_transition slapd_t tmp_t : file krb5_host_rcache_t "ldap_55";